Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38424e51-d3cc-4fe9-af24-6c48066f7436.roa
File:                     38424e51-d3cc-4fe9-af24-6c48066f7436.roa (raw, json)
Hash identifier:          kGNDh5y+LI/n+LhV8rO4AUR0TqNPXOdeOXXszkT1tvg=
Subject key identifier:   8D:21:99:D3:9E:9F:98:FE:EA:0B:31:E3:96:13:73:B7:7E:61:9C:D9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       78EA25F49EAF458345F1AF29DB9D629B8AF94D18
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38424e51-d3cc-4fe9-af24-6c48066f7436.roa
Signing time:             Fri 03 Oct 2025 00:42:14 +0000
ROA not before:           Fri 03 Oct 2025 00:42:14 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        70.232.64.0/18 maxlen: 18
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:ea:25:f4:9e:af:45:83:45:f1:af:29:db:9d:62:9b:8a:f9:4d:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:42:14 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=61921abb04bb568e0ce639ad5f16467ab21fdc8963c3e926739660098347df80, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:1a:d7:be:e9:c1:80:7a:25:b6:4c:b4:9e:37:
                    de:20:ba:95:8e:98:49:83:d8:ca:01:89:0f:e9:67:
                    0d:b6:bd:72:28:43:1d:f7:23:93:8a:88:bb:7c:3f:
                    dc:29:1c:84:ba:80:ed:ee:59:d9:4b:f3:e8:9f:a2:
                    04:77:a9:fa:80:bd:9b:f6:c8:48:fd:22:bd:11:1c:
                    3c:4d:e8:c3:c8:15:a6:85:2b:c5:4b:8b:85:6d:f7:
                    8e:47:f4:4b:9e:8b:91:00:21:fc:8e:c2:de:be:7d:
                    ab:9b:83:1f:1e:d5:90:6f:5a:d1:25:0c:f4:a8:46:
                    63:30:5b:2e:39:67:0e:66:c6:62:f5:a9:4d:ac:23:
                    85:d4:8e:3e:e6:63:ab:77:09:4c:da:0d:34:8e:90:
                    a0:83:9b:8c:6c:6b:af:8e:10:68:25:15:7e:3a:ef:
                    0e:90:f6:93:92:d4:8e:55:31:22:82:bd:0c:dc:35:
                    25:2f:f3:2e:b4:0f:ff:57:49:2a:c9:51:9d:bc:0f:
                    3e:7f:8f:e0:42:51:b6:51:89:be:24:28:3a:4b:0e:
                    92:4e:b3:4a:12:a0:f7:11:f7:ce:fc:db:50:3a:d7:
                    d1:e3:6f:b1:3d:0f:26:10:e2:3a:e7:58:4a:42:2e:
                    f2:92:ca:7b:cb:c8:c4:2c:9b:af:05:6f:f0:78:d5:
                    40:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:21:99:D3:9E:9F:98:FE:EA:0B:31:E3:96:13:73:B7:7E:61:9C:D9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38424e51-d3cc-4fe9-af24-6c48066f7436.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  70.232.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         94:e9:ca:24:da:dd:54:6e:1b:04:54:78:e8:91:ed:19:32:5e:
         f1:16:41:72:e4:7d:df:8b:aa:e9:a8:62:22:3b:01:b8:de:80:
         ad:8a:99:94:fd:9a:04:51:67:51:6e:47:97:ba:3b:17:1a:e7:
         63:4f:86:79:97:a4:96:bc:a0:57:cb:63:8e:99:43:a7:a8:2c:
         0d:96:07:2e:18:40:ae:7a:ab:e7:98:81:c9:c9:f6:43:1d:73:
         c5:84:e3:6c:84:af:25:00:92:9c:61:11:21:0c:24:3e:e5:9f:
         51:7f:6b:2e:c6:83:64:09:f5:40:3b:4d:21:77:0d:bc:a9:5e:
         44:a8:19:15:06:b3:69:d2:29:b7:3c:85:16:7b:9c:42:6a:15:
         19:64:70:92:d4:77:93:b1:52:f4:51:52:fd:b9:7d:ea:34:71:
         11:93:2e:1c:01:da:8f:55:09:b5:38:3c:73:a9:e9:5b:c5:31:
         cf:a3:ed:c3:81:c9:57:4b:49:67:90:72:a8:0b:51:9e:68:8d:
         9b:10:c2:d7:ae:06:18:cc:6c:c7:2c:3e:2c:5c:a8:f9:00:01:
         11:41:6a:9e:36:80:89:d6:a6:34:38:7c:b3:99:0f:99:f1:f2:
         45:50:f7:77:35:29:e2:ef:e2:fd:d1:df:e6:2f:af:d2:47:ef:
         91:e1:3c:8d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeOol9J6vRYNF8a8p251im4r5TRgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDA0MjE0WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MTkyMWFiYjA0YmI1NjhlMGNlNjM5YWQ1ZjE2NDY3YWIy
MWZkYzg5NjNjM2U5MjY3Mzk2NjAwOTgzNDdkZjgwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLGte+6cGAeiW2TLSeN94gupWOmEmD2MoBiQ/pZw22vXIo
Qx33I5OKiLt8P9wpHIS6gO3uWdlL8+ifogR3qfqAvZv2yEj9Ir0RHDxN6MPIFaaF
K8VLi4Vt945H9Euei5EAIfyOwt6+faubgx8e1ZBvWtElDPSoRmMwWy45Zw5mxmL1
qU2sI4XUjj7mY6t3CUzaDTSOkKCDm4xsa6+OEGglFX467w6Q9pOS1I5VMSKCvQzc
NSUv8y60D/9XSSrJUZ28Dz5/j+BCUbZRib4kKDpLDpJOs0oSoPcR987821A619Hj
b7E9DyYQ4jrnWEpCLvKSynvLyMQsm68Fb/B41UAlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjSGZ056fmP7qCzHjlhNzt35hnNkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM4NDI0ZTUxLWQzY2MtNGZlOS1hZjI0LTZjNDgwNjZmNzQzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZG6EAwDQYJKoZIhvcNAQELBQADggEBAJTpyiTa3VRuGwRUeOiR7RkyXvEW
QXLkfd+LqumoYiI7AbjegK2KmZT9mgRRZ1FuR5e6Oxca52NPhnmXpJa8oFfLY46Z
Q6eoLA2WBy4YQK56q+eYgcnJ9kMdc8WE42yEryUAkpxhESEMJD7ln1F/ay7Gg2QJ
9UA7TSF3DbypXkSoGRUGs2nSKbc8hRZ7nEJqFRlkcJLUd5OxUvRRUv25feo0cRGT
LhwB2o9VCbU4PHOp6VvFMc+j7cOByVdLSWeQcqgLUZ5ojZsQwteuBhjMbMcsPixc
qPkAARFBap42gInWpjQ4fLOZD5nx8kVQ93c1KeLv4v3R3+Yvr9JH75HhPI0=
-----END CERTIFICATE-----