Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3cbc6787-d399-4def-9a56-fbcef999e554.roa
File:                     3cbc6787-d399-4def-9a56-fbcef999e554.roa (raw, json)
Hash identifier:          ykFxE/SYlF85h7lAFz5lX1XYeb3QhoJZKZV0CFQvSFA=
Subject key identifier:   2D:ED:81:DE:2C:69:77:93:EC:9F:CD:B9:09:8B:63:6E:24:11:03:DF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       197E6A71CCA7EEAFDD6D130646D222323891472F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3cbc6787-d399-4def-9a56-fbcef999e554.roa
Signing time:             Fri 03 Oct 2025 00:42:17 +0000
ROA not before:           Fri 03 Oct 2025 00:42:17 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        72.242.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:7e:6a:71:cc:a7:ee:af:dd:6d:13:06:46:d2:22:32:38:91:47:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:42:17 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=b5e973d88717c13922e6672cc8984dc82038618857f92ca39ff20377515eca33, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:98:8d:33:37:e0:46:b4:e7:2c:56:17:f0:9a:
                    49:1a:35:7d:26:1b:ed:7b:6e:ba:05:6b:5f:8a:10:
                    1e:9b:71:d0:95:6c:5b:1d:b9:6e:a0:80:5c:9f:9d:
                    55:f5:b2:d7:64:20:1c:57:14:60:fb:50:aa:e7:45:
                    8f:69:7a:6d:62:54:f5:cc:4b:1f:4b:48:c2:86:59:
                    46:02:d6:07:34:f7:35:67:6e:48:eb:8f:3a:d6:ce:
                    9e:98:97:65:14:e9:b5:28:c5:40:08:b1:be:e3:5e:
                    bb:81:70:67:a8:a7:65:55:e4:7e:df:e2:ba:89:ed:
                    23:f3:79:59:83:38:9e:9c:a4:69:a4:6d:b9:43:52:
                    1a:fa:e1:f5:ac:79:49:86:26:b8:72:97:c1:97:a2:
                    83:80:c7:e3:9d:cd:37:d1:f6:1f:09:2a:6d:cd:9e:
                    22:80:b9:5c:ba:cb:9a:53:9d:00:98:ff:ed:14:64:
                    02:aa:94:d6:fe:b9:8a:31:9f:b0:4c:63:42:a8:73:
                    c1:50:99:98:17:7d:11:c2:51:6b:a6:cc:b7:6d:21:
                    40:45:10:0a:85:32:3f:b3:d4:8a:bf:03:33:44:86:
                    3b:09:4c:47:c5:1b:54:60:55:1c:e8:71:39:6f:23:
                    39:52:66:a0:35:91:b2:56:2b:eb:92:7a:1a:0f:12:
                    3b:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:ED:81:DE:2C:69:77:93:EC:9F:CD:B9:09:8B:63:6E:24:11:03:DF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3cbc6787-d399-4def-9a56-fbcef999e554.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.242.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         42:5f:45:a0:77:fb:5f:fc:de:bf:48:60:12:98:27:57:95:6f:
         31:aa:0c:ec:9f:5b:0e:ea:f7:f7:d4:f1:b8:78:5f:76:3f:46:
         a8:b1:3f:b3:5f:06:02:62:4d:9b:69:b0:5e:f7:c6:31:10:87:
         f7:6b:54:23:95:6c:3d:6b:bd:7d:85:76:77:c2:52:ce:02:71:
         0f:ee:2b:29:52:01:c2:75:4a:da:15:1b:0f:31:89:86:a7:5c:
         09:0a:5e:9c:a3:79:39:11:4d:01:ea:34:19:bc:74:6e:a3:69:
         91:59:a4:8d:8a:6c:48:f5:18:36:f6:20:d1:ad:b8:27:62:90:
         33:f2:a9:82:e6:f7:3c:08:b7:ed:28:c3:d9:2f:9a:86:e7:8b:
         77:67:89:4e:c0:f5:8f:a2:fc:f7:fe:f6:71:88:a3:bb:92:1b:
         bc:ae:20:08:2e:f2:a9:12:43:2d:29:38:95:ba:b0:fa:f6:ae:
         80:7e:94:85:a1:14:0d:d2:b9:cb:58:67:fc:df:44:a7:ba:64:
         78:9e:6b:79:03:7c:d9:5b:67:a7:aa:ce:60:fc:8d:d8:aa:b3:
         7c:c8:0f:84:a2:e8:68:04:d6:54:c6:40:74:d6:b4:2d:1b:f9:
         24:6c:0e:4d:10:f1:3e:71:8f:ef:32:66:c1:3b:e2:05:83:e5:
         f3:33:fe:18
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUGX5qccyn7q/dbRMGRtIiMjiRRy8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDA0MjE3WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNWU5NzNkODg3MTdjMTM5MjJlNjY3MmNjODk4NGRjODIw
Mzg2MTg4NTdmOTJjYTM5ZmYyMDM3NzUxNWVjYTMzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBmI0zN+BGtOcsVhfwmkkaNX0mG+17broFa1+KEB6bcdCV
bFsduW6ggFyfnVX1stdkIBxXFGD7UKrnRY9pem1iVPXMSx9LSMKGWUYC1gc09zVn
bkjrjzrWzp6Yl2UU6bUoxUAIsb7jXruBcGeop2VV5H7f4rqJ7SPzeVmDOJ6cpGmk
bblDUhr64fWseUmGJrhyl8GXooOAx+OdzTfR9h8JKm3NniKAuVy6y5pTnQCY/+0U
ZAKqlNb+uYoxn7BMY0Koc8FQmZgXfRHCUWumzLdtIUBFEAqFMj+z1Iq/AzNEhjsJ
TEfFG1RgVRzocTlvIzlSZqA1kbJWK+uSehoPEjtNAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQULe2B3ixpd5Psn825CYtjbiQRA98wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNjYmM2Nzg3LWQzOTktNGRlZi05YTU2LWZiY2VmOTk5ZTU1NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwFI8jANBgkqhkiG9w0BAQsFAAOCAQEAQl9FoHf7X/zev0hgEpgnV5VvMaoM
7J9bDur399TxuHhfdj9GqLE/s18GAmJNm2mwXvfGMRCH92tUI5VsPWu9fYV2d8JS
zgJxD+4rKVIBwnVK2hUbDzGJhqdcCQpenKN5ORFNAeo0Gbx0bqNpkVmkjYpsSPUY
NvYg0a24J2KQM/Kpgub3PAi37SjD2S+ahueLd2eJTsD1j6L89/72cYiju5IbvK4g
CC7yqRJDLSk4lbqw+vaugH6UhaEUDdK5y1hn/N9Ep7pkeJ5reQN82Vtnp6rOYPyN
2KqzfMgPhKLoaATWVMZAdNa0LRv5JGwOTRDxPnGP7zJmwTviBYPl8zP+GA==
-----END CERTIFICATE-----