Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4503df92-6bde-484a-9390-a3c3d019e26f.roa
File:                     4503df92-6bde-484a-9390-a3c3d019e26f.roa (raw, json)
Hash identifier:          vmD//uwHW5xmCyANmtPZ0+zjvma15wwEv934aBZodRM=
Subject key identifier:   24:10:0F:94:16:9B:5B:EF:CF:C2:41:64:AB:56:D6:C0:23:3C:65:69
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2311E75AE9D2849CE2A11301E57CBBF549FE5AC5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4503df92-6bde-484a-9390-a3c3d019e26f.roa
Signing time:             Mon 20 Oct 2025 05:06:48 +0000
ROA not before:           Mon 20 Oct 2025 05:06:48 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        24.110.46.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:11:e7:5a:e9:d2:84:9c:e2:a1:13:01:e5:7c:bb:f5:49:fe:5a:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 05:06:48 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=dd8d3fdddde21bd0b57bdf0b9aa305cb4cae1ccfd7884812f06259e3127d56ef, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:c0:8d:ab:04:d8:19:0b:4a:1d:97:41:96:83:
                    15:13:de:aa:a7:3c:4f:4c:44:a3:64:98:58:5c:b1:
                    a8:7c:84:55:53:34:5b:14:81:44:c4:ba:fe:1a:5c:
                    8e:c3:a7:9c:4e:02:bd:7b:d3:db:cd:6f:57:73:6c:
                    0a:cc:84:f5:8e:f0:78:a0:8e:63:6c:e1:c6:83:7d:
                    a7:12:b1:39:da:a8:67:ef:7c:ac:d2:99:3b:4a:6c:
                    e6:08:82:31:1e:f4:c4:81:ef:1d:63:c0:6f:ec:17:
                    34:23:bc:02:28:ff:05:8b:73:cf:d2:0c:e1:12:8f:
                    86:ea:eb:b2:af:97:1d:e4:b4:1a:a6:e6:e4:00:6a:
                    d8:c0:41:cb:b0:b3:44:5d:18:7e:10:76:84:42:f1:
                    d4:08:5b:a3:bb:49:4f:4e:52:ae:27:ad:57:33:99:
                    e6:a3:dc:f0:d7:77:0a:0d:f5:a8:98:2d:b5:0e:90:
                    de:97:b2:d7:2c:f4:51:84:b1:1d:52:40:ef:b2:1c:
                    88:e4:75:e9:33:71:0d:8e:7d:38:ed:d3:f9:f4:ba:
                    3d:82:01:b0:be:2d:c1:99:f2:60:dd:68:d6:98:65:
                    2a:a7:70:f9:21:a3:0c:5b:31:66:94:5d:71:02:4e:
                    7c:64:06:32:9c:61:fe:71:f5:b1:af:94:72:e4:4f:
                    f5:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:10:0F:94:16:9B:5B:EF:CF:C2:41:64:AB:56:D6:C0:23:3C:65:69
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4503df92-6bde-484a-9390-a3c3d019e26f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  24.110.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:38:7b:17:3c:c8:e4:8f:9a:67:4e:81:b6:6c:2e:66:be:68:
         48:b7:60:0d:9b:bd:6a:0c:6c:a7:a4:17:fa:8b:e4:f1:b1:cf:
         af:33:e4:32:51:31:c1:82:e4:f0:0a:df:57:84:d0:2f:b0:58:
         be:10:32:84:96:f4:11:55:cd:d5:59:07:07:a6:4f:06:72:b4:
         d5:29:95:64:85:d8:84:3a:4e:fc:f6:db:82:e1:03:4c:e4:df:
         d7:d3:db:59:4f:60:9d:7e:15:59:94:44:37:49:6b:0a:aa:1e:
         32:37:7a:5f:65:6f:cb:5a:e7:8d:e7:90:ab:85:0d:0c:57:49:
         39:70:d4:5e:f9:58:7f:70:f2:76:ad:b0:8d:61:ac:d1:ae:09:
         10:4a:f3:5e:68:6a:7e:98:b3:42:60:20:83:f8:cf:91:5d:6d:
         8c:b8:a0:26:d7:dc:2d:11:5f:82:05:26:72:c9:23:86:fd:51:
         c6:dd:a5:69:49:8c:fc:b5:21:d6:66:fb:d5:90:f2:4d:a8:cf:
         bc:4a:b6:12:81:50:95:e1:0d:c1:00:f8:8e:df:e3:04:a4:99:
         75:c2:cd:fe:36:f6:ff:62:da:4c:7f:53:62:ef:ab:c5:cd:7b:
         bf:22:6a:b8:80:87:c1:d3:e2:36:f2:22:9b:fb:16:cd:0b:78:
         be:b4:de:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIxHnWunShJzioRMB5Xy79Un+WsUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDUwNjQ4WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZDhkM2ZkZGRkZTIxYmQwYjU3YmRmMGI5YWEzMDVjYjRj
YWUxY2NmZDc4ODQ4MTJmMDYyNTllMzEyN2Q1NmVmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPwI2rBNgZC0odl0GWgxUT3qqnPE9MRKNkmFhcsah8hFVT
NFsUgUTEuv4aXI7Dp5xOAr1709vNb1dzbArMhPWO8HigjmNs4caDfacSsTnaqGfv
fKzSmTtKbOYIgjEe9MSB7x1jwG/sFzQjvAIo/wWLc8/SDOESj4bq67Kvlx3ktBqm
5uQAatjAQcuws0RdGH4QdoRC8dQIW6O7SU9OUq4nrVczmeaj3PDXdwoN9aiYLbUO
kN6Xstcs9FGEsR1SQO+yHIjkdekzcQ2OfTjt0/n0uj2CAbC+LcGZ8mDdaNaYZSqn
cPkhowxbMWaUXXECTnxkBjKcYf5x9bGvlHLkT/VRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJBAPlBabW+/PwkFkq1bWwCM8ZWkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ1MDNkZjkyLTZiZGUtNDg0YS05MzkwLWEzYzNkMDE5ZTI2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAYbi4wDQYJKoZIhvcNAQELBQADggEBAFs4exc8yOSPmmdOgbZsLma+aEi3
YA2bvWoMbKekF/qL5PGxz68z5DJRMcGC5PAK31eE0C+wWL4QMoSW9BFVzdVZBwem
TwZytNUplWSF2IQ6Tvz224LhA0zk39fT21lPYJ1+FVmURDdJawqqHjI3el9lb8ta
543nkKuFDQxXSTlw1F75WH9w8natsI1hrNGuCRBK815oan6Ys0JgIIP4z5FdbYy4
oCbX3C0RX4IFJnLJI4b9UcbdpWlJjPy1IdZm+9WQ8k2oz7xKthKBUJXhDcEA+I7f
4wSkmXXCzf429v9i2kx/U2Lvq8XNe78iariAh8HT4jbyIpv7Fs0LeL603vM=
-----END CERTIFICATE-----