Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/470f0ebc-7616-4541-a259-72a4b56f9e69.roa
File:                     470f0ebc-7616-4541-a259-72a4b56f9e69.roa (raw, json)
Hash identifier:          HhVFhQkJHOZ+QvJVMcF0lf+gFSgk3OEzTkqXnxXGqwg=
Subject key identifier:   1E:14:B8:D3:B4:24:FB:CB:8B:0E:40:01:AD:50:73:FA:42:31:C1:A2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       58C06966C8F1A2B51E88D5CFB081673A2E817749
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/470f0ebc-7616-4541-a259-72a4b56f9e69.roa
Signing time:             Tue 14 Oct 2025 17:42:48 +0000
ROA not before:           Tue 14 Oct 2025 17:42:48 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        71.152.6.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:c0:69:66:c8:f1:a2:b5:1e:88:d5:cf:b0:81:67:3a:2e:81:77:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 17:42:48 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=c7a2e46f20e2c6985d07d4afc50a057ccd95891b15c2778a399c8043d2fd5d76, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:a3:7e:87:7f:b1:6f:7b:44:b9:59:0a:e6:93:
                    42:25:04:83:3b:ee:5e:2a:45:e4:89:2f:cf:f7:fe:
                    0f:2a:95:66:cc:ac:ea:d8:10:57:5e:54:5a:ef:58:
                    de:fc:65:78:eb:3d:6e:d4:cd:71:0f:8d:1c:22:de:
                    fe:2a:fa:89:7e:35:c0:33:e1:d2:75:8e:90:52:53:
                    a0:cd:bf:6c:a2:e3:03:0a:3c:f0:42:fa:2a:42:9f:
                    37:8e:10:29:17:e7:2f:d1:56:7d:3c:2d:f0:80:67:
                    1e:89:fd:e1:92:8a:28:1f:31:61:62:e2:fe:66:be:
                    30:c9:b8:e8:ab:e2:dc:a9:de:c2:05:32:b1:72:69:
                    c8:56:7c:9e:12:4f:cd:49:84:d4:fb:9d:15:e8:00:
                    e5:2c:10:dc:71:67:96:f2:e3:fd:ee:8b:57:21:57:
                    33:c4:0b:ac:ae:f8:4a:1d:21:44:3d:56:c0:60:b8:
                    81:ee:41:95:ab:27:4e:8f:35:69:53:fe:4d:03:d5:
                    d5:b6:55:09:ba:67:db:dc:07:2d:f3:5d:06:9c:93:
                    05:96:71:84:d9:55:8f:88:73:ba:cf:33:99:15:d3:
                    22:24:16:55:c8:46:4e:4a:cd:2c:87:c2:f2:93:f1:
                    ca:de:eb:f0:02:1c:04:69:8f:ea:3b:5a:f8:1f:97:
                    bc:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:14:B8:D3:B4:24:FB:CB:8B:0E:40:01:AD:50:73:FA:42:31:C1:A2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/470f0ebc-7616-4541-a259-72a4b56f9e69.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  71.152.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:2c:4f:4a:b5:c5:56:c5:f3:6c:ca:d4:69:c4:3a:31:d4:e2:
         84:4c:2d:15:64:f8:30:1b:85:1a:2f:5f:7d:31:a1:97:88:c1:
         3e:1a:66:b1:9f:6f:81:8b:60:87:92:9a:1d:cd:71:a5:18:d5:
         61:4e:7c:d5:50:05:30:fd:c0:89:90:e4:19:6d:d2:d2:1e:78:
         f5:9f:4b:ac:a4:c4:6f:16:01:83:d2:65:ed:18:39:8b:ab:b8:
         e7:7b:bb:70:c0:73:33:44:b0:e0:77:0c:7c:c4:67:fe:e5:ff:
         b9:b8:c4:d2:36:48:94:e4:f8:d7:63:72:59:e1:87:6d:c6:10:
         4e:94:cf:e1:f9:17:fe:31:ee:0f:1d:78:68:2c:04:1b:8f:c9:
         a9:56:94:27:f6:7d:09:d1:41:30:55:3e:27:5c:84:40:53:c7:
         9a:14:7d:f8:64:33:4a:83:e6:94:e1:80:aa:86:3e:32:50:f6:
         d7:fd:4a:9f:4d:92:67:9f:54:bd:11:fc:ee:ea:64:2e:3e:85:
         9d:ed:b7:99:aa:16:e4:8d:ae:8e:82:03:cf:df:9f:1e:43:e1:
         ce:8c:c2:55:3a:26:4e:a3:74:69:20:cc:da:29:2a:94:de:a7:
         c2:95:76:a0:73:95:ad:e5:8f:66:98:cb:d0:83:72:55:c5:7c:
         0b:c1:59:50
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWMBpZsjxorUeiNXPsIFnOi6Bd0kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTc0MjQ4WhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjN2EyZTQ2ZjIwZTJjNjk4NWQwN2Q0YWZjNTBhMDU3Y2Nk
OTU4OTFiMTVjMjc3OGEzOTljODA0M2QyZmQ1ZDc2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQo36Hf7Fve0S5WQrmk0IlBIM77l4qReSJL8/3/g8qlWbM
rOrYEFdeVFrvWN78ZXjrPW7UzXEPjRwi3v4q+ol+NcAz4dJ1jpBSU6DNv2yi4wMK
PPBC+ipCnzeOECkX5y/RVn08LfCAZx6J/eGSiigfMWFi4v5mvjDJuOir4typ3sIF
MrFyachWfJ4ST81JhNT7nRXoAOUsENxxZ5by4/3ui1chVzPEC6yu+EodIUQ9VsBg
uIHuQZWrJ06PNWlT/k0D1dW2VQm6Z9vcBy3zXQackwWWcYTZVY+Ic7rPM5kV0yIk
FlXIRk5KzSyHwvKT8cre6/ACHARpj+o7Wvgfl7wHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHhS407Qk+8uLDkABrVBz+kIxwaIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ3MGYwZWJjLTc2MTYtNDU0MS1hMjU5LTcyYTRiNTZmOWU2OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABHmAYwDQYJKoZIhvcNAQELBQADggEBAMwsT0q1xVbF82zK1GnEOjHU4oRM
LRVk+DAbhRovX30xoZeIwT4aZrGfb4GLYIeSmh3NcaUY1WFOfNVQBTD9wImQ5Blt
0tIeePWfS6ykxG8WAYPSZe0YOYuruOd7u3DAczNEsOB3DHzEZ/7l/7m4xNI2SJTk
+Ndjclnhh23GEE6Uz+H5F/4x7g8deGgsBBuPyalWlCf2fQnRQTBVPidchEBTx5oU
ffhkM0qD5pThgKqGPjJQ9tf9Sp9NkmefVL0R/O7qZC4+hZ3tt5mqFuSNro6CA8/f
nx5D4c6MwlU6Jk6jdGkgzNopKpTep8KVdqBzla3lj2aYy9CDclXFfAvBWVA=
-----END CERTIFICATE-----