Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/48af1dfe-0e61-4862-8ae2-75b053bcc924.roa
File:                     48af1dfe-0e61-4862-8ae2-75b053bcc924.roa (raw, json)
Hash identifier:          HeV8Zvu+RQWz5gzBNaiTJLqxfuUkxdZkoEjWHevBAQc=
Subject key identifier:   35:9F:9B:D3:A2:21:60:A4:FB:82:46:06:BF:87:A7:C3:D1:E8:E0:78
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4F039898E1CD8B9BED625E459D326B8140BCE9AC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/48af1dfe-0e61-4862-8ae2-75b053bcc924.roa
Signing time:             Mon 06 Oct 2025 16:22:44 +0000
ROA not before:           Mon 06 Oct 2025 16:22:44 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        44.215.136.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:03:98:98:e1:cd:8b:9b:ed:62:5e:45:9d:32:6b:81:40:bc:e9:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 16:22:44 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=a68ea881042aac249cda514cd032b8bcf1cf391957361966ed3f15bb7c01ad38, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ac:2b:93:7c:e8:3d:46:13:c9:2d:b4:54:0f:
                    e5:7f:ef:89:c9:ef:b7:44:bf:3c:62:11:c6:08:0c:
                    97:87:84:7b:c4:c7:9f:e4:8c:be:0a:7d:52:ed:b5:
                    43:25:dd:47:a0:29:53:52:8d:be:95:a6:f8:5d:36:
                    05:d7:b8:a1:cc:49:4b:0b:1a:90:31:2c:2f:ba:c9:
                    5c:67:5d:b5:79:2e:d5:09:45:86:f0:fb:d1:31:bf:
                    8a:e6:f1:86:c4:38:ce:dd:40:43:1b:af:1b:ba:fb:
                    c9:ff:a1:cc:d4:87:57:e9:9a:82:b8:01:47:7d:f9:
                    7a:4e:6a:a4:25:af:84:68:a3:fb:56:5b:57:ae:86:
                    c2:72:61:a3:3c:9e:cc:76:fb:44:ff:83:28:f0:6d:
                    00:b3:59:1d:d7:b0:39:da:a4:3d:40:e4:61:49:d6:
                    2b:99:54:1a:24:f2:70:ad:34:09:93:26:eb:70:cd:
                    f0:43:67:71:d2:56:ff:5d:c3:33:dd:36:53:1e:cf:
                    1b:f2:57:d4:6e:44:cf:46:ff:70:7f:12:c5:85:01:
                    39:c8:df:49:7c:19:55:5c:1b:da:ed:5f:5a:54:08:
                    85:53:95:89:a5:02:09:c4:d2:56:94:f3:7a:d8:52:
                    4b:5e:a4:8f:d4:42:2f:84:ee:7f:1b:1b:94:db:18:
                    ad:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:9F:9B:D3:A2:21:60:A4:FB:82:46:06:BF:87:A7:C3:D1:E8:E0:78
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/48af1dfe-0e61-4862-8ae2-75b053bcc924.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  44.215.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:0b:8c:7e:2f:03:88:d8:64:f9:be:9f:b4:d7:01:69:6f:f3:
         5d:f4:0a:c4:41:03:f4:dd:d6:85:5f:15:12:14:ef:ec:59:8f:
         40:7e:a4:2f:8a:40:43:31:a2:16:c6:a9:5d:11:61:b3:d8:aa:
         9f:d0:3e:ec:d1:db:bb:03:e9:b9:6c:1a:6e:09:17:d7:2d:8c:
         a6:7d:cd:36:68:24:61:54:5c:58:94:21:62:3b:ac:30:8d:cd:
         c4:8b:44:0b:c0:f8:61:db:de:67:60:0b:52:93:02:32:39:ba:
         59:80:de:67:18:5d:dd:90:57:28:ba:b5:f8:be:7c:87:3c:9a:
         63:ef:0b:0f:95:00:19:99:01:ea:98:ce:9f:ab:c0:01:66:ee:
         cc:59:7b:f9:2e:12:5d:54:4e:ae:c7:e8:26:69:c3:4f:a9:b6:
         a9:1c:5d:6d:bd:8e:14:bb:e9:87:b4:01:07:23:27:eb:69:fc:
         63:5c:50:7d:32:23:43:2a:26:c2:20:f5:94:22:13:79:d3:92:
         70:55:fb:30:e0:b3:e7:a1:00:1c:04:71:c3:66:e0:49:78:75:
         8d:52:35:89:82:bf:91:69:08:96:15:d4:76:fc:57:8a:86:29:
         46:17:b9:bc:b8:b2:c8:28:02:df:6e:3b:35:0c:42:13:75:95:
         e7:90:a0:7a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTwOYmOHNi5vtYl5FnTJrgUC86awwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTYyMjQ0WhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhNjhlYTg4MTA0MmFhYzI0OWNkYTUxNGNkMDMyYjhiY2Yx
Y2YzOTE5NTczNjE5NjZlZDNmMTViYjdjMDFhZDM4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3rCuTfOg9RhPJLbRUD+V/74nJ77dEvzxiEcYIDJeHhHvE
x5/kjL4KfVLttUMl3UegKVNSjb6VpvhdNgXXuKHMSUsLGpAxLC+6yVxnXbV5LtUJ
RYbw+9Exv4rm8YbEOM7dQEMbrxu6+8n/oczUh1fpmoK4AUd9+XpOaqQlr4Roo/tW
W1euhsJyYaM8nsx2+0T/gyjwbQCzWR3XsDnapD1A5GFJ1iuZVBok8nCtNAmTJutw
zfBDZ3HSVv9dwzPdNlMezxvyV9RuRM9G/3B/EsWFATnI30l8GVVcG9rtX1pUCIVT
lYmlAgnE0laU83rYUktepI/UQi+E7n8bG5TbGK3vAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNZ+b06IhYKT7gkYGv4enw9Ho4HgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ4YWYxZGZlLTBlNjEtNDg2Mi04YWUyLTc1YjA1M2JjYzkyNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIs14gwDQYJKoZIhvcNAQELBQADggEBAAULjH4vA4jYZPm+n7TXAWlv8130
CsRBA/Td1oVfFRIU7+xZj0B+pC+KQEMxohbGqV0RYbPYqp/QPuzR27sD6blsGm4J
F9ctjKZ9zTZoJGFUXFiUIWI7rDCNzcSLRAvA+GHb3mdgC1KTAjI5ulmA3mcYXd2Q
Vyi6tfi+fIc8mmPvCw+VABmZAeqYzp+rwAFm7sxZe/kuEl1UTq7H6CZpw0+ptqkc
XW29jhS76Ye0AQcjJ+tp/GNcUH0yI0MqJsIg9ZQiE3nTknBV+zDgs+ehABwEccNm
4El4dY1SNYmCv5FpCJYV1Hb8V4qGKUYXuby4ssgoAt9uOzUMQhN1leeQoHo=
-----END CERTIFICATE-----