Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4c35d6dd-7274-434f-b01e-71e08b0bbf90.roa
File:                     4c35d6dd-7274-434f-b01e-71e08b0bbf90.roa (raw, json)
Hash identifier:          1I/Fx3vXKpVmijQIn52r3L2miyWyd0fD1GHSjOVMPHA=
Subject key identifier:   8C:62:EE:9C:1D:DC:E7:C0:7A:12:15:3E:1B:EF:18:F4:D5:3D:53:C9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       170E317EF7118C011607CE08C23CEEB7457C0597
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4c35d6dd-7274-434f-b01e-71e08b0bbf90.roa
Signing time:             Sat 18 Oct 2025 02:10:10 +0000
ROA not before:           Sat 18 Oct 2025 02:10:10 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.8.47.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:0e:31:7e:f7:11:8c:01:16:07:ce:08:c2:3c:ee:b7:45:7c:05:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 02:10:10 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=bb5fb97a0a223daf6c25b9a8edb2ee50126696589023c6e2c059ba6c277df108, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2f:c1:a1:a3:e3:08:67:56:14:aa:23:9f:36:
                    7a:32:4e:c3:a9:61:8d:3b:9e:56:29:20:3d:7a:44:
                    85:f0:d7:d7:e2:e8:d8:c7:ec:e6:38:24:90:cf:4f:
                    1d:dd:ab:11:17:cd:21:25:3c:31:22:bc:a7:7c:68:
                    4f:5b:ba:84:82:92:ac:72:f4:ac:87:63:9d:5a:61:
                    96:cb:ea:87:a2:37:af:4f:43:d5:03:57:ec:f7:ca:
                    da:30:1e:e5:17:30:a7:14:b3:0d:47:b3:45:8f:76:
                    06:ed:c2:33:8c:63:d2:36:a5:6a:d4:5d:71:60:d2:
                    9a:88:18:64:f8:a5:ef:11:c8:dc:52:77:53:8a:1e:
                    49:e4:19:a0:a2:21:5a:fa:2e:8e:87:10:48:87:c2:
                    5d:8e:11:58:f6:03:b2:61:52:c8:46:0d:f1:be:40:
                    c5:95:e3:38:24:50:c1:fd:57:29:0d:30:fd:61:af:
                    c1:8f:f5:1d:74:2e:1d:6c:ff:41:ef:9d:d5:e8:1b:
                    28:5a:70:78:dc:53:cc:df:7d:f4:db:0c:12:b3:77:
                    d2:80:63:cc:d0:67:7c:55:01:b2:17:b8:ef:0d:a1:
                    08:11:64:10:07:85:38:1c:91:1b:d1:ae:21:38:42:
                    95:ac:a2:81:07:85:30:02:96:67:50:e4:bc:25:5b:
                    59:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:62:EE:9C:1D:DC:E7:C0:7A:12:15:3E:1B:EF:18:F4:D5:3D:53:C9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4c35d6dd-7274-434f-b01e-71e08b0bbf90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.8.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:39:66:d6:b6:2f:b7:69:3f:3c:f4:b7:93:59:e7:1c:fb:a0:
         cf:c4:7b:69:d5:eb:b1:c8:22:ea:cc:68:91:f6:b2:f4:ba:3b:
         6b:d8:9b:db:3c:1d:99:f5:95:75:31:d6:75:93:e3:4c:03:6c:
         3a:dc:22:13:89:aa:56:f4:1f:0d:d2:47:78:36:d0:22:20:ad:
         a3:79:5a:38:de:d3:a5:8f:24:10:f6:a8:d7:5b:fe:7a:75:d8:
         18:76:bd:f8:9f:be:ea:38:16:da:48:59:0f:0f:89:09:c9:cd:
         63:28:3b:c2:d7:01:00:d3:b7:bc:55:10:00:17:fc:3d:52:f0:
         77:9c:ed:5f:50:6a:d7:dc:ec:52:76:e9:ea:96:14:d4:ef:d2:
         60:69:db:e9:7c:23:1a:2b:ae:db:4c:19:8b:7e:77:10:6f:2c:
         a3:c5:78:24:ff:1c:1d:cc:79:57:ea:b5:f7:d7:ab:ca:89:49:
         0e:4f:45:d8:c4:6b:a5:25:19:01:f6:f5:5b:d6:15:f4:70:3e:
         ea:f4:55:ae:f9:21:2f:b4:e0:95:f0:7d:78:76:be:2a:65:94:
         d8:10:51:b7:a7:aa:38:b3:a4:3b:e7:83:4d:2c:8f:dc:63:ec:
         b0:5a:f7:88:f5:36:12:fa:30:e8:05:ea:63:05:64:76:a1:2e:
         76:6a:d8:46
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFw4xfvcRjAEWB84Iwjzut0V8BZcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDIxMDEwWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BiYjVmYjk3YTBhMjIzZGFmNmMyNWI5YThlZGIyZWU1MDEy
NjY5NjU4OTAyM2M2ZTJjMDU5YmE2YzI3N2RmMTA4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7L8Gho+MIZ1YUqiOfNnoyTsOpYY07nlYpID16RIXw19fi
6NjH7OY4JJDPTx3dqxEXzSElPDEivKd8aE9buoSCkqxy9KyHY51aYZbL6oeiN69P
Q9UDV+z3ytowHuUXMKcUsw1Hs0WPdgbtwjOMY9I2pWrUXXFg0pqIGGT4pe8RyNxS
d1OKHknkGaCiIVr6Lo6HEEiHwl2OEVj2A7JhUshGDfG+QMWV4zgkUMH9VykNMP1h
r8GP9R10Lh1s/0HvndXoGyhacHjcU8zfffTbDBKzd9KAY8zQZ3xVAbIXuO8NoQgR
ZBAHhTgckRvRriE4QpWsooEHhTAClmdQ5LwlW1nDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjGLunB3c58B6EhU+G+8Y9NU9U8kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRjMzVkNmRkLTcyNzQtNDM0Zi1iMDFlLTcxZTA4YjBiYmY5MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABBCC8wDQYJKoZIhvcNAQELBQADggEBAEY5Zta2L7dpPzz0t5NZ5xz7oM/E
e2nV67HIIurMaJH2svS6O2vYm9s8HZn1lXUx1nWT40wDbDrcIhOJqlb0Hw3SR3g2
0CIgraN5Wjje06WPJBD2qNdb/np12Bh2vfifvuo4FtpIWQ8PiQnJzWMoO8LXAQDT
t7xVEAAX/D1S8Hec7V9Qatfc7FJ26eqWFNTv0mBp2+l8IxorrttMGYt+dxBvLKPF
eCT/HB3MeVfqtffXq8qJSQ5PRdjEa6UlGQH29VvWFfRwPur0Va75IS+04JXwfXh2
vipllNgQUbenqjizpDvng00sj9xj7LBa94j1NhL6MOgF6mMFZHahLnZq2EY=
-----END CERTIFICATE-----