Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/549062ae-c5b1-4db8-8029-29dac35e3892.roa
File:                     549062ae-c5b1-4db8-8029-29dac35e3892.roa (raw, json)
Hash identifier:          WSxhOUuhLDX+dU2vs/jJisW3m0YlFxJta4ryPva0FeY=
Subject key identifier:   C1:4A:0E:D7:C8:F8:0A:E1:70:BE:77:BE:90:74:B0:22:A8:06:17:91
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1E7D83D4C967DFFA7B266A98D5AE39C72BB29299
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/549062ae-c5b1-4db8-8029-29dac35e3892.roa
Signing time:             Fri 26 Sep 2025 00:42:58 +0000
ROA not before:           Fri 26 Sep 2025 00:42:58 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        89.254.32.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:7d:83:d4:c9:67:df:fa:7b:26:6a:98:d5:ae:39:c7:2b:b2:92:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 26 00:42:58 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=a1480df9abcec60d5bb4622ecb87563106fbd98b29993e4467c705495070578b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a8:ab:6d:62:6e:11:cf:38:e3:5c:f3:e0:53:
                    7f:b2:3b:55:e8:7d:2c:96:6d:56:80:12:eb:d7:12:
                    1b:22:be:ca:0d:76:bb:73:d1:2f:78:a2:aa:0d:e4:
                    74:cf:5e:38:48:18:9e:85:a9:6b:ff:f0:f8:df:2e:
                    00:91:4f:9e:a8:d7:ba:49:00:20:af:45:17:b1:91:
                    05:84:51:51:10:75:fc:b7:92:b6:71:ab:09:a4:2c:
                    77:13:8e:d6:53:e0:58:8d:c1:3a:58:29:d3:1d:a6:
                    27:b4:f5:e6:dd:3e:61:53:60:ec:d2:30:36:15:7e:
                    d3:7c:a7:73:87:04:61:6e:9f:a9:25:d6:33:b8:6c:
                    3d:6b:4c:61:68:15:28:3a:38:89:54:13:8c:c6:82:
                    9b:bc:16:65:37:0f:f7:2e:bb:28:9a:44:f0:4d:c5:
                    c9:41:ae:73:46:4e:f9:bd:25:77:18:1b:25:70:ee:
                    1c:60:e9:9a:24:66:91:78:3c:8b:67:3b:ea:13:52:
                    ee:5c:08:14:92:16:cc:96:e2:e6:9c:24:da:de:c0:
                    50:89:bd:89:f6:81:04:8f:a2:4f:59:e8:fa:79:1b:
                    ea:97:7c:8f:c5:33:a1:6e:ed:8b:f8:3a:6e:d2:a1:
                    64:e8:ad:6b:31:14:cd:40:a9:46:4d:57:32:33:0d:
                    1d:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:4A:0E:D7:C8:F8:0A:E1:70:BE:77:BE:90:74:B0:22:A8:06:17:91
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/549062ae-c5b1-4db8-8029-29dac35e3892.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.254.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         38:68:d7:56:de:1c:43:ef:0b:87:33:63:cd:b8:fb:41:bd:f8:
         19:c7:cc:2a:4d:21:24:72:e2:c5:0b:c1:3e:ce:fb:37:e5:53:
         68:8e:5c:a4:69:ce:67:13:f5:8b:52:da:f1:34:6b:cc:94:c0:
         da:ef:86:c1:b4:47:fa:bd:d2:cc:31:d6:10:a6:29:12:16:7c:
         ff:59:1e:b6:e5:62:ce:cd:45:cc:d5:2f:39:50:9e:ca:72:68:
         06:84:e1:1e:62:d7:3f:8c:b2:17:60:e5:8e:42:20:d6:e8:74:
         55:8b:0e:ab:5f:b9:2d:1e:37:2a:96:92:36:eb:cb:28:f4:20:
         76:0e:e2:9b:bf:a3:ac:83:31:58:ad:cb:d2:92:69:c1:f2:87:
         ed:e6:d3:b2:a5:14:53:30:4a:10:84:4b:e5:07:85:22:b5:fe:
         5a:7d:99:7a:4e:f2:80:81:5f:de:70:a5:dd:e4:7f:3c:7a:6e:
         57:83:c1:22:c3:d9:b1:74:a1:c9:38:0e:9d:00:f9:d0:24:aa:
         87:a8:92:65:02:bc:db:e8:0c:bc:e3:e1:c2:74:cc:3c:7d:1b:
         84:d0:d7:07:78:e9:b4:05:93:ab:a6:86:37:3b:e0:44:68:4c:
         59:82:08:81:41:8c:a6:cf:70:7b:c9:6e:20:6e:43:82:31:ff:
         f9:8c:6c:27
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHn2D1Mln3/p7JmqY1a45xyuykpkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI2MDA0MjU4WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMTQ4MGRmOWFiY2VjNjBkNWJiNDYyMmVjYjg3NTYzMTA2
ZmJkOThiMjk5OTNlNDQ2N2M3MDU0OTUwNzA1NzhiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3qKttYm4RzzjjXPPgU3+yO1XofSyWbVaAEuvXEhsivsoN
drtz0S94oqoN5HTPXjhIGJ6FqWv/8PjfLgCRT56o17pJACCvRRexkQWEUVEQdfy3
krZxqwmkLHcTjtZT4FiNwTpYKdMdpie09ebdPmFTYOzSMDYVftN8p3OHBGFun6kl
1jO4bD1rTGFoFSg6OIlUE4zGgpu8FmU3D/cuuyiaRPBNxclBrnNGTvm9JXcYGyVw
7hxg6ZokZpF4PItnO+oTUu5cCBSSFsyW4uacJNrewFCJvYn2gQSPok9Z6Pp5G+qX
fI/FM6Fu7Yv4Om7SoWTorWsxFM1AqUZNVzIzDR1XAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwUoO18j4CuFwvne+kHSwIqgGF5EwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU0OTA2MmFlLWM1YjEtNGRiOC04MDI5LTI5ZGFjMzVlMzg5Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVZ/iAwDQYJKoZIhvcNAQELBQADggEBADho11beHEPvC4czY824+0G9+BnH
zCpNISRy4sULwT7O+zflU2iOXKRpzmcT9YtS2vE0a8yUwNrvhsG0R/q90swx1hCm
KRIWfP9ZHrblYs7NRczVLzlQnspyaAaE4R5i1z+Mshdg5Y5CINbodFWLDqtfuS0e
NyqWkjbryyj0IHYO4pu/o6yDMVity9KSacHyh+3m07KlFFMwShCES+UHhSK1/lp9
mXpO8oCBX95wpd3kfzx6bleDwSLD2bF0ock4Dp0A+dAkqoeokmUCvNvoDLzj4cJ0
zDx9G4TQ1wd46bQFk6umhjc74ERoTFmCCIFBjKbPcHvJbiBuQ4Ix//mMbCc=
-----END CERTIFICATE-----