Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/59994030-fa77-46f8-8c5a-9301b2931210.roa
File:                     59994030-fa77-46f8-8c5a-9301b2931210.roa (raw, json)
Hash identifier:          /sQBssnrJA+h7nK7OKwMHEVA1+ac6BCesBD9AsAmghI=
Subject key identifier:   FD:48:4C:AF:09:BD:F6:25:2A:74:2C:E3:65:26:C7:C4:FE:7A:AD:41
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       018207481FF6878BFF4A61449CAA376B11D3A169
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/59994030-fa77-46f8-8c5a-9301b2931210.roa
Signing time:             Sat 11 Oct 2025 00:22:01 +0000
ROA not before:           Sat 11 Oct 2025 00:22:01 +0000
ROA not after:            Sat 15 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        185.7.14.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:07:48:1f:f6:87:8b:ff:4a:61:44:9c:aa:37:6b:11:d3:a1:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 11 00:22:01 2025 GMT
            Not After : Nov 15 23:59:59 2025 GMT
        Subject: serialNumber=dece60991f9bffc69b812892986700f0238af7fcad1c707820e7ac53ef7a4da5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b7:50:07:1a:3c:6a:34:22:ba:d5:d7:9a:0d:
                    be:e5:35:24:5d:14:b1:ae:da:27:a5:4d:e2:86:26:
                    ad:21:d3:59:62:d9:9d:b2:4c:74:54:11:9a:14:54:
                    70:fe:c4:ab:84:b4:3f:c2:ba:a1:25:4c:fd:2e:67:
                    55:6d:ee:b4:45:7b:24:69:47:98:05:45:61:13:1e:
                    74:a8:9e:5b:17:9c:6b:64:f6:7f:4d:f2:6b:7f:37:
                    d3:59:15:94:3d:67:79:75:80:05:ed:4f:32:69:e8:
                    0c:72:6b:10:66:25:e7:07:bf:3f:a4:6f:4e:ec:1f:
                    71:24:4f:cf:3e:ae:31:8e:36:8e:5d:43:9f:2d:11:
                    f4:1c:49:4a:c8:ab:6d:c7:99:00:4a:74:18:7b:32:
                    78:cb:78:7a:4f:fb:0e:85:3d:cd:b7:22:7f:80:9e:
                    3e:13:ff:73:90:38:28:d1:29:23:1c:8d:e9:27:60:
                    89:c7:eb:9a:15:1d:85:10:dc:4a:5f:7f:9c:b5:ee:
                    78:15:05:41:a1:31:2d:98:fe:45:3f:26:39:70:21:
                    b5:7b:1e:03:a8:ee:80:6b:42:56:a0:93:4d:cc:7a:
                    af:f8:3a:fc:2a:4c:4e:f5:1d:6c:c6:6a:9d:8e:a2:
                    aa:06:33:b9:dd:e7:52:95:c4:61:a5:cc:f3:ea:51:
                    f2:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:48:4C:AF:09:BD:F6:25:2A:74:2C:E3:65:26:C7:C4:FE:7A:AD:41
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/59994030-fa77-46f8-8c5a-9301b2931210.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:ea:b3:8c:dd:10:45:26:46:b6:fc:75:7c:ec:81:80:14:ec:
         bd:c1:45:64:2d:6d:3e:e0:18:80:d2:8a:95:6f:55:33:31:dc:
         33:ae:00:b5:1a:50:5b:ab:9e:84:f3:03:2c:18:41:24:34:f8:
         e8:30:06:a0:8a:a9:14:e7:e3:72:56:9e:05:60:c9:5f:47:da:
         79:6a:2b:b6:e1:78:10:59:06:27:f7:7d:8e:ed:70:28:c5:6c:
         dc:16:de:53:6c:6b:6a:10:e7:42:57:96:1f:8e:df:81:e4:79:
         95:6d:a4:92:a6:54:81:59:9c:12:cf:6c:8b:d8:2c:88:0e:72:
         ec:47:06:6e:50:f7:20:32:f0:e2:31:4b:b6:e9:cc:fe:f1:d1:
         53:dd:da:15:bb:a9:cc:bd:b7:f7:0a:25:87:49:02:6d:3b:d5:
         84:c4:47:6e:15:00:a1:9d:56:3b:69:73:86:c5:f9:fe:77:d5:
         5d:f0:77:3b:e8:d3:5c:a2:55:48:fd:4d:95:88:fa:f9:aa:e8:
         b8:c4:b0:df:5d:a7:db:5e:35:51:7a:bb:66:f8:d9:18:65:4f:
         22:8c:ec:54:54:15:0d:43:18:b9:c3:cc:1d:d7:74:13:f7:20:
         20:99:bc:6f:d3:5e:12:57:e2:b7:9b:ea:1c:07:d3:24:b5:ba:
         d8:3d:aa:d1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAYIHSB/2h4v/SmFEnKo3axHToWkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDExMDAyMjAxWhcNMjUxMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZWNlNjA5OTFmOWJmZmM2OWI4MTI4OTI5ODY3MDBmMDIz
OGFmN2ZjYWQxYzcwNzgyMGU3YWM1M2VmN2E0ZGE1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCit1AHGjxqNCK61deaDb7lNSRdFLGu2ielTeKGJq0h01li
2Z2yTHRUEZoUVHD+xKuEtD/CuqElTP0uZ1Vt7rRFeyRpR5gFRWETHnSonlsXnGtk
9n9N8mt/N9NZFZQ9Z3l1gAXtTzJp6AxyaxBmJecHvz+kb07sH3EkT88+rjGONo5d
Q58tEfQcSUrIq23HmQBKdBh7MnjLeHpP+w6FPc23In+Anj4T/3OQOCjRKSMcjekn
YInH65oVHYUQ3Epff5y17ngVBUGhMS2Y/kU/JjlwIbV7HgOo7oBrQlagk03Meq/4
OvwqTE71HWzGap2OoqoGM7nd51KVxGGlzPPqUfKdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/UhMrwm99iUqdCzjZSbHxP56rUEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU5OTk0MDMwLWZhNzctNDZmOC04YzVhLTkzMDFiMjkzMTIxMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAC5Bw4wDQYJKoZIhvcNAQELBQADggEBABfqs4zdEEUmRrb8dXzsgYAU7L3B
RWQtbT7gGIDSipVvVTMx3DOuALUaUFurnoTzAywYQSQ0+OgwBqCKqRTn43JWngVg
yV9H2nlqK7bheBBZBif3fY7tcCjFbNwW3lNsa2oQ50JXlh+O34HkeZVtpJKmVIFZ
nBLPbIvYLIgOcuxHBm5Q9yAy8OIxS7bpzP7x0VPd2hW7qcy9t/cKJYdJAm071YTE
R24VAKGdVjtpc4bF+f531V3wdzvo01yiVUj9TZWI+vmq6LjEsN9dp9teNVF6u2b4
2RhlTyKM7FRUFQ1DGLnDzB3XdBP3ICCZvG/TXhJX4reb6hwH0yS1utg9qtE=
-----END CERTIFICATE-----