Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5d50dae9-a2f6-42d1-a23e-9f361c3fed24.roa
File:                     5d50dae9-a2f6-42d1-a23e-9f361c3fed24.roa (raw, json)
Hash identifier:          9okXD/T8spfRq/JaQyOPNnX/+D15MNIyw0Z/ACflgcc=
Subject key identifier:   32:29:75:FA:EF:0C:9A:33:F3:D2:D8:AB:2B:3E:EC:C9:5D:A4:C1:FD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       46C7A5F466067821E0E73C1ED6E7C60C09B0C5FC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5d50dae9-a2f6-42d1-a23e-9f361c3fed24.roa
Signing time:             Wed 08 Oct 2025 00:22:18 +0000
ROA not before:           Wed 08 Oct 2025 00:22:18 +0000
ROA not after:            Wed 12 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        66.240.64.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:c7:a5:f4:66:06:78:21:e0:e7:3c:1e:d6:e7:c6:0c:09:b0:c5:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  8 00:22:18 2025 GMT
            Not After : Nov 12 23:59:59 2025 GMT
        Subject: serialNumber=8c6b31bbfde3a400ff6f3d226d6db65c513688adcc64fc603d616e1dc2c4a522, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:13:da:3e:ff:14:95:3b:ab:eb:82:2e:d7:b0:
                    03:c3:f7:58:0d:8e:e0:b0:46:7a:f2:d4:a3:d6:84:
                    e7:94:2b:5a:dd:2e:30:69:9d:08:97:27:b0:84:fd:
                    4f:e3:bf:95:51:07:c7:81:04:6f:4e:ef:c9:bd:c0:
                    ec:fe:f2:da:20:df:d7:4e:bd:58:4d:14:49:c9:40:
                    27:ec:d1:74:66:d2:87:13:81:72:a7:c2:8f:45:5f:
                    0a:af:b5:1c:f1:0d:07:02:17:84:14:fd:a0:b1:7a:
                    d0:18:0e:d6:20:d0:a6:eb:85:ff:68:c5:1c:f6:fa:
                    a5:54:b7:d3:f5:04:fa:94:57:14:14:81:5d:b4:ba:
                    c3:ea:f0:df:cd:0c:d3:da:3a:72:bb:19:3e:1b:dc:
                    69:fa:26:49:4e:ca:d8:9f:3d:e7:40:09:82:8d:d6:
                    c0:b5:0c:b8:81:a9:db:8f:a1:3f:75:66:4c:b9:f9:
                    61:94:da:4a:ec:9e:0f:7d:11:3c:11:b4:cd:b8:ed:
                    66:5d:17:4c:ec:0a:6b:32:61:e3:3e:4e:2a:3d:2d:
                    cf:32:44:4e:b0:60:8b:9e:7c:75:c9:60:6d:28:e2:
                    af:c9:93:f0:dd:39:61:ac:0f:f9:a3:7b:ad:97:99:
                    11:ce:77:20:1b:a5:24:b1:68:c7:70:5a:39:9e:41:
                    05:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:29:75:FA:EF:0C:9A:33:F3:D2:D8:AB:2B:3E:EC:C9:5D:A4:C1:FD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5d50dae9-a2f6-42d1-a23e-9f361c3fed24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.240.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         70:87:c0:4b:d1:4a:c9:44:b9:b6:75:93:a9:f7:8f:5e:c4:c8:
         d0:85:3a:d1:fa:ba:dc:5c:13:33:12:1e:74:56:dc:3e:ee:70:
         c6:ca:81:f3:1f:5a:12:60:6a:9d:31:a1:76:6e:91:ec:8e:28:
         de:aa:8f:4f:ff:2b:af:ec:e7:a7:bb:d0:c9:42:e8:ff:58:df:
         5b:50:c9:75:79:2e:be:0b:18:b4:8f:8b:c7:0d:4b:d6:8f:e2:
         fe:bd:50:2f:41:4a:e3:01:6e:41:6f:1a:cc:f9:ff:b0:2b:96:
         69:21:00:d1:7a:72:90:2b:6b:f4:45:9c:a4:1b:7f:7e:f2:b5:
         88:15:ce:bd:f5:75:66:50:93:4a:d1:39:bb:1e:5a:ff:26:68:
         fe:b7:36:c6:55:55:99:bf:7b:32:16:50:2f:e3:d8:bf:ad:2a:
         01:01:0a:6a:31:65:f2:c6:01:78:ee:f4:08:2c:97:73:db:71:
         a8:cb:84:db:24:5e:71:fd:d3:23:c1:b6:6c:55:5f:93:51:9c:
         39:4a:b1:e0:fb:ba:84:92:83:27:88:c3:e9:08:6d:4a:f8:b7:
         1f:bb:c6:19:e7:35:d0:31:76:16:f5:8b:e2:a9:87:ef:1a:8c:
         6b:24:4d:a1:8c:c7:3d:33:38:61:c4:7e:e6:89:af:23:64:53:
         c1:5a:33:c4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURsel9GYGeCHg5zwe1ufGDAmwxfwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA4MDAyMjE4WhcNMjUxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A4YzZiMzFiYmZkZTNhNDAwZmY2ZjNkMjI2ZDZkYjY1YzUx
MzY4OGFkY2M2NGZjNjAzZDYxNmUxZGMyYzRhNTIyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjE9o+/xSVO6vrgi7XsAPD91gNjuCwRnry1KPWhOeUK1rd
LjBpnQiXJ7CE/U/jv5VRB8eBBG9O78m9wOz+8tog39dOvVhNFEnJQCfs0XRm0ocT
gXKnwo9FXwqvtRzxDQcCF4QU/aCxetAYDtYg0Kbrhf9oxRz2+qVUt9P1BPqUVxQU
gV20usPq8N/NDNPaOnK7GT4b3Gn6JklOytifPedACYKN1sC1DLiBqduPoT91Zky5
+WGU2krsng99ETwRtM247WZdF0zsCmsyYeM+Tio9Lc8yRE6wYIuefHXJYG0o4q/J
k/DdOWGsD/mje62XmRHOdyAbpSSxaMdwWjmeQQWjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMil1+u8MmjPz0tirKz7syV2kwf0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVkNTBkYWU5LWEyZjYtNDJkMS1hMjNlLTlmMzYxYzNmZWQyNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZC8EAwDQYJKoZIhvcNAQELBQADggEBAHCHwEvRSslEubZ1k6n3j17EyNCF
OtH6utxcEzMSHnRW3D7ucMbKgfMfWhJgap0xoXZukeyOKN6qj0//K6/s56e70MlC
6P9Y31tQyXV5Lr4LGLSPi8cNS9aP4v69UC9BSuMBbkFvGsz5/7ArlmkhANF6cpAr
a/RFnKQbf37ytYgVzr31dWZQk0rRObseWv8maP63NsZVVZm/ezIWUC/j2L+tKgEB
CmoxZfLGAXju9Agsl3PbcajLhNskXnH90yPBtmxVX5NRnDlKseD7uoSSgyeIw+kI
bUr4tx+7xhnnNdAxdhb1i+Kph+8ajGskTaGMxz0zOGHEfuaJryNkU8FaM8Q=
-----END CERTIFICATE-----