Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5e8dc870-a029-4c0b-af03-f7d00dd60108.roa
File:                     5e8dc870-a029-4c0b-af03-f7d00dd60108.roa (raw, json)
Hash identifier:          KXVqk5Wp787Q4KzAYBWqnUNC2LEFI5Lwp4KYLNlUMQo=
Subject key identifier:   BC:E3:FC:12:0D:84:64:A3:8A:D5:C6:2C:D6:F9:05:0F:5F:BD:86:BD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4EA1D9F22A12FDA24B154AEC4F8EC8FD895F90FC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5e8dc870-a029-4c0b-af03-f7d00dd60108.roa
Signing time:             Tue 14 Oct 2025 17:42:47 +0000
ROA not before:           Tue 14 Oct 2025 17:42:47 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        71.152.47.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:a1:d9:f2:2a:12:fd:a2:4b:15:4a:ec:4f:8e:c8:fd:89:5f:90:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 17:42:47 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=49e1d5f45018f36e21baa1ca076633965b2208e8a7376327bf2adf212f66b02e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:71:bc:1a:a8:3d:33:8a:92:79:bc:1c:09:9d:
                    e3:45:75:ce:17:78:a3:2b:82:fe:f3:c9:f4:6b:aa:
                    87:8b:44:8d:d2:af:68:b8:92:6b:23:9a:61:12:c9:
                    d2:ab:66:15:e6:93:c1:e0:a4:94:29:c1:55:d6:f3:
                    f6:ed:1a:28:ce:67:49:f2:7e:34:c3:7c:14:82:42:
                    c1:41:b1:bc:a0:02:c4:c8:6e:b4:09:7b:4d:30:14:
                    ef:44:eb:93:e1:97:19:6a:08:d9:44:5e:b6:8b:3b:
                    c5:d5:fb:43:a0:a7:f6:a3:f5:83:17:72:09:f1:af:
                    a1:65:a6:18:c4:d9:dd:e5:10:a4:66:c8:21:7e:4e:
                    fc:cb:a0:6f:b4:78:b3:23:9b:cc:ec:88:85:81:da:
                    a2:1d:76:c3:b8:3c:ad:17:36:e4:eb:87:b7:d8:e3:
                    5e:7e:71:73:42:4d:83:23:39:06:fa:dc:e8:fd:36:
                    57:7c:6f:48:c3:76:2e:de:47:a4:ca:dc:0c:05:90:
                    f4:29:3e:e6:7c:a6:01:b8:b5:83:24:23:be:95:cb:
                    d2:f0:18:78:a4:c7:08:b0:ab:a0:45:0c:14:ff:30:
                    93:49:01:64:39:3e:ec:1f:b9:50:f7:77:58:08:da:
                    a4:84:65:ac:3c:d5:a2:f8:8c:96:55:50:f0:99:3c:
                    37:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:E3:FC:12:0D:84:64:A3:8A:D5:C6:2C:D6:F9:05:0F:5F:BD:86:BD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5e8dc870-a029-4c0b-af03-f7d00dd60108.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  71.152.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:b6:34:75:73:e9:bc:06:fa:42:1f:f4:ec:c6:6c:83:15:ab:
         2f:2a:a6:4a:0c:36:06:72:d1:6a:65:f9:c0:0f:a0:1b:ed:88:
         72:4b:b2:d7:bc:28:54:af:89:3d:34:dd:d0:81:c1:7a:95:6d:
         82:a4:9e:ff:ce:7f:c6:93:db:1a:1d:6f:ff:89:23:90:27:2b:
         46:63:63:5b:6b:48:49:47:35:0c:45:73:72:c9:b6:90:f6:b2:
         81:b3:c8:83:3d:04:95:4f:d7:49:7e:ae:a3:31:5e:fd:28:ad:
         93:36:92:fd:82:bb:89:c5:20:f0:d4:2c:87:ee:73:03:95:eb:
         03:6b:2e:aa:f8:94:32:5c:c6:a4:e0:45:42:90:fb:4a:30:6d:
         15:97:71:7d:d0:d1:2a:30:92:d5:5f:88:81:98:31:d9:9c:db:
         51:c8:de:a2:24:20:bc:3e:1c:93:0b:af:dd:03:98:47:6f:db:
         ba:b7:d8:30:7e:bb:0e:8d:b7:86:02:0c:c4:2d:a2:ee:8b:71:
         c6:e9:c3:89:4d:d8:2d:3b:04:d7:5c:0a:a1:be:1a:17:23:e4:
         b0:8d:c6:d2:59:60:00:a9:91:ef:5d:cb:59:96:d6:a6:c5:fa:
         80:61:33:d8:27:69:41:e5:a5:08:b1:ef:42:79:23:77:3a:5a:
         01:3a:da:e3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTqHZ8ioS/aJLFUrsT47I/YlfkPwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTc0MjQ3WhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0OWUxZDVmNDUwMThmMzZlMjFiYWExY2EwNzY2MzM5NjVi
MjIwOGU4YTczNzYzMjdiZjJhZGYyMTJmNjZiMDJlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDncbwaqD0zipJ5vBwJneNFdc4XeKMrgv7zyfRrqoeLRI3S
r2i4kmsjmmESydKrZhXmk8HgpJQpwVXW8/btGijOZ0nyfjTDfBSCQsFBsbygAsTI
brQJe00wFO9E65PhlxlqCNlEXraLO8XV+0Ogp/aj9YMXcgnxr6FlphjE2d3lEKRm
yCF+TvzLoG+0eLMjm8zsiIWB2qIddsO4PK0XNuTrh7fY415+cXNCTYMjOQb63Oj9
Nld8b0jDdi7eR6TK3AwFkPQpPuZ8pgG4tYMkI76Vy9LwGHikxwiwq6BFDBT/MJNJ
AWQ5PuwfuVD3d1gI2qSEZaw81aL4jJZVUPCZPDdJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvOP8Eg2EZKOK1cYs1vkFD1+9hr0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVlOGRjODcwLWEwMjktNGMwYi1hZjAzLWY3ZDAwZGQ2MDEwOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABHmC8wDQYJKoZIhvcNAQELBQADggEBAFS2NHVz6bwG+kIf9OzGbIMVqy8q
pkoMNgZy0Wpl+cAPoBvtiHJLste8KFSviT003dCBwXqVbYKknv/Of8aT2xodb/+J
I5AnK0ZjY1trSElHNQxFc3LJtpD2soGzyIM9BJVP10l+rqMxXv0orZM2kv2Cu4nF
IPDULIfucwOV6wNrLqr4lDJcxqTgRUKQ+0owbRWXcX3Q0SowktVfiIGYMdmc21HI
3qIkILw+HJMLr90DmEdv27q32DB+uw6Nt4YCDMQtou6Lccbpw4lN2C07BNdcCqG+
Ghcj5LCNxtJZYACpke9dy1mW1qbF+oBhM9gnaUHlpQix70J5I3c6WgE62uM=
-----END CERTIFICATE-----