Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5ec3d9fb-97af-4d5a-9505-babad7d3b04b.roa
File:                     5ec3d9fb-97af-4d5a-9505-babad7d3b04b.roa (raw, json)
Hash identifier:          zdEHr/nqk9J8iRZiQvHCUTtP6Z5O7bpVNoYVojlkVuY=
Subject key identifier:   58:4A:F6:7C:D6:3C:EC:DD:FC:12:17:40:BF:15:14:7F:57:0B:DB:3E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       66391F94AEEB7222178AF9CF5220897F0DD48D04
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5ec3d9fb-97af-4d5a-9505-babad7d3b04b.roa
Signing time:             Tue 07 Oct 2025 00:41:13 +0000
ROA not before:           Tue 07 Oct 2025 00:41:13 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        209.92.128.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:39:1f:94:ae:eb:72:22:17:8a:f9:cf:52:20:89:7f:0d:d4:8d:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:41:13 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=9aebc1c5bf74e2da17086ca1483939321b89278d265e061d6ba1b44c9328e5be, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ec:08:c8:63:be:85:f6:42:cf:16:e3:3e:f0:
                    dd:fc:1f:5e:65:af:15:41:18:0f:b3:2d:0c:24:4a:
                    bc:67:c9:a6:d8:aa:1d:ab:40:de:6e:71:1a:dd:8f:
                    cc:bd:9e:89:d5:0d:7d:e8:97:76:49:76:71:9a:04:
                    22:83:3f:2b:0f:bc:2c:c9:82:10:61:c8:50:d1:70:
                    fb:9f:c8:75:ea:ee:5f:6c:b1:a1:34:cc:11:e7:db:
                    df:0f:4f:64:9d:0b:00:28:42:f7:5b:3e:41:30:08:
                    a3:1c:c6:27:aa:09:67:e0:b9:92:a0:f2:65:90:6a:
                    19:f9:d5:a9:06:0f:8d:16:15:ca:e4:cb:00:f6:3d:
                    9d:b9:56:b7:c1:81:ad:9b:f2:66:64:3c:57:5f:a8:
                    3a:3d:6f:fe:2c:59:6a:b3:80:fb:8b:94:e0:6f:b2:
                    dd:cf:86:94:0f:41:a5:66:81:77:c2:af:bb:eb:4e:
                    88:90:5d:c4:dd:61:0f:db:70:fb:18:74:30:f2:a9:
                    74:31:4c:74:3e:3c:c5:88:71:fd:02:ad:d8:15:fb:
                    3a:d6:d7:89:01:6a:d2:85:f1:96:f3:49:a0:ee:70:
                    c7:46:96:cd:4b:f9:ee:7c:0d:75:20:a3:54:8a:ad:
                    15:ed:7e:e2:58:07:d6:27:22:e8:0f:a0:4b:ec:3f:
                    c5:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:4A:F6:7C:D6:3C:EC:DD:FC:12:17:40:BF:15:14:7F:57:0B:DB:3E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5ec3d9fb-97af-4d5a-9505-babad7d3b04b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.92.128.0/21

    Signature Algorithm: sha256WithRSAEncryption
         53:10:b3:58:4f:b2:66:51:5d:c6:21:88:d5:d8:a5:95:60:b3:
         05:a2:96:a5:e6:81:d8:19:69:62:c0:ee:dc:96:a9:d9:a0:e6:
         1d:35:6d:c3:ee:dc:68:03:3e:80:2d:fd:12:7c:9d:84:10:57:
         45:32:34:b7:e8:85:e3:7e:62:02:42:39:b0:02:4c:8b:26:7a:
         ad:af:88:38:29:0b:de:58:0f:20:16:09:2b:bc:72:31:76:fb:
         d6:b3:1e:92:6c:39:8a:42:15:cb:dd:20:70:a3:89:dc:88:f0:
         7d:55:19:e6:11:53:45:47:b4:3a:9d:66:9e:64:86:a9:41:f6:
         e9:44:9b:f8:00:71:98:fb:26:ae:a3:d8:53:9c:4f:94:25:2a:
         b2:a0:89:54:18:75:61:3e:50:2a:b2:ac:af:06:29:c7:85:c5:
         4c:9c:d4:f6:95:95:9a:b1:78:6a:1c:68:3e:c9:13:67:ef:07:
         9c:88:03:2b:c3:eb:50:3a:fa:aa:3a:c1:a7:4a:09:e2:1f:61:
         1d:1b:5d:23:8e:bb:35:80:50:96:e3:17:b4:53:37:f5:35:21:
         10:17:6e:c1:ae:d8:cf:f1:03:63:8e:75:42:ec:da:c0:68:bc:
         c6:0b:51:48:cb:12:35:57:08:0d:15:ee:10:9d:1f:e5:9d:9b:
         e7:03:09:2d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZjkflK7rciIXivnPUiCJfw3UjQQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDA0MTEzWhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0A5YWViYzFjNWJmNzRlMmRhMTcwODZjYTE0ODM5MzkzMjFi
ODkyNzhkMjY1ZTA2MWQ2YmExYjQ0YzkzMjhlNWJlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCd7AjIY76F9kLPFuM+8N38H15lrxVBGA+zLQwkSrxnyabY
qh2rQN5ucRrdj8y9nonVDX3ol3ZJdnGaBCKDPysPvCzJghBhyFDRcPufyHXq7l9s
saE0zBHn298PT2SdCwAoQvdbPkEwCKMcxieqCWfguZKg8mWQahn51akGD40WFcrk
ywD2PZ25VrfBga2b8mZkPFdfqDo9b/4sWWqzgPuLlOBvst3PhpQPQaVmgXfCr7vr
ToiQXcTdYQ/bcPsYdDDyqXQxTHQ+PMWIcf0CrdgV+zrW14kBatKF8ZbzSaDucMdG
ls1L+e58DXUgo1SKrRXtfuJYB9YnIugPoEvsP8XZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWEr2fNY87N38EhdAvxUUf1cL2z4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVlYzNkOWZiLTk3YWYtNGQ1YS05NTA1LWJhYmFkN2QzYjA0Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPRXIAwDQYJKoZIhvcNAQELBQADggEBAFMQs1hPsmZRXcYhiNXYpZVgswWi
lqXmgdgZaWLA7tyWqdmg5h01bcPu3GgDPoAt/RJ8nYQQV0UyNLfoheN+YgJCObAC
TIsmeq2viDgpC95YDyAWCSu8cjF2+9azHpJsOYpCFcvdIHCjidyI8H1VGeYRU0VH
tDqdZp5khqlB9ulEm/gAcZj7Jq6j2FOcT5QlKrKgiVQYdWE+UCqyrK8GKceFxUyc
1PaVlZqxeGocaD7JE2fvB5yIAyvD61A6+qo6wadKCeIfYR0bXSOOuzWAUJbjF7RT
N/U1IRAXbsGu2M/xA2OOdULs2sBovMYLUUjLEjVXCA0V7hCdH+Wdm+cDCS0=
-----END CERTIFICATE-----