Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6205efa3-adeb-4c79-a841-af02822a7d3f.roa
File:                     6205efa3-adeb-4c79-a841-af02822a7d3f.roa (raw, json)
Hash identifier:          c1Gc+mB8ZbAFybX7ofltIC8X64kudEsXFWq/DL7VD5c=
Subject key identifier:   A7:E6:1E:CB:CC:21:18:36:1D:3C:0A:C2:1C:3B:F1:8B:F3:4F:ED:55
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7F25AC870E7D97873284860F68BC847679D91961
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6205efa3-adeb-4c79-a841-af02822a7d3f.roa
Signing time:             Wed 08 Oct 2025 00:22:16 +0000
ROA not before:           Wed 08 Oct 2025 00:22:16 +0000
ROA not after:            Wed 12 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        66.152.0.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:25:ac:87:0e:7d:97:87:32:84:86:0f:68:bc:84:76:79:d9:19:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  8 00:22:16 2025 GMT
            Not After : Nov 12 23:59:59 2025 GMT
        Subject: serialNumber=9b8ffc3a854d93d5294cafb600c98748e0ee42e53e22de140ff62b2d8880427f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:2b:76:6e:16:34:2c:b5:65:f6:a6:85:c4:1e:
                    5e:4b:03:33:53:54:7b:67:8a:b1:bb:10:3e:3f:73:
                    e2:ed:d9:a5:c6:e3:aa:bc:c7:cc:5f:a1:f8:60:6c:
                    9e:ce:80:31:4b:66:40:5b:b7:3e:3c:eb:50:01:eb:
                    d6:41:75:98:8f:73:4a:0d:25:c1:e4:8b:11:fc:3c:
                    d2:32:7c:3c:2a:2a:09:24:63:ef:7b:cf:64:ab:43:
                    68:49:a6:83:c4:59:c9:ab:9d:0d:4f:9a:d1:e9:e2:
                    10:b5:36:bd:37:6a:66:22:5d:fe:b4:6b:90:10:72:
                    47:b0:62:17:76:1c:b5:84:d6:15:e3:c8:c0:b3:60:
                    64:1e:d2:94:0f:37:8f:e2:ca:0d:36:90:e0:6d:d5:
                    6a:19:2c:5e:d8:5e:51:25:80:15:27:85:1f:63:0b:
                    91:21:9c:01:75:e7:e8:8a:c2:af:27:14:79:fb:50:
                    69:3c:88:25:78:48:0c:ca:53:4b:be:e8:e2:5e:be:
                    ff:bf:e4:76:1e:c0:00:92:a4:ff:f8:0d:f7:47:70:
                    63:6b:55:25:3d:0f:fa:a7:c0:1b:aa:5b:9c:3c:ab:
                    51:14:2b:74:b2:26:6e:5e:13:8b:e0:b9:fa:b6:2a:
                    e2:13:ab:5f:6e:bd:d7:f2:0b:3e:07:03:9e:4b:d3:
                    e8:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:E6:1E:CB:CC:21:18:36:1D:3C:0A:C2:1C:3B:F1:8B:F3:4F:ED:55
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6205efa3-adeb-4c79-a841-af02822a7d3f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.152.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         67:c4:11:71:a7:53:58:d8:17:8f:ed:d1:2e:40:3a:dd:47:dd:
         63:41:71:4c:e1:56:87:61:60:c8:e0:f0:66:7c:20:bc:63:af:
         aa:fa:ab:93:51:a6:df:5e:49:7c:7f:03:b8:b1:10:fa:4f:37:
         35:ac:3c:9f:12:46:72:e1:04:f1:ed:9b:29:78:c1:48:e9:07:
         e8:61:4d:10:d6:31:3f:e2:ed:a2:e1:91:bd:81:aa:71:ad:dc:
         83:4d:52:09:bd:7d:b2:24:5d:7e:ae:c3:84:2d:ae:98:ef:36:
         da:e3:2e:8e:22:ae:c2:06:ec:2e:c2:73:41:be:8e:b3:62:32:
         e6:69:7f:24:a0:75:19:69:fe:ff:cd:13:95:7a:8f:1b:f5:cc:
         8e:93:d1:59:7d:40:3d:83:6b:36:e5:7a:8b:7f:91:53:5c:f1:
         4e:71:ca:84:5b:53:3e:1b:2b:10:81:3c:f7:8c:8e:35:36:26:
         ce:80:45:15:22:be:d0:de:c4:64:a4:c0:e5:5b:cd:fe:d5:04:
         80:72:50:bc:58:d2:bd:87:0c:51:13:9e:0a:e9:15:c4:86:5e:
         08:e1:6a:92:da:dc:e2:00:f0:0a:96:b1:b7:62:13:b0:ec:cb:
         5f:04:18:f8:09:88:86:91:a0:61:70:f8:d1:b6:3c:6b:ea:02:
         e7:cb:76:99
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfyWshw59l4cyhIYPaLyEdnnZGWEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA4MDAyMjE2WhcNMjUxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5YjhmZmMzYTg1NGQ5M2Q1Mjk0Y2FmYjYwMGM5ODc0OGUw
ZWU0MmU1M2UyMmRlMTQwZmY2MmIyZDg4ODA0MjdmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCXK3ZuFjQstWX2poXEHl5LAzNTVHtnirG7ED4/c+Lt2aXG
46q8x8xfofhgbJ7OgDFLZkBbtz4861AB69ZBdZiPc0oNJcHkixH8PNIyfDwqKgkk
Y+97z2SrQ2hJpoPEWcmrnQ1PmtHp4hC1Nr03amYiXf60a5AQckewYhd2HLWE1hXj
yMCzYGQe0pQPN4/iyg02kOBt1WoZLF7YXlElgBUnhR9jC5EhnAF15+iKwq8nFHn7
UGk8iCV4SAzKU0u+6OJevv+/5HYewACSpP/4DfdHcGNrVSU9D/qnwBuqW5w8q1EU
K3SyJm5eE4vgufq2KuITq19uvdfyCz4HA55L0+ipAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUp+Yey8whGDYdPArCHDvxi/NP7VUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYyMDVlZmEzLWFkZWItNGM3OS1hODQxLWFmMDI4MjJhN2QzZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZCmAAwDQYJKoZIhvcNAQELBQADggEBAGfEEXGnU1jYF4/t0S5AOt1H3WNB
cUzhVodhYMjg8GZ8ILxjr6r6q5NRpt9eSXx/A7ixEPpPNzWsPJ8SRnLhBPHtmyl4
wUjpB+hhTRDWMT/i7aLhkb2BqnGt3INNUgm9fbIkXX6uw4QtrpjvNtrjLo4irsIG
7C7Cc0G+jrNiMuZpfySgdRlp/v/NE5V6jxv1zI6T0Vl9QD2Dazbleot/kVNc8U5x
yoRbUz4bKxCBPPeMjjU2Js6ARRUivtDexGSkwOVbzf7VBIByULxY0r2HDFETngrp
FcSGXgjhapLa3OIA8AqWsbdiE7Dsy18EGPgJiIaRoGFw+NG2PGvqAufLdpk=
-----END CERTIFICATE-----