Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/66c32367-8469-414b-b22c-ee4a9a320966.roa
File:                     66c32367-8469-414b-b22c-ee4a9a320966.roa (raw, json)
Hash identifier:          uc7I/ZasKAjE+w23UnYTGwrCOv4inJqe0HXC2QHR9WI=
Subject key identifier:   4B:DC:43:9B:1B:F2:DC:6E:A1:38:04:7A:E3:6A:F6:40:F4:81:6C:6F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       75B23D57D18295FB2DD0589BF02EFB809F18B573
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/66c32367-8469-414b-b22c-ee4a9a320966.roa
Signing time:             Fri 26 Sep 2025 00:13:22 +0000
ROA not before:           Fri 26 Sep 2025 00:13:22 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        167.65.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:b2:3d:57:d1:82:95:fb:2d:d0:58:9b:f0:2e:fb:80:9f:18:b5:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 26 00:13:22 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=11f864982059d0e25ea7b84dc754465ce5505d445252428736dce54aaa7e0de1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:fa:6a:39:19:c5:a5:8f:68:61:91:99:15:4f:
                    7c:dc:ac:a0:57:13:81:41:9a:d9:db:b8:b1:29:f2:
                    54:60:41:69:d8:4e:22:99:44:ce:77:e8:6d:5f:ba:
                    3c:db:94:a2:39:ec:6a:d9:93:92:3b:5d:7f:cd:d9:
                    9b:55:3f:87:e8:5d:f2:d8:db:6c:40:3a:af:a4:5f:
                    b4:02:1d:86:dc:b6:11:35:9b:35:ce:b1:8e:41:2d:
                    a1:a2:3a:a8:66:df:16:1f:a9:72:54:49:4f:4b:a3:
                    5f:19:70:7e:e5:6e:9e:c9:04:ea:1d:94:9c:3b:30:
                    b6:b1:41:b6:52:72:24:b4:fa:51:24:8e:18:fc:0a:
                    a7:dc:17:9a:b5:eb:ce:5f:49:72:58:67:53:f9:34:
                    af:ef:c0:f9:4f:c7:34:ec:6e:17:60:82:03:c8:54:
                    8a:36:e8:ba:96:22:95:6b:59:9e:2e:cc:d3:77:77:
                    78:d8:ed:3f:81:a8:50:0b:7a:08:86:2f:da:b9:b4:
                    21:2a:72:fc:01:14:b3:99:f8:b1:cd:26:17:ff:ee:
                    da:90:41:63:a6:28:c8:52:cf:3b:4e:d8:e0:cc:7e:
                    bf:48:f7:9b:b2:40:37:d9:85:48:69:e9:a7:6a:61:
                    37:6e:83:3c:80:7a:1f:c8:a9:21:13:4e:10:c7:11:
                    ea:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:DC:43:9B:1B:F2:DC:6E:A1:38:04:7A:E3:6A:F6:40:F4:81:6C:6F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/66c32367-8469-414b-b22c-ee4a9a320966.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.65.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         03:29:e6:6c:c8:7a:0a:61:96:0f:37:4a:8c:e7:9c:9a:81:3b:
         6d:73:88:95:9d:84:9a:4f:bb:51:7e:d3:7d:19:69:41:46:9c:
         be:b2:46:b9:a7:91:2e:83:00:0e:5e:33:1d:45:cb:56:21:d8:
         d6:ec:77:b3:1f:f1:1d:36:c3:25:28:7a:d5:a4:52:4d:f8:51:
         e6:f7:dd:a3:f1:0c:b5:1b:aa:59:ba:70:2c:2f:68:46:92:56:
         dc:d2:a5:68:cc:df:72:f3:0e:5c:92:8e:ab:c6:d5:17:2f:8d:
         28:2e:ad:ba:98:a2:06:5a:9e:34:5a:91:cf:86:e5:f1:b2:3a:
         6f:10:a2:dc:83:c4:0e:4c:50:98:ca:d3:84:3d:96:8f:b6:d2:
         7a:8c:72:b3:bf:95:cc:91:d2:9d:d6:10:f0:a5:2d:38:f4:e5:
         d4:a2:5a:bf:03:6b:a6:47:49:50:15:d7:5d:1c:1c:d6:b3:22:
         99:37:dc:86:00:36:52:19:5e:c2:52:44:ff:cd:97:9d:21:20:
         d6:df:75:19:a4:d3:21:05:6c:f7:6a:c2:82:26:98:1c:67:1c:
         79:ba:54:86:d9:fb:7d:04:39:b8:ff:83:17:2d:dd:19:47:7a:
         c8:ed:00:ed:d3:75:60:84:c3:96:32:d9:8c:a0:0d:73:f6:e7:
         66:7e:89:02
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdbI9V9GClfst0Fib8C77gJ8YtXMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI2MDAxMzIyWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMWY4NjQ5ODIwNTlkMGUyNWVhN2I4NGRjNzU0NDY1Y2U1
NTA1ZDQ0NTI1MjQyODczNmRjZTU0YWFhN2UwZGUxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCd+mo5GcWlj2hhkZkVT3zcrKBXE4FBmtnbuLEp8lRgQWnY
TiKZRM536G1fujzblKI57GrZk5I7XX/N2ZtVP4foXfLY22xAOq+kX7QCHYbcthE1
mzXOsY5BLaGiOqhm3xYfqXJUSU9Lo18ZcH7lbp7JBOodlJw7MLaxQbZSciS0+lEk
jhj8CqfcF5q1685fSXJYZ1P5NK/vwPlPxzTsbhdgggPIVIo26LqWIpVrWZ4uzNN3
d3jY7T+BqFALegiGL9q5tCEqcvwBFLOZ+LHNJhf/7tqQQWOmKMhSzztO2ODMfr9I
95uyQDfZhUhp6adqYTdugzyAeh/IqSETThDHEeotAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUS9xDmxvy3G6hOAR642r2QPSBbG8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY2YzMyMzY3LTg0NjktNDE0Yi1iMjJjLWVlNGE5YTMyMDk2Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCnQTANBgkqhkiG9w0BAQsFAAOCAQEAAynmbMh6CmGWDzdKjOecmoE7bXOI
lZ2Emk+7UX7TfRlpQUacvrJGuaeRLoMADl4zHUXLViHY1ux3sx/xHTbDJSh61aRS
TfhR5vfdo/EMtRuqWbpwLC9oRpJW3NKlaMzfcvMOXJKOq8bVFy+NKC6tupiiBlqe
NFqRz4bl8bI6bxCi3IPEDkxQmMrThD2Wj7bSeoxys7+VzJHSndYQ8KUtOPTl1KJa
vwNrpkdJUBXXXRwc1rMimTfchgA2UhlewlJE/82XnSEg1t91GaTTIQVs92rCgiaY
HGccebpUhtn7fQQ5uP+DFy3dGUd6yO0A7dN1YITDljLZjKANc/bnZn6JAg==
-----END CERTIFICATE-----