Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68a24b5b-7350-4b9e-9e54-e1da8bc9177e.roa
File:                     68a24b5b-7350-4b9e-9e54-e1da8bc9177e.roa (raw, json)
Hash identifier:          3zwfUcUfIn99TLlAZsLrNOtvyLl+8tNSS3jgg89ofG8=
Subject key identifier:   6E:B7:D9:A9:C3:C4:41:45:D9:30:C0:6E:BD:1E:71:0E:1B:2D:EE:BF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       753E07403F755C8940921252CCD126651312BF4A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68a24b5b-7350-4b9e-9e54-e1da8bc9177e.roa
Signing time:             Fri 03 Oct 2025 00:43:00 +0000
ROA not before:           Fri 03 Oct 2025 00:43:00 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        96.0.152.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:3e:07:40:3f:75:5c:89:40:92:12:52:cc:d1:26:65:13:12:bf:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:43:00 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=29c66aae01d99ffe8cffbe2ada846e597a20661cabc3b54e0edb378c15a6fe1e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f4:b6:60:4a:65:ed:e7:79:12:d1:53:39:39:
                    cd:db:19:9e:69:06:b2:4d:8d:50:ef:a0:71:b7:04:
                    18:23:79:61:4b:d8:bf:42:53:e5:6a:9c:9a:36:a4:
                    cb:fc:2a:68:ec:93:9f:35:cc:d0:e8:e9:d9:0e:cc:
                    96:7c:ae:93:60:29:7c:b1:aa:e2:eb:8b:aa:28:ab:
                    ad:44:23:74:2e:85:40:96:c5:ec:ed:c3:ee:cb:7e:
                    b2:08:60:b2:d5:c0:b1:4f:e1:2d:71:d0:ae:4f:f0:
                    e4:09:9a:16:dc:25:b9:de:62:fa:fe:49:11:28:6f:
                    0c:b9:86:01:05:ea:36:96:80:6b:36:6b:a8:84:1d:
                    94:62:0f:51:55:a0:37:00:5b:b1:ab:84:60:1c:f2:
                    f2:13:a3:24:7f:65:59:0b:cd:cf:f9:f4:46:e7:17:
                    55:67:8a:0a:72:22:ce:2a:b7:fe:07:07:b0:9b:9d:
                    51:ba:8f:10:66:66:02:78:5a:cc:09:79:c8:0d:89:
                    57:bc:c2:19:0b:8d:94:b7:98:8a:e2:1e:1d:86:13:
                    56:15:20:be:7e:67:09:33:c1:d8:e6:a3:bc:60:d0:
                    d4:6c:ee:24:44:a0:5d:9a:a1:db:e5:f2:e3:ed:ca:
                    1c:b1:d0:1e:98:1b:24:5d:4d:d8:27:82:42:3a:f1:
                    f0:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:B7:D9:A9:C3:C4:41:45:D9:30:C0:6E:BD:1E:71:0E:1B:2D:EE:BF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68a24b5b-7350-4b9e-9e54-e1da8bc9177e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.0.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         cb:96:e2:2d:0d:68:72:df:d8:ec:eb:5d:2d:0f:89:33:f4:9a:
         ab:4a:c0:c1:4d:bb:e9:5f:80:d6:14:61:67:4c:b3:71:2f:f3:
         88:f1:11:50:bb:b5:69:7e:08:94:7a:69:41:72:3a:79:f7:a9:
         9f:5f:80:a8:b9:a3:f6:17:87:d9:21:10:70:b3:a2:c8:0a:61:
         d2:7c:57:6d:30:1d:85:4e:92:61:4e:59:f6:4c:45:e8:df:9a:
         0a:ae:e9:fa:1c:70:4b:dc:40:79:e2:c1:d4:77:75:ea:05:b0:
         cd:e7:3d:46:4c:28:8b:61:69:cb:52:b4:f8:ca:64:5b:04:d3:
         5e:eb:c5:8d:3f:18:d9:28:ed:67:d6:54:42:9c:38:4f:cd:54:
         5c:d3:69:16:a6:cb:bb:05:e5:13:cd:51:4a:80:81:bc:02:05:
         6a:d7:06:13:43:63:82:fb:dd:13:f5:58:02:5b:3f:7a:7c:f8:
         46:ce:b3:ca:8d:c3:65:9e:e0:90:4a:3e:1d:1f:39:49:00:75:
         cd:fe:2c:9d:7b:44:58:e4:c0:6b:bd:b5:77:3c:d2:25:17:46:
         d1:86:f6:0a:16:d9:e6:65:80:bb:3b:4a:02:de:1c:6b:ea:02:
         4e:4a:d4:46:95:7e:e4:84:3d:66:57:9d:1a:ff:d5:e3:9e:76:
         9d:48:86:84
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdT4HQD91XIlAkhJSzNEmZRMSv0owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDA0MzAwWhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyOWM2NmFhZTAxZDk5ZmZlOGNmZmJlMmFkYTg0NmU1OTdh
MjA2NjFjYWJjM2I1NGUwZWRiMzc4YzE1YTZmZTFlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCv9LZgSmXt53kS0VM5Oc3bGZ5pBrJNjVDvoHG3BBgjeWFL
2L9CU+VqnJo2pMv8Kmjsk581zNDo6dkOzJZ8rpNgKXyxquLri6ooq61EI3QuhUCW
xeztw+7LfrIIYLLVwLFP4S1x0K5P8OQJmhbcJbneYvr+SREobwy5hgEF6jaWgGs2
a6iEHZRiD1FVoDcAW7GrhGAc8vIToyR/ZVkLzc/59EbnF1VnigpyIs4qt/4HB7Cb
nVG6jxBmZgJ4WswJecgNiVe8whkLjZS3mIriHh2GE1YVIL5+Zwkzwdjmo7xg0NRs
7iREoF2aodvl8uPtyhyx0B6YGyRdTdgngkI68fBvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbrfZqcPEQUXZMMBuvR5xDhst7r8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY4YTI0YjViLTczNTAtNGI5ZS05ZTU0LWUxZGE4YmM5MTc3ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANgAJgwDQYJKoZIhvcNAQELBQADggEBAMuW4i0NaHLf2OzrXS0PiTP0mqtK
wMFNu+lfgNYUYWdMs3Ev84jxEVC7tWl+CJR6aUFyOnn3qZ9fgKi5o/YXh9khEHCz
osgKYdJ8V20wHYVOkmFOWfZMRejfmgqu6foccEvcQHniwdR3deoFsM3nPUZMKIth
actStPjKZFsE017rxY0/GNko7WfWVEKcOE/NVFzTaRamy7sF5RPNUUqAgbwCBWrX
BhNDY4L73RP1WAJbP3p8+EbOs8qNw2We4JBKPh0fOUkAdc3+LJ17RFjkwGu9tXc8
0iUXRtGG9goW2eZlgLs7SgLeHGvqAk5K1EaVfuSEPWZXnRr/1eOedp1IhoQ=
-----END CERTIFICATE-----