Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a128055-89f2-4d33-91a5-5d6fcff45064.roa
File:                     6a128055-89f2-4d33-91a5-5d6fcff45064.roa (raw, json)
Hash identifier:          YxyX3MqQR+pdFGzdz0zl+W+MKDfLt8JQ6gbQX/1+UEY=
Subject key identifier:   F6:99:C7:ED:1B:7F:77:42:D9:5D:15:3A:EE:A9:31:1B:1A:C2:AB:0F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0A8304D287B36B9D3C192A7DC4B8F7F5498DE89B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a128055-89f2-4d33-91a5-5d6fcff45064.roa
Signing time:             Tue 07 Oct 2025 00:41:11 +0000
ROA not before:           Tue 07 Oct 2025 00:41:11 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        209.177.32.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:83:04:d2:87:b3:6b:9d:3c:19:2a:7d:c4:b8:f7:f5:49:8d:e8:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:41:11 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=8f8d9ff369afe9325250f23a191ef48fa5a399e4f3d227c811ca8b8ae01d3d26, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:28:34:21:2c:45:59:ef:55:42:2b:d9:2c:9c:
                    89:ae:d1:87:11:91:10:d8:45:04:68:96:37:df:5a:
                    f1:16:7c:56:73:a7:b3:e6:3e:9d:1c:08:17:6d:ed:
                    db:2d:07:7a:98:c1:75:6d:5c:97:cd:15:6d:37:1d:
                    08:1a:f7:42:4b:a2:43:ce:02:0b:56:ef:be:27:cf:
                    dc:c5:ac:67:76:85:fd:af:7a:f0:f9:6b:60:c5:07:
                    57:fc:91:f8:61:8b:77:94:b6:31:e9:28:08:13:c0:
                    f3:9f:3a:bb:c5:ae:85:4c:b5:ad:24:41:36:d0:22:
                    da:a4:96:23:57:96:0e:46:32:9a:f4:0b:0b:88:2d:
                    18:4f:35:1b:0a:03:2f:12:72:8a:4c:db:89:63:b2:
                    de:19:5b:9c:51:69:15:05:e8:d2:7e:6d:64:0f:88:
                    2f:20:cf:95:53:39:e6:06:4f:01:dd:37:8c:f0:68:
                    00:fc:34:b9:cf:67:11:e5:2c:70:0f:dd:c6:83:68:
                    c5:6c:af:b7:f5:06:12:6c:ed:8c:5c:53:e9:97:7a:
                    15:67:ce:00:02:b6:eb:cc:be:d3:35:65:0f:0a:9c:
                    1a:31:a4:28:5c:33:7a:fe:76:2b:c7:40:06:34:30:
                    6e:df:58:0e:c8:b5:c9:3d:55:d7:59:18:51:81:47:
                    4a:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:99:C7:ED:1B:7F:77:42:D9:5D:15:3A:EE:A9:31:1B:1A:C2:AB:0F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a128055-89f2-4d33-91a5-5d6fcff45064.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.177.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         83:b7:51:1e:f1:62:e9:05:e9:53:56:25:fb:ce:1b:3c:f7:72:
         f7:8d:7d:07:c0:1f:40:23:1f:a4:01:75:ee:97:22:a6:c6:28:
         b8:2f:c1:b0:cc:fe:1f:dd:29:10:14:9c:1f:7a:3b:b2:8e:ff:
         6d:1f:94:cd:56:8b:b2:95:20:88:0c:41:44:9b:de:d9:a6:f5:
         b5:2d:81:8a:3b:e4:a6:ca:29:68:36:59:4b:f4:34:5e:a5:31:
         e7:91:f3:97:64:9c:38:1d:36:34:e6:c1:d7:32:d7:ee:31:09:
         d0:80:ab:29:e6:08:5b:a4:b1:b3:7a:f9:0e:29:35:73:da:cc:
         97:65:be:47:92:bd:e0:ab:e1:73:9f:c7:9e:2d:00:1f:fb:8f:
         2e:50:e3:22:ce:65:ad:27:c2:cb:25:49:52:81:cf:4e:1d:51:
         0e:96:b2:b5:13:ab:0e:5c:7f:37:98:32:e6:c3:e8:64:16:02:
         3f:5f:9f:22:13:6b:b7:6b:ae:46:77:d4:50:d6:ea:f6:c5:bd:
         92:ac:7a:5c:4e:2f:cf:76:cf:b0:64:ac:32:c3:07:02:51:23:
         25:3b:61:83:ea:73:6b:af:9c:a6:0d:a2:6c:47:51:45:c9:22:
         71:9d:29:9f:16:54:99:96:73:ff:f2:aa:3c:ab:72:89:a0:ab:
         02:ff:43:e0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCoME0oeza508GSp9xLj39UmN6JswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDA0MTExWhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZjhkOWZmMzY5YWZlOTMyNTI1MGYyM2ExOTFlZjQ4ZmE1
YTM5OWU0ZjNkMjI3YzgxMWNhOGI4YWUwMWQzZDI2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLKDQhLEVZ71VCK9ksnImu0YcRkRDYRQRoljffWvEWfFZz
p7PmPp0cCBdt7dstB3qYwXVtXJfNFW03HQga90JLokPOAgtW774nz9zFrGd2hf2v
evD5a2DFB1f8kfhhi3eUtjHpKAgTwPOfOrvFroVMta0kQTbQItqkliNXlg5GMpr0
CwuILRhPNRsKAy8ScopM24ljst4ZW5xRaRUF6NJ+bWQPiC8gz5VTOeYGTwHdN4zw
aAD8NLnPZxHlLHAP3caDaMVsr7f1BhJs7YxcU+mXehVnzgACtuvMvtM1ZQ8KnBox
pChcM3r+divHQAY0MG7fWA7Itck9VddZGFGBR0ozAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9pnH7Rt/d0LZXRU67qkxGxrCqw8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZhMTI4MDU1LTg5ZjItNGQzMy05MWE1LTVkNmZjZmY0NTA2NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXRsSAwDQYJKoZIhvcNAQELBQADggEBAIO3UR7xYukF6VNWJfvOGzz3cveN
fQfAH0AjH6QBde6XIqbGKLgvwbDM/h/dKRAUnB96O7KO/20flM1Wi7KVIIgMQUSb
3tmm9bUtgYo75KbKKWg2WUv0NF6lMeeR85dknDgdNjTmwdcy1+4xCdCAqynmCFuk
sbN6+Q4pNXPazJdlvkeSveCr4XOfx54tAB/7jy5Q4yLOZa0nwsslSVKBz04dUQ6W
srUTqw5cfzeYMubD6GQWAj9fnyITa7drrkZ31FDW6vbFvZKselxOL892z7BkrDLD
BwJRIyU7YYPqc2uvnKYNomxHUUXJInGdKZ8WVJmWc//yqjyrcomgqwL/Q+A=
-----END CERTIFICATE-----