Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6fcd84a1-3134-4005-9224-b48d476c9564.roa
File:                     6fcd84a1-3134-4005-9224-b48d476c9564.roa (raw, json)
Hash identifier:          t/iEEVi0Kb9MA5alYpI4ktCIvbc4BBwK7P9+fzp88U4=
Subject key identifier:   C7:2E:B4:AA:CD:00:AA:90:C5:61:52:AB:F6:46:AE:2A:DC:2C:31:25
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       04776D7B17D82AB763B424CF238082738A977AD9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6fcd84a1-3134-4005-9224-b48d476c9564.roa
Signing time:             Wed 01 Oct 2025 00:41:56 +0000
ROA not before:           Wed 01 Oct 2025 00:41:56 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.113.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:77:6d:7b:17:d8:2a:b7:63:b4:24:cf:23:80:82:73:8a:97:7a:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:41:56 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=75431e212b56a5168c2735eead767592a0003cac86f82b23541a9ed50da74843, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:53:ae:58:cf:1f:0c:c1:ad:0a:a7:3c:a0:a4:
                    d7:50:9f:00:4b:ad:a5:b1:a2:b8:dd:c6:9f:c3:61:
                    43:ab:63:cf:27:bd:46:c1:a2:bd:27:23:ac:eb:1c:
                    db:ab:dd:43:6d:09:a7:85:42:4e:af:35:3b:2c:54:
                    5d:21:5b:74:60:6a:25:d3:59:5a:46:41:05:9b:53:
                    06:ac:eb:14:d4:96:ed:5d:a3:0a:53:ed:88:f9:82:
                    3a:bb:fb:69:be:5c:e9:a3:ca:21:90:32:f2:7f:53:
                    83:36:99:45:31:b9:3d:2a:9b:7b:ca:f3:63:9e:75:
                    26:37:e5:37:15:b4:65:c3:78:08:dc:30:1e:f0:bb:
                    8f:a3:3c:28:93:e2:dc:90:72:05:8a:5a:60:ef:0e:
                    87:63:6a:71:39:d8:e9:6f:76:60:e6:62:96:11:1a:
                    89:67:8d:45:02:40:ff:fc:21:26:54:ea:33:20:66:
                    2c:e6:d4:ce:d3:dd:b2:69:30:b3:3c:aa:11:4b:40:
                    0f:22:20:96:1a:bd:50:b7:da:1b:d3:3b:3a:ad:8f:
                    91:39:79:bd:f3:25:05:b8:8f:92:bf:ef:79:ff:5d:
                    ad:32:6c:72:2b:4c:85:2b:3f:2e:33:a5:4f:b9:9d:
                    6c:2b:40:cc:16:bb:19:3e:f3:c1:d4:81:b7:f9:1b:
                    31:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:2E:B4:AA:CD:00:AA:90:C5:61:52:AB:F6:46:AE:2A:DC:2C:31:25
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6fcd84a1-3134-4005-9224-b48d476c9564.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:86:13:38:c2:94:c5:d4:6d:ab:8d:9f:b9:f8:e8:c6:2d:14:
         d4:28:97:6e:cb:39:46:fe:ac:6e:b9:00:e4:15:37:4c:c5:49:
         3c:1a:c9:9d:57:52:40:92:a3:d2:14:a9:9c:fc:9e:23:5f:ac:
         c9:7f:6f:71:ef:0a:15:2a:05:32:85:ee:fa:96:13:63:71:01:
         e5:fa:ab:67:58:6e:e1:88:5b:fc:ea:45:e9:2d:67:a7:fb:3a:
         07:09:4d:d9:00:13:d1:56:0d:65:c0:cb:db:da:1c:f8:05:a9:
         9c:6e:3e:34:fc:1f:4f:ff:95:79:f3:c0:0d:aa:46:e2:f1:02:
         60:5c:8b:db:cc:e5:e7:67:af:77:a2:7c:74:c8:39:5a:77:28:
         12:2a:71:ed:6e:d3:78:81:6e:d0:2d:07:15:e9:e0:c5:59:30:
         80:c7:e9:90:c6:aa:8d:ca:b7:68:4b:19:e0:41:1a:d7:6a:36:
         5c:3a:9e:54:b1:85:79:c2:f9:ee:87:fd:ea:2e:26:15:7e:98:
         fa:20:c7:d9:be:cc:7c:3a:cc:e3:d6:a2:4b:d6:fe:55:b7:02:
         ee:8e:28:5d:4c:2d:94:9f:4a:b1:c4:e1:a8:7f:ac:ae:8c:bf:
         f0:c1:1d:ba:a9:a6:78:43:ba:77:d7:30:88:1a:cc:99:b9:72:
         6f:63:b6:08
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBHdtexfYKrdjtCTPI4CCc4qXetkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDA0MTU2WhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NTQzMWUyMTJiNTZhNTE2OGMyNzM1ZWVhZDc2NzU5MmEw
MDAzY2FjODZmODJiMjM1NDFhOWVkNTBkYTc0ODQzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDU65Yzx8Mwa0KpzygpNdQnwBLraWxorjdxp/DYUOrY88n
vUbBor0nI6zrHNur3UNtCaeFQk6vNTssVF0hW3RgaiXTWVpGQQWbUwas6xTUlu1d
owpT7Yj5gjq7+2m+XOmjyiGQMvJ/U4M2mUUxuT0qm3vK82OedSY35TcVtGXDeAjc
MB7wu4+jPCiT4tyQcgWKWmDvDodjanE52OlvdmDmYpYRGolnjUUCQP/8ISZU6jMg
Zizm1M7T3bJpMLM8qhFLQA8iIJYavVC32hvTOzqtj5E5eb3zJQW4j5K/73n/Xa0y
bHIrTIUrPy4zpU+5nWwrQMwWuxk+88HUgbf5GzHdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxy60qs0AqpDFYVKr9kauKtwsMSUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZmY2Q4NGExLTMxMzQtNDAwNS05MjI0LWI0OGQ0NzZjOTU2NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/HEwDQYJKoZIhvcNAQELBQADggEBAMGGEzjClMXUbauNn7n46MYtFNQo
l27LOUb+rG65AOQVN0zFSTwayZ1XUkCSo9IUqZz8niNfrMl/b3HvChUqBTKF7vqW
E2NxAeX6q2dYbuGIW/zqRektZ6f7OgcJTdkAE9FWDWXAy9vaHPgFqZxuPjT8H0//
lXnzwA2qRuLxAmBci9vM5ednr3eifHTIOVp3KBIqce1u03iBbtAtBxXp4MVZMIDH
6ZDGqo3Kt2hLGeBBGtdqNlw6nlSxhXnC+e6H/eouJhV+mPogx9m+zHw6zOPWokvW
/lW3Au6OKF1MLZSfSrHE4ah/rK6Mv/DBHbqppnhDunfXMIgazJm5cm9jtgg=
-----END CERTIFICATE-----