Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/705338a3-c121-4cfc-8da1-351146f2216a.roa
File:                     705338a3-c121-4cfc-8da1-351146f2216a.roa (raw, json)
Hash identifier:          3zlYUZiyyo3HTdr49460+qo7TB0+FrZSejwkIf1De0Q=
Subject key identifier:   F1:A7:9D:9F:7A:46:95:87:CC:16:05:80:90:D5:9B:B0:79:8F:46:26
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3DCE8D7648415CBABBEA0105411D843589989C73
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/705338a3-c121-4cfc-8da1-351146f2216a.roa
Signing time:             Tue 14 Oct 2025 17:52:37 +0000
ROA not before:           Tue 14 Oct 2025 17:52:37 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        71.152.9.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:ce:8d:76:48:41:5c:ba:bb:ea:01:05:41:1d:84:35:89:98:9c:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 17:52:37 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=3c6c967a97e3f23a5215b28be5f1bed0f2b28499e8483a4d7d8457ca165d0b4a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:fc:39:48:1e:1b:80:2a:65:4c:53:86:c5:8c:
                    1c:d6:ae:ec:91:12:3d:c4:97:4f:c6:dd:6e:9e:ab:
                    c5:3e:9b:b7:a1:9a:b1:4e:57:06:3a:ec:fc:77:ac:
                    62:4d:58:df:4d:f8:53:6d:37:ee:86:d8:1d:15:7a:
                    d1:ef:67:73:47:1f:8b:55:93:b7:04:19:5c:62:73:
                    b3:e7:d4:43:0e:0c:e5:39:c6:6f:ca:a9:ea:75:1d:
                    f7:af:11:2f:cc:d8:e9:f0:54:6c:e1:14:12:26:80:
                    17:01:24:e4:0c:dd:86:cd:67:31:0d:70:82:47:20:
                    f2:0e:e3:8d:0e:cb:84:b7:ce:28:7b:f2:6b:ea:c7:
                    23:fe:77:23:ab:3f:e6:87:c7:0e:f2:02:14:76:fc:
                    6c:a3:50:10:d0:87:c3:4d:55:bf:b3:d2:0a:dd:6b:
                    03:17:f4:1a:99:43:16:0b:9e:f4:ee:87:73:8d:51:
                    73:75:fa:6d:c6:8c:a7:08:21:4e:a7:9d:90:33:9e:
                    fd:85:7c:f2:55:16:c9:93:c5:27:81:a7:b3:3f:74:
                    a4:cc:8d:cf:f1:78:1e:93:d5:64:7d:fb:9e:e5:27:
                    0d:47:d1:0c:83:06:a1:48:d7:a7:58:fa:d0:b5:dc:
                    12:8e:30:ec:93:e3:1f:0b:7f:4d:b2:80:ad:be:0f:
                    7c:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:A7:9D:9F:7A:46:95:87:CC:16:05:80:90:D5:9B:B0:79:8F:46:26
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/705338a3-c121-4cfc-8da1-351146f2216a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  71.152.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:3b:2a:8e:fa:35:93:10:4f:19:32:8f:75:f4:12:33:d4:86:
         c8:91:e5:46:d7:80:a5:fa:2b:d1:27:44:bb:4f:be:e7:6c:c8:
         76:7c:6d:04:54:05:f8:b4:71:29:d4:7b:43:7b:2e:3d:9d:3c:
         be:47:f1:04:8d:03:51:f2:85:fe:4d:86:27:1f:bb:58:d1:94:
         7d:15:fa:19:50:0e:93:cc:42:ca:08:61:28:74:0c:b4:35:b6:
         40:f4:d5:76:7a:e5:99:f0:5e:62:f0:a6:31:93:63:62:30:30:
         d5:b4:a5:82:58:e4:ea:96:3e:10:d1:f8:34:bb:bf:ff:ff:6f:
         ec:4b:44:5f:dd:a8:15:8c:f5:63:8c:d2:a5:cb:27:12:30:1a:
         e0:50:80:f9:c8:42:8d:fb:f4:ba:50:3e:50:a8:f9:fb:b5:07:
         4e:01:e2:a2:72:dc:42:14:fa:ba:5f:c5:e7:c8:1c:cf:ed:8b:
         b8:94:68:00:a2:72:13:58:d1:7f:2c:d9:cd:05:3c:e1:7e:22:
         e1:a2:67:7d:72:09:9b:6c:55:5a:06:99:11:b7:92:b6:43:da:
         5e:13:0a:93:62:d7:77:c3:74:f1:62:17:ea:f8:d3:e5:63:10:
         cd:90:87:d8:56:3f:a8:26:71:cf:77:bd:19:23:16:83:b9:d4:
         23:b9:51:d5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPc6NdkhBXLq76gEFQR2ENYmYnHMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTc1MjM3WhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYzZjOTY3YTk3ZTNmMjNhNTIxNWIyOGJlNWYxYmVkMGYy
YjI4NDk5ZTg0ODNhNGQ3ZDg0NTdjYTE2NWQwYjRhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCi/DlIHhuAKmVMU4bFjBzWruyREj3El0/G3W6eq8U+m7eh
mrFOVwY67Px3rGJNWN9N+FNtN+6G2B0VetHvZ3NHH4tVk7cEGVxic7Pn1EMODOU5
xm/Kqep1HfevES/M2OnwVGzhFBImgBcBJOQM3YbNZzENcIJHIPIO440Oy4S3zih7
8mvqxyP+dyOrP+aHxw7yAhR2/GyjUBDQh8NNVb+z0grdawMX9BqZQxYLnvTuh3ON
UXN1+m3GjKcIIU6nnZAznv2FfPJVFsmTxSeBp7M/dKTMjc/xeB6T1WR9+57lJw1H
0QyDBqFI16dY+tC13BKOMOyT4x8Lf02ygK2+D3xTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8aedn3pGlYfMFgWAkNWbsHmPRiYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcwNTMzOGEzLWMxMjEtNGNmYy04ZGExLTM1MTE0NmYyMjE2YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABHmAkwDQYJKoZIhvcNAQELBQADggEBAJA7Ko76NZMQTxkyj3X0EjPUhsiR
5UbXgKX6K9EnRLtPvudsyHZ8bQRUBfi0cSnUe0N7Lj2dPL5H8QSNA1Hyhf5Nhicf
u1jRlH0V+hlQDpPMQsoIYSh0DLQ1tkD01XZ65ZnwXmLwpjGTY2IwMNW0pYJY5OqW
PhDR+DS7v///b+xLRF/dqBWM9WOM0qXLJxIwGuBQgPnIQo379LpQPlCo+fu1B04B
4qJy3EIU+rpfxefIHM/ti7iUaACichNY0X8s2c0FPOF+IuGiZ31yCZtsVVoGmRG3
krZD2l4TCpNi13fDdPFiF+r40+VjEM2Qh9hWP6gmcc93vRkjFoO51CO5UdU=
-----END CERTIFICATE-----