Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/70571ce4-58f3-4cc6-b162-737a20af972d.roa
File:                     70571ce4-58f3-4cc6-b162-737a20af972d.roa (raw, json)
Hash identifier:          krGMQCsLdUdtwsSX/cT7CdlMfQQ9nAgMHVTJbp7AG/4=
Subject key identifier:   B0:06:71:59:C2:6C:8F:A8:1B:66:76:47:BC:67:16:86:6D:59:F3:96
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       45BAD01F1F09F738C6A404C7F20AC6AE5CBCDA47
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/70571ce4-58f3-4cc6-b162-737a20af972d.roa
Signing time:             Wed 01 Oct 2025 00:51:59 +0000
ROA not before:           Wed 01 Oct 2025 00:51:59 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        70.251.64.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:ba:d0:1f:1f:09:f7:38:c6:a4:04:c7:f2:0a:c6:ae:5c:bc:da:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:51:59 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=00c445304baddfb6e938f52bf3b0d444e0ea69da50f9293defa64c354bbcf1a9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:5e:1f:e8:52:73:b8:be:a5:21:e5:43:1c:39:
                    34:2c:d5:c6:17:72:51:c4:42:94:64:81:6e:66:69:
                    01:0d:e1:65:51:d3:d4:b7:29:66:ec:db:9b:9e:c6:
                    6a:96:54:d3:19:a6:ef:8b:a5:55:04:24:b3:29:3e:
                    53:d9:1e:94:53:91:22:b3:33:2f:d5:17:1b:13:f8:
                    a8:62:eb:44:15:ea:71:3a:4b:7d:1c:12:9b:10:46:
                    5e:63:3d:89:51:bf:56:66:b7:0c:21:8a:87:28:1f:
                    ff:3c:f3:ac:94:07:25:3c:0f:44:72:fc:a9:c2:b5:
                    2d:2f:7d:83:48:7d:4d:80:34:ea:26:a7:1b:e9:e4:
                    58:00:65:fd:d5:75:e2:35:08:b8:3b:9b:4d:05:62:
                    96:f4:77:bf:3e:6b:a1:75:7a:27:aa:53:a7:f4:fc:
                    55:16:16:1a:1f:69:9c:31:7f:4c:33:8e:b6:3f:1c:
                    25:6a:70:ff:08:36:68:70:0f:c1:ce:d2:3c:a3:49:
                    48:18:b2:84:d1:51:c4:f5:27:fd:f2:94:79:6f:e6:
                    1a:4e:5f:bc:e4:d1:78:4f:d2:7c:2a:84:aa:ca:dc:
                    6f:28:7e:58:2c:cd:b4:99:cd:b7:b5:87:17:4a:30:
                    b3:38:8f:f8:1d:d6:48:43:cb:3d:e5:4c:86:16:05:
                    24:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:06:71:59:C2:6C:8F:A8:1B:66:76:47:BC:67:16:86:6D:59:F3:96
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/70571ce4-58f3-4cc6-b162-737a20af972d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  70.251.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         53:77:85:5a:ce:09:fc:8d:21:8d:6b:e9:9d:ab:53:7a:1e:5b:
         00:53:1b:36:81:1a:26:cc:7e:70:e4:70:e8:23:32:f4:40:ad:
         a3:ce:83:44:d1:ee:b3:ee:6d:6d:93:8b:57:c5:86:ab:e9:89:
         22:5f:96:43:84:7d:a7:7a:34:f7:2d:e5:13:a9:b4:c1:b3:e0:
         86:a4:21:fa:d3:33:79:ba:9b:b7:0c:40:fc:35:ab:a7:0d:10:
         d8:78:66:1e:74:58:eb:ef:8f:61:46:1e:31:58:2b:48:f2:29:
         66:95:0e:b2:f5:fd:1f:f2:58:4c:96:e0:57:47:43:f5:73:0c:
         8d:e6:a0:b1:6b:0e:d6:8f:d1:e3:fd:ba:28:9d:a7:66:49:d0:
         fc:40:f7:16:3b:cd:76:ff:10:5f:c9:d0:4c:4a:c0:ef:51:de:
         07:25:bc:f3:b2:d7:2c:59:4a:0a:ec:0e:e4:be:5e:b0:88:38:
         44:e2:8e:bc:b1:6f:3b:ce:43:0e:aa:c1:13:0a:a7:ae:38:c3:
         c6:56:2a:dc:0c:d8:a6:e6:fa:d6:94:f0:6e:87:43:65:6f:77:
         2f:c0:42:94:b6:71:eb:e4:60:5b:14:d0:b6:aa:95:f8:c8:ab:
         6f:f1:be:7e:92:88:d4:e2:80:92:eb:81:ef:57:93:ae:9f:09:
         c6:ab:94:db
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURbrQHx8J9zjGpATH8grGrly82kcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDA1MTU5WhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMGM0NDUzMDRiYWRkZmI2ZTkzOGY1MmJmM2IwZDQ0NGUw
ZWE2OWRhNTBmOTI5M2RlZmE2NGMzNTRiYmNmMWE5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjXh/oUnO4vqUh5UMcOTQs1cYXclHEQpRkgW5maQEN4WVR
09S3KWbs25uexmqWVNMZpu+LpVUEJLMpPlPZHpRTkSKzMy/VFxsT+Khi60QV6nE6
S30cEpsQRl5jPYlRv1ZmtwwhiocoH/8886yUByU8D0Ry/KnCtS0vfYNIfU2ANOom
pxvp5FgAZf3VdeI1CLg7m00FYpb0d78+a6F1eieqU6f0/FUWFhofaZwxf0wzjrY/
HCVqcP8INmhwD8HO0jyjSUgYsoTRUcT1J/3ylHlv5hpOX7zk0XhP0nwqhKrK3G8o
flgszbSZzbe1hxdKMLM4j/gd1khDyz3lTIYWBSQVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsAZxWcJsj6gbZnZHvGcWhm1Z85YwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcwNTcxY2U0LTU4ZjMtNGNjNi1iMTYyLTczN2EyMGFmOTcyZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZG+0AwDQYJKoZIhvcNAQELBQADggEBAFN3hVrOCfyNIY1r6Z2rU3oeWwBT
GzaBGibMfnDkcOgjMvRAraPOg0TR7rPubW2Ti1fFhqvpiSJflkOEfad6NPct5ROp
tMGz4IakIfrTM3m6m7cMQPw1q6cNENh4Zh50WOvvj2FGHjFYK0jyKWaVDrL1/R/y
WEyW4FdHQ/VzDI3moLFrDtaP0eP9uiidp2ZJ0PxA9xY7zXb/EF/J0ExKwO9R3gcl
vPOy1yxZSgrsDuS+XrCIOETijryxbzvOQw6qwRMKp644w8ZWKtwM2Kbm+taU8G6H
Q2Vvdy/AQpS2cevkYFsU0LaqlfjIq2/xvn6SiNTigJLrge9Xk66fCcarlNs=
-----END CERTIFICATE-----