Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/73f69d4b-a500-45f5-8ea4-0f6641e3184e.roa
File:                     73f69d4b-a500-45f5-8ea4-0f6641e3184e.roa (raw, json)
Hash identifier:          ipGLRQ5hz4gwt4cxLh4/Rqd3DfY3LnbNnUGWUkjaBJw=
Subject key identifier:   B3:CC:E3:B5:FA:0F:D6:CD:C7:78:97:22:D1:7B:13:B0:F5:10:32:EF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3E714CE5CBD4B84881E0CD46F7F975AD22918D22
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/73f69d4b-a500-45f5-8ea4-0f6641e3184e.roa
Signing time:             Sat 18 Oct 2025 01:31:18 +0000
ROA not before:           Sat 18 Oct 2025 01:31:18 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.9.60.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:71:4c:e5:cb:d4:b8:48:81:e0:cd:46:f7:f9:75:ad:22:91:8d:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 01:31:18 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=458a1612b4314578a39dfdf50cdd8d5c40c3d49ad4442d8c5761c1ea636a8b2a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:eb:10:70:4a:7f:f3:04:65:30:07:8a:89:79:
                    2f:b2:47:8d:75:b8:ed:42:94:d7:4e:aa:d0:6e:d6:
                    3d:bd:5f:b3:aa:ce:fd:cb:62:82:1c:dc:d8:43:09:
                    5c:bb:11:c4:89:3a:6f:f1:0a:7b:0b:7b:4a:e9:d3:
                    29:0a:2c:81:09:dc:18:52:3f:6d:24:ff:f4:20:75:
                    b2:3f:93:d5:94:da:af:f4:be:0b:1a:7d:6d:fd:3a:
                    53:5f:85:82:8c:18:6f:95:5c:39:50:93:7c:be:90:
                    bb:a7:97:7b:ca:d2:8b:92:98:2d:4f:c2:7c:60:0c:
                    a3:86:43:01:c2:97:4a:a5:57:e8:b3:e7:be:f9:b9:
                    cc:67:90:ee:3c:f0:42:6b:28:c2:4f:eb:ed:ee:84:
                    9d:17:b6:db:c8:03:f4:7d:06:43:98:c6:6c:7b:5d:
                    9e:89:2f:76:1c:f0:27:73:b1:6b:93:a5:a1:3b:05:
                    89:e6:ac:ea:4e:a3:b8:c1:22:74:2d:9d:f9:73:9d:
                    c0:97:61:a7:cf:a0:e2:6d:f9:2a:16:ad:89:d5:09:
                    8d:09:05:75:12:a8:f1:c2:a1:34:58:55:15:e6:58:
                    c9:05:12:3d:30:c3:94:94:15:e9:40:28:52:90:64:
                    0a:49:59:1a:7e:87:87:2b:e4:24:92:63:39:93:83:
                    f8:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:CC:E3:B5:FA:0F:D6:CD:C7:78:97:22:D1:7B:13:B0:F5:10:32:EF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/73f69d4b-a500-45f5-8ea4-0f6641e3184e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.9.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:f8:62:71:ed:05:37:33:aa:0d:87:76:bb:f2:0c:41:b0:21:
         b4:d0:22:1d:9d:eb:68:11:ed:a7:e8:84:b7:72:f0:c4:5b:ec:
         10:1f:60:40:26:90:9f:d5:67:40:5d:fe:80:ee:eb:f9:ed:5b:
         fc:46:29:66:e8:e4:29:c8:66:b6:cc:ee:e0:4a:2f:aa:9f:83:
         60:4a:11:0f:d4:35:30:98:c9:73:b9:03:e3:0b:d1:be:f3:59:
         57:ee:39:6e:c4:be:b3:c3:bb:44:fe:8d:38:d3:21:64:cb:7d:
         39:d6:80:0a:c5:e9:06:19:b2:a1:6e:dc:6a:b6:45:64:75:63:
         d7:80:6a:c2:c9:57:42:b8:4c:9b:38:99:0e:ab:06:81:13:3c:
         69:ed:8b:5b:02:e6:f1:44:1f:cd:4b:d5:8c:f9:28:be:a6:1d:
         ae:fe:2f:97:eb:7c:c9:d7:c8:b7:a8:22:e1:4d:97:3c:63:a3:
         92:0a:f4:71:95:eb:e7:35:7e:f5:11:51:5c:a2:c4:e2:8b:b4:
         c4:2d:76:ae:ca:f1:33:a1:97:71:f2:00:ce:82:cb:5d:be:43:
         ad:1c:59:c8:01:46:5d:b3:b2:44:76:24:1a:17:17:83:86:65:
         3e:35:97:ed:68:60:11:2d:9d:6a:0a:28:5c:91:88:be:87:4c:
         e9:8e:54:05
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPnFM5cvUuEiB4M1G9/l1rSKRjSIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDEzMTE4WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NThhMTYxMmI0MzE0NTc4YTM5ZGZkZjUwY2RkOGQ1YzQw
YzNkNDlhZDQ0NDJkOGM1NzYxYzFlYTYzNmE4YjJhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJ6xBwSn/zBGUwB4qJeS+yR411uO1ClNdOqtBu1j29X7Oq
zv3LYoIc3NhDCVy7EcSJOm/xCnsLe0rp0ykKLIEJ3BhSP20k//QgdbI/k9WU2q/0
vgsafW39OlNfhYKMGG+VXDlQk3y+kLunl3vK0ouSmC1PwnxgDKOGQwHCl0qlV+iz
5775ucxnkO488EJrKMJP6+3uhJ0XttvIA/R9BkOYxmx7XZ6JL3Yc8CdzsWuTpaE7
BYnmrOpOo7jBInQtnflzncCXYafPoOJt+SoWrYnVCY0JBXUSqPHCoTRYVRXmWMkF
Ej0ww5SUFelAKFKQZApJWRp+h4cr5CSSYzmTg/h5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUs8zjtfoP1s3HeJci0XsTsPUQMu8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzczZjY5ZDRiLWE1MDAtNDVmNS04ZWE0LTBmNjY0MWUzMTg0ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABBCTwwDQYJKoZIhvcNAQELBQADggEBAL74YnHtBTczqg2HdrvyDEGwIbTQ
Ih2d62gR7afohLdy8MRb7BAfYEAmkJ/VZ0Bd/oDu6/ntW/xGKWbo5CnIZrbM7uBK
L6qfg2BKEQ/UNTCYyXO5A+ML0b7zWVfuOW7EvrPDu0T+jTjTIWTLfTnWgArF6QYZ
sqFu3Gq2RWR1Y9eAasLJV0K4TJs4mQ6rBoETPGnti1sC5vFEH81L1Yz5KL6mHa7+
L5frfMnXyLeoIuFNlzxjo5IK9HGV6+c1fvURUVyixOKLtMQtdq7K8TOhl3HyAM6C
y12+Q60cWcgBRl2zskR2JBoXF4OGZT41l+1oYBEtnWoKKFyRiL6HTOmOVAU=
-----END CERTIFICATE-----