Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/752845bf-4fad-4178-abc3-345e36b80c44.roa
File:                     752845bf-4fad-4178-abc3-345e36b80c44.roa (raw, json)
Hash identifier:          UOh+BrL4cxfxp+CtDI4T1FHqjxEk+JdA4LSBP3WOtqo=
Subject key identifier:   AC:8F:56:9C:7A:73:05:E2:05:48:52:11:F7:FA:B5:AA:C7:92:3C:56
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3C38F1825AAC69D37B8EC71A59B04CE2C425FA33
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/752845bf-4fad-4178-abc3-345e36b80c44.roa
Signing time:             Sat 11 Oct 2025 00:41:14 +0000
ROA not before:           Sat 11 Oct 2025 00:41:14 +0000
ROA not after:            Sat 15 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        69.0.142.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:38:f1:82:5a:ac:69:d3:7b:8e:c7:1a:59:b0:4c:e2:c4:25:fa:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 11 00:41:14 2025 GMT
            Not After : Nov 15 23:59:59 2025 GMT
        Subject: serialNumber=c59e0daeee65d8ea1102faa7eac7835e1bc8db1b69069cd44f1c9b01a615ab73, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ca:9b:2e:38:60:e2:73:28:9d:13:ea:77:1a:
                    f8:78:a0:5c:b6:3e:1a:03:44:3b:3e:f5:e0:de:80:
                    0f:7e:4c:78:93:d2:c0:f9:2f:91:0e:35:26:1c:0e:
                    e9:18:0c:bb:df:4c:67:e3:ca:ba:2c:66:6b:79:08:
                    6b:d5:dd:75:e9:89:e8:4d:04:92:e5:12:d1:d2:d2:
                    7d:33:a2:e4:ef:24:c4:e0:08:0a:38:0d:b3:fe:2d:
                    30:a4:ba:b7:e4:17:27:1c:c1:b4:83:3f:73:ad:15:
                    a7:61:d1:ec:51:aa:80:23:e7:19:7b:a5:66:83:07:
                    44:78:50:52:12:50:16:f6:44:31:64:4c:f2:71:8e:
                    43:d3:a5:a9:61:85:46:5f:4c:ed:35:0a:24:95:90:
                    1e:12:02:3a:cb:30:7d:0b:ae:09:db:5e:09:6e:8c:
                    57:e1:66:3f:e5:6a:ef:bc:7d:7b:99:09:40:58:a2:
                    e6:40:17:cf:cc:c7:99:30:09:ee:73:71:02:58:47:
                    86:02:9b:21:47:81:9a:81:c0:5c:e5:72:c3:4b:e3:
                    e5:b5:53:4d:b2:37:09:5c:63:92:de:ab:15:a0:9e:
                    07:64:63:9a:c4:0e:f6:2e:44:76:5d:9c:2b:48:d9:
                    b6:06:38:f0:c8:b2:d1:5c:e0:d3:62:8d:1e:44:e4:
                    6c:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:8F:56:9C:7A:73:05:E2:05:48:52:11:F7:FA:B5:AA:C7:92:3C:56
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/752845bf-4fad-4178-abc3-345e36b80c44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.0.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c8:39:06:07:d9:33:57:cb:d9:3d:2a:1d:a8:5a:30:1b:54:f3:
         f7:f5:df:5d:23:34:ae:82:be:c8:48:3a:4c:9e:77:84:0d:00:
         4f:23:fe:2b:a4:06:b3:59:1d:2c:6b:99:12:cb:a7:aa:e0:b8:
         b3:59:69:f1:f0:da:52:5e:4c:aa:63:7b:a8:d1:59:9b:5d:80:
         ce:49:ac:5a:51:aa:6e:29:c0:85:d1:70:da:9a:7a:f9:44:db:
         62:1a:03:11:fd:bb:25:96:c5:db:23:01:80:d5:5e:76:f3:50:
         e0:5c:3d:dc:cb:82:9a:90:a7:40:65:eb:c6:a2:6e:f6:ba:7d:
         d1:6c:80:9d:e9:e9:dd:10:ad:f8:25:b5:7b:56:3a:0b:62:58:
         44:30:a7:63:77:fc:b9:b6:b3:e3:af:86:f9:96:77:fe:56:15:
         4e:dc:3e:e8:4d:8b:cf:9b:71:99:5d:73:76:25:0e:98:48:d8:
         8e:c3:a5:d6:6a:3e:24:24:05:24:2c:e6:83:f8:5a:70:48:a1:
         02:2a:00:51:a4:dc:9e:81:24:09:09:e3:5c:0f:9f:ae:68:33:
         c8:78:b5:57:ed:91:16:d1:f2:87:8d:53:d3:96:fd:d2:b6:96:
         64:3a:e3:7a:f4:42:44:77:1c:b6:6e:dc:64:92:85:80:1d:ab:
         d0:08:44:f1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPDjxglqsadN7jscaWbBM4sQl+jMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDExMDA0MTE0WhcNMjUxMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BjNTllMGRhZWVlNjVkOGVhMTEwMmZhYTdlYWM3ODM1ZTFi
YzhkYjFiNjkwNjljZDQ0ZjFjOWIwMWE2MTVhYjczMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5ypsuOGDicyidE+p3Gvh4oFy2PhoDRDs+9eDegA9+THiT
0sD5L5EONSYcDukYDLvfTGfjyrosZmt5CGvV3XXpiehNBJLlEtHS0n0zouTvJMTg
CAo4DbP+LTCkurfkFyccwbSDP3OtFadh0exRqoAj5xl7pWaDB0R4UFISUBb2RDFk
TPJxjkPTpalhhUZfTO01CiSVkB4SAjrLMH0LrgnbXglujFfhZj/lau+8fXuZCUBY
ouZAF8/Mx5kwCe5zcQJYR4YCmyFHgZqBwFzlcsNL4+W1U02yNwlcY5LeqxWgngdk
Y5rEDvYuRHZdnCtI2bYGOPDIstFc4NNijR5E5GydAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrI9WnHpzBeIFSFIR9/q1qseSPFYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc1Mjg0NWJmLTRmYWQtNDE3OC1hYmMzLTM0NWUzNmI4MGM0NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFFAI4wDQYJKoZIhvcNAQELBQADggEBAMg5BgfZM1fL2T0qHahaMBtU8/f1
310jNK6CvshIOkyed4QNAE8j/iukBrNZHSxrmRLLp6rguLNZafHw2lJeTKpje6jR
WZtdgM5JrFpRqm4pwIXRcNqaevlE22IaAxH9uyWWxdsjAYDVXnbzUOBcPdzLgpqQ
p0Bl68aibva6fdFsgJ3p6d0QrfgltXtWOgtiWEQwp2N3/Lm2s+OvhvmWd/5WFU7c
PuhNi8+bcZldc3YlDphI2I7DpdZqPiQkBSQs5oP4WnBIoQIqAFGk3J6BJAkJ41wP
n65oM8h4tVftkRbR8oeNU9OW/dK2lmQ643r0QkR3HLZu3GSShYAdq9AIRPE=
-----END CERTIFICATE-----