Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7538292c-9697-4822-8500-3088da3cb9a2.roa
File:                     7538292c-9697-4822-8500-3088da3cb9a2.roa (raw, json)
Hash identifier:          RoWY03y8uJj1Z8mlRxMvVDIhfST/sa+iwXAorD5Mds4=
Subject key identifier:   37:46:43:32:E0:BC:A4:75:28:BF:12:69:C8:D0:A1:63:08:D1:6B:9B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3DE7F58354DD716D4CF4406BD5B124D9404F00B5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7538292c-9697-4822-8500-3088da3cb9a2.roa
Signing time:             Fri 17 Oct 2025 21:50:05 +0000
ROA not before:           Fri 17 Oct 2025 21:50:05 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        209.88.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:e7:f5:83:54:dd:71:6d:4c:f4:40:6b:d5:b1:24:d9:40:4f:00:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 17 21:50:05 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=b755186db8764db4d342b868924cf15d5f73a51093d7fab1c85c516b6bc229cd, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ff:0a:f4:56:d8:53:1b:22:e1:92:b9:e6:1d:
                    3b:9d:a2:d0:f6:31:01:5f:92:ce:a0:71:ee:99:bf:
                    1d:03:ce:2a:20:d3:03:0d:1d:4f:d0:aa:12:74:ab:
                    2f:ff:ee:45:a2:dd:57:a8:43:b9:15:3d:c4:17:5c:
                    c5:4c:cd:30:a2:56:c2:05:16:30:6f:7f:5a:db:0e:
                    43:a2:19:a2:3e:79:79:9c:2f:26:df:3b:bb:dd:91:
                    3b:e1:3d:35:51:bb:05:66:d3:1c:b8:d3:4a:ad:d2:
                    b0:10:6f:6a:72:d9:0f:71:cb:34:c3:68:8b:71:02:
                    e2:e6:c7:b3:b7:61:a3:9b:b2:13:07:86:0d:dd:ee:
                    b1:2b:cd:2e:97:6a:24:08:65:f7:ae:13:d3:e7:49:
                    85:b3:a1:e3:0a:34:55:0a:89:79:63:8f:43:6a:fd:
                    88:29:a3:28:4f:6c:21:26:4d:9e:a8:95:64:ad:5d:
                    c8:3f:71:2c:f2:7e:48:d3:58:fa:5e:61:73:0e:5d:
                    26:eb:5e:db:5b:90:5e:80:88:6b:15:e5:f7:2c:94:
                    d0:fb:b4:e9:b5:7f:e8:e6:fe:8a:e7:2b:08:5e:56:
                    7b:a8:13:4c:0a:b2:94:3b:1f:c6:13:75:0b:ae:d8:
                    96:93:ff:7c:1f:47:29:b6:a1:00:64:37:a7:ba:56:
                    0a:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:46:43:32:E0:BC:A4:75:28:BF:12:69:C8:D0:A1:63:08:D1:6B:9B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7538292c-9697-4822-8500-3088da3cb9a2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.88.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         12:a4:67:92:41:67:3e:71:6b:f7:c1:ab:a3:18:6e:5d:69:35:
         84:91:e5:00:ac:9e:45:c3:d4:1b:b5:97:cc:ba:29:ff:9b:6b:
         ca:f8:b0:3a:d6:bf:9b:b7:46:d1:fc:65:e2:98:b7:04:74:43:
         9d:d2:12:57:86:08:18:15:c1:9e:e8:98:f9:aa:49:8b:2f:3b:
         cf:20:50:2e:98:68:93:1d:db:33:83:94:23:d2:5d:a3:70:4e:
         f0:58:dc:59:0e:d6:2d:c6:e7:6a:f8:ee:c8:ea:a5:95:65:7a:
         18:ca:db:44:9f:c5:fa:ab:6d:fc:7c:eb:9b:39:df:8a:57:c8:
         3f:eb:d8:0e:e7:a0:f0:2f:bc:a4:53:17:c8:ec:e6:7e:c4:e4:
         fc:50:a1:05:c4:c9:e0:3e:49:1b:f8:4e:21:c8:de:92:d3:63:
         b4:2c:7b:b2:e8:a3:0d:1b:0e:92:72:36:d2:11:55:4c:8f:7b:
         4d:3c:ad:24:d0:6c:18:c8:db:0e:3e:46:43:7e:81:b4:5f:05:
         13:c8:3b:16:7f:2a:69:08:8a:60:f4:39:99:b2:b0:c8:41:99:
         61:22:90:1f:40:b5:43:b5:dd:06:3b:91:a7:7b:1a:3f:6f:17:
         71:b8:dd:a3:01:d9:66:0d:5d:39:89:03:74:fb:05:b5:bb:4e:
         a1:31:e1:cc
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUPef1g1TdcW1M9EBr1bEk2UBPALUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE3MjE1MDA1WhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiNzU1MTg2ZGI4NzY0ZGI0ZDM0MmI4Njg5MjRjZjE1ZDVm
NzNhNTEwOTNkN2ZhYjFjODVjNTE2YjZiYzIyOWNkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5/wr0VthTGyLhkrnmHTudotD2MQFfks6gce6Zvx0Dziog
0wMNHU/QqhJ0qy//7kWi3VeoQ7kVPcQXXMVMzTCiVsIFFjBvf1rbDkOiGaI+eXmc
LybfO7vdkTvhPTVRuwVm0xy400qt0rAQb2py2Q9xyzTDaItxAuLmx7O3YaObshMH
hg3d7rErzS6XaiQIZfeuE9PnSYWzoeMKNFUKiXljj0Nq/YgpoyhPbCEmTZ6olWSt
Xcg/cSzyfkjTWPpeYXMOXSbrXttbkF6AiGsV5fcslND7tOm1f+jm/ornKwheVnuo
E0wKspQ7H8YTdQuu2JaT/3wfRym2oQBkN6e6VgppAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUN0ZDMuC8pHUovxJpyNChYwjRa5swHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc1MzgyOTJjLTk2OTctNDgyMi04NTAwLTMwODhkYTNjYjlhMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwDRWDANBgkqhkiG9w0BAQsFAAOCAQEAEqRnkkFnPnFr98GroxhuXWk1hJHl
AKyeRcPUG7WXzLop/5tryviwOta/m7dG0fxl4pi3BHRDndISV4YIGBXBnuiY+apJ
iy87zyBQLphokx3bM4OUI9Jdo3BO8FjcWQ7WLcbnavjuyOqllWV6GMrbRJ/F+qtt
/HzrmznfilfIP+vYDueg8C+8pFMXyOzmfsTk/FChBcTJ4D5JG/hOIcjektNjtCx7
suijDRsOknI20hFVTI97TTytJNBsGMjbDj5GQ36BtF8FE8g7Fn8qaQiKYPQ5mbKw
yEGZYSKQH0C1Q7XdBjuRp3saP28XcbjdowHZZg1dOYkDdPsFtbtOoTHhzA==
-----END CERTIFICATE-----