Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7c8c00dc-eb5e-47fd-a701-a7fa360f62eb.roa
File:                     7c8c00dc-eb5e-47fd-a701-a7fa360f62eb.roa (raw, json)
Hash identifier:          8W5OgIs1ETq6qsAd/ebEsH1sC48uqFlW+eSNub/seHQ=
Subject key identifier:   A4:CF:63:40:4C:C9:B3:7B:34:76:A5:B9:AB:F0:1E:24:B5:A3:4D:88
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6BC9F841CDB7EFC5FD1CE0B00C14358F38A11A1D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7c8c00dc-eb5e-47fd-a701-a7fa360f62eb.roa
Signing time:             Sat 11 Oct 2025 00:39:57 +0000
ROA not before:           Sat 11 Oct 2025 00:39:57 +0000
ROA not after:            Sat 15 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        209.196.152.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:c9:f8:41:cd:b7:ef:c5:fd:1c:e0:b0:0c:14:35:8f:38:a1:1a:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 11 00:39:57 2025 GMT
            Not After : Nov 15 23:59:59 2025 GMT
        Subject: serialNumber=66c6b662a5c91ef7f6bd98c66c04ad2b1cb3ee5381b35ac33e2a8213c3f93e1d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:95:6e:5f:8d:cb:9b:b4:25:d9:7d:b7:b6:11:
                    ff:7d:cb:9c:35:bb:d0:f0:7e:be:ab:71:9d:ec:e0:
                    b8:ca:9e:a2:66:f6:99:b8:95:48:26:53:e9:51:5d:
                    0b:a5:e1:27:c3:b9:10:4f:dd:c8:3b:8a:2c:89:20:
                    7f:7a:b9:2d:6b:3a:0b:6a:d0:75:00:0b:a8:61:00:
                    a8:22:80:b4:75:e3:19:6c:ab:4b:a9:9d:63:53:1e:
                    5d:cb:df:d0:0a:ed:e4:42:5b:f3:e8:e8:58:cc:68:
                    6c:14:67:3c:87:4e:c0:d8:50:92:ee:22:02:36:27:
                    9d:5d:f4:c5:0e:3e:29:84:8b:e5:a7:8c:33:e1:51:
                    5e:10:61:54:02:a6:36:23:c4:79:5d:fe:3e:fb:68:
                    66:01:b9:c6:e2:7e:de:d8:4f:f7:c3:03:ad:e2:f8:
                    20:d1:f0:06:25:15:a1:d1:d4:06:87:93:01:90:45:
                    38:4d:07:06:6c:8f:b8:e4:e6:04:fb:b1:f9:9a:dd:
                    7b:45:da:7a:58:a5:2b:19:16:63:f3:c7:c8:e2:7e:
                    6d:1b:d9:14:40:7b:d2:04:5d:9f:ac:da:e8:bd:de:
                    5d:77:1e:3b:ef:31:e9:d7:4b:e4:a3:fe:21:f5:ac:
                    97:46:64:18:7d:b2:74:f3:83:1a:31:de:c8:25:80:
                    7f:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:CF:63:40:4C:C9:B3:7B:34:76:A5:B9:AB:F0:1E:24:B5:A3:4D:88
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7c8c00dc-eb5e-47fd-a701-a7fa360f62eb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.196.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c2:b3:12:13:c1:76:0f:c9:ea:e2:9a:cb:00:42:a7:b7:9e:64:
         c5:41:16:23:eb:f3:24:63:8c:68:d5:0b:a4:9b:9a:19:41:ac:
         31:b5:3a:52:94:98:10:8c:fa:64:d8:4f:c5:cd:46:31:c0:f8:
         be:b1:d3:f0:d0:33:fd:82:f5:6a:24:e6:ee:7f:33:37:a8:24:
         c0:94:f0:b5:81:db:bc:c3:bd:9b:e6:2c:d4:fa:bd:bd:b3:e4:
         c3:c5:f5:5c:fd:8f:ed:4e:5c:cb:18:24:bc:1b:64:43:c8:0d:
         b4:b3:6b:1e:e4:7d:4d:04:7a:03:ab:47:a9:49:d3:2d:51:1f:
         c8:07:3b:b4:dc:00:c7:9d:37:1f:cf:f0:ca:4a:52:06:8f:85:
         7c:5f:88:b2:d2:3a:6f:36:f8:aa:52:de:6b:05:1f:3a:b9:58:
         fe:9c:1a:1e:35:d6:55:45:b8:17:3c:30:33:55:cf:e8:8d:5a:
         e2:db:8e:95:35:30:c7:ec:e6:b7:1a:72:50:a2:29:26:33:20:
         1a:2b:56:50:d4:b7:d0:a2:d9:0f:be:ba:92:46:d4:77:6d:96:
         11:7f:76:a2:19:b1:44:bc:c3:22:ba:c0:ff:7f:d3:03:65:61:
         04:5c:05:26:9d:ae:ec:b7:42:84:70:ef:40:0e:23:41:89:fc:
         1e:79:7f:e3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUa8n4Qc2378X9HOCwDBQ1jzihGh0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDExMDAzOTU3WhcNMjUxMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NmM2YjY2MmE1YzkxZWY3ZjZiZDk4YzY2YzA0YWQyYjFj
YjNlZTUzODFiMzVhYzMzZTJhODIxM2MzZjkzZTFkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCclW5fjcubtCXZfbe2Ef99y5w1u9Dwfr6rcZ3s4LjKnqJm
9pm4lUgmU+lRXQul4SfDuRBP3cg7iiyJIH96uS1rOgtq0HUAC6hhAKgigLR14xls
q0upnWNTHl3L39AK7eRCW/Po6FjMaGwUZzyHTsDYUJLuIgI2J51d9MUOPimEi+Wn
jDPhUV4QYVQCpjYjxHld/j77aGYBucbift7YT/fDA63i+CDR8AYlFaHR1AaHkwGQ
RThNBwZsj7jk5gT7sfma3XtF2npYpSsZFmPzx8jifm0b2RRAe9IEXZ+s2ui93l13
HjvvMenXS+Sj/iH1rJdGZBh9snTzgxox3sglgH9bAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpM9jQEzJs3s0dqW5q/AeJLWjTYgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdjOGMwMGRjLWViNWUtNDdmZC1hNzAxLWE3ZmEzNjBmNjJlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAHRxJgwDQYJKoZIhvcNAQELBQADggEBAMKzEhPBdg/J6uKaywBCp7eeZMVB
FiPr8yRjjGjVC6SbmhlBrDG1OlKUmBCM+mTYT8XNRjHA+L6x0/DQM/2C9Wok5u5/
MzeoJMCU8LWB27zDvZvmLNT6vb2z5MPF9Vz9j+1OXMsYJLwbZEPIDbSzax7kfU0E
egOrR6lJ0y1RH8gHO7TcAMedNx/P8MpKUgaPhXxfiLLSOm82+KpS3msFHzq5WP6c
Gh411lVFuBc8MDNVz+iNWuLbjpU1MMfs5rcaclCiKSYzIBorVlDUt9Ci2Q++upJG
1HdtlhF/dqIZsUS8wyK6wP9/0wNlYQRcBSadruy3QoRw70AOI0GJ/B55f+M=
-----END CERTIFICATE-----