Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/87751506-109d-4e47-bab8-88c4bb79ada9.roa
File:                     87751506-109d-4e47-bab8-88c4bb79ada9.roa (raw, json)
Hash identifier:          CwXk1zRVCdOdjDs9DTzUrUx5ln3RLItnI1giX7LGjYY=
Subject key identifier:   D5:3A:2F:6F:B6:B8:BD:08:A2:E9:43:3B:20:96:69:7C:C7:AC:A8:38
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4C7DF03357516AE65891381A9DA9E2FB59DAA636
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/87751506-109d-4e47-bab8-88c4bb79ada9.roa
Signing time:             Mon 06 Oct 2025 15:39:02 +0000
ROA not before:           Mon 06 Oct 2025 15:39:02 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        24.110.0.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:7d:f0:33:57:51:6a:e6:58:91:38:1a:9d:a9:e2:fb:59:da:a6:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 15:39:02 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=48754f9b14f864bc74b9b5861c0dde240039650eab6b6543c1149f06403aca0f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:b6:55:8e:8c:08:ad:de:32:fc:51:be:68:32:
                    b1:1e:73:81:67:ea:dd:43:35:03:b1:77:bf:a4:ac:
                    a6:12:84:93:a8:b7:2c:63:92:60:9e:10:4c:0c:e0:
                    05:c1:c6:0e:32:4e:55:03:12:4d:da:a8:bc:19:4b:
                    06:f4:74:d4:21:af:c2:bd:ff:61:0b:9f:74:d9:16:
                    79:e9:78:28:f4:14:5d:45:2d:5f:04:12:da:5c:d3:
                    b7:45:de:2e:21:46:b9:ec:06:c4:17:7c:3a:e7:e0:
                    53:53:af:04:79:e3:66:24:4c:87:4a:b1:bf:3e:5d:
                    e7:fc:69:58:9b:67:ca:ce:dc:0d:14:9e:1a:83:83:
                    7b:24:8c:e3:62:f0:67:d8:e7:63:66:96:40:cc:7d:
                    a9:6b:ce:eb:53:5e:aa:1c:e4:3a:19:de:77:38:1d:
                    f1:de:fa:9f:b8:f0:28:da:9e:da:a5:d0:06:71:68:
                    dd:84:2c:fc:fe:ca:c0:72:89:80:a6:b6:73:28:c8:
                    86:10:7b:ea:fc:2a:af:79:04:71:15:0f:94:a0:ed:
                    00:ec:75:ad:40:87:8d:43:37:08:78:79:0c:3c:3f:
                    b0:e3:60:bc:63:59:09:f1:ab:a4:e2:3e:43:9e:5f:
                    37:d1:81:f9:98:d6:9e:51:83:f5:a2:83:b8:be:3e:
                    47:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:3A:2F:6F:B6:B8:BD:08:A2:E9:43:3B:20:96:69:7C:C7:AC:A8:38
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/87751506-109d-4e47-bab8-88c4bb79ada9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  24.110.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         08:06:2f:70:2d:28:6d:03:06:46:c5:d2:c7:1e:04:f6:f1:bc:
         5f:1d:4d:b4:20:b5:31:0e:5f:78:04:57:71:f3:92:df:14:86:
         26:34:eb:76:fb:68:68:dd:e6:a2:89:1d:3e:77:62:45:d1:a2:
         42:52:91:fb:2c:7a:fe:40:ea:67:fe:da:0c:53:a6:4f:b8:80:
         35:de:83:a3:6d:2e:62:4d:94:5c:4d:a6:17:45:58:f8:69:4b:
         a9:1c:70:c3:a5:c3:d0:b2:06:d5:e6:bc:f2:05:a9:fc:8c:4e:
         e7:8b:79:0f:5b:08:a0:63:72:72:00:23:ea:a2:e1:6f:95:b8:
         36:35:54:3e:5b:77:14:65:cf:b7:83:a1:ee:7c:ba:30:c6:7b:
         06:d5:50:82:79:41:6c:26:b7:3e:80:72:62:43:19:2f:91:84:
         ea:03:bb:58:ed:7f:41:94:38:ec:ec:73:a6:2c:50:fc:3e:c5:
         80:5e:c4:93:b0:76:1c:72:98:df:19:ac:76:ff:90:1d:02:a4:
         b1:e2:66:6d:56:0c:ae:9e:3a:e9:84:c7:68:9a:56:24:ba:d5:
         01:32:c1:51:78:0f:73:c4:93:9e:e9:08:38:82:f2:61:f0:e8:
         e8:89:6c:3f:3f:0c:41:78:c7:d7:74:9e:5e:41:aa:7a:0e:de:
         22:af:14:1e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTH3wM1dRauZYkTganani+1napjYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTUzOTAyWhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ODc1NGY5YjE0Zjg2NGJjNzRiOWI1ODYxYzBkZGUyNDAw
Mzk2NTBlYWI2YjY1NDNjMTE0OWYwNjQwM2FjYTBmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCatlWOjAit3jL8Ub5oMrEec4Fn6t1DNQOxd7+krKYShJOo
tyxjkmCeEEwM4AXBxg4yTlUDEk3aqLwZSwb0dNQhr8K9/2ELn3TZFnnpeCj0FF1F
LV8EEtpc07dF3i4hRrnsBsQXfDrn4FNTrwR542YkTIdKsb8+Xef8aVibZ8rO3A0U
nhqDg3skjONi8GfY52NmlkDMfalrzutTXqoc5DoZ3nc4HfHe+p+48Cjantql0AZx
aN2ELPz+ysByiYCmtnMoyIYQe+r8Kq95BHEVD5Sg7QDsda1Ah41DNwh4eQw8P7Dj
YLxjWQnxq6TiPkOeXzfRgfmY1p5Rg/Wig7i+PkdbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1Tovb7a4vQii6UM7IJZpfMesqDgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg3NzUxNTA2LTEwOWQtNGU0Ny1iYWI4LTg4YzRiYjc5YWRhOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMYbgAwDQYJKoZIhvcNAQELBQADggEBAAgGL3AtKG0DBkbF0sceBPbxvF8d
TbQgtTEOX3gEV3Hzkt8UhiY063b7aGjd5qKJHT53YkXRokJSkfssev5A6mf+2gxT
pk+4gDXeg6NtLmJNlFxNphdFWPhpS6kccMOlw9CyBtXmvPIFqfyMTueLeQ9bCKBj
cnIAI+qi4W+VuDY1VD5bdxRlz7eDoe58ujDGewbVUIJ5QWwmtz6AcmJDGS+RhOoD
u1jtf0GUOOzsc6YsUPw+xYBexJOwdhxymN8ZrHb/kB0CpLHiZm1WDK6eOumEx2ia
ViS61QEywVF4D3PEk57pCDiC8mHw6OiJbD8/DEF4x9d0nl5BqnoO3iKvFB4=
-----END CERTIFICATE-----