Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/881dacf6-d140-4abe-8126-8ab754799453.roa
File:                     881dacf6-d140-4abe-8126-8ab754799453.roa (raw, json)
Hash identifier:          7eFL02nNu3JjQ/rX9wXWWl5J9ns39t8Hh6QnOJ3PsyM=
Subject key identifier:   94:E6:0D:38:B6:A3:49:01:19:A2:50:96:D1:66:26:E8:FF:AE:82:A3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       D2DD00DBD10CBB31BB5E0800BE8051C8BBCB5E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/881dacf6-d140-4abe-8126-8ab754799453.roa
Signing time:             Tue 07 Oct 2025 15:01:18 +0000
ROA not before:           Tue 07 Oct 2025 15:01:18 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        63.254.144.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            d2:dd:00:db:d1:0c:bb:31:bb:5e:08:00:be:80:51:c8:bb:cb:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 15:01:18 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=8ca3a32f7c4981ecfe68c80ad426e4a0d4acdb8cdabc5e17065e6381e83c917a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:0e:ae:fe:8f:27:95:7d:dc:7b:e7:65:a0:3a:
                    c1:b9:cb:01:10:36:a8:45:53:79:ca:9e:32:7c:44:
                    dd:41:d3:4a:9d:c6:2e:c3:9a:5d:d6:4d:89:c1:69:
                    6e:cd:15:8d:8e:0f:6d:6d:9e:42:9f:ae:34:f7:9d:
                    ce:af:4e:68:0a:8f:a5:70:e7:5d:85:d7:1d:8c:1b:
                    ea:c1:58:26:b2:d3:52:0a:9c:90:d7:de:e0:69:a1:
                    50:7c:a2:bb:2f:34:52:87:30:01:29:2d:3d:cf:bc:
                    14:77:63:84:f7:a8:7a:b3:e9:22:e5:54:64:2e:93:
                    57:b7:20:7e:f2:48:15:f8:d6:d9:dd:6c:20:8e:35:
                    f0:30:2c:4f:d6:8c:f8:45:24:c7:ba:76:cb:54:98:
                    b0:d4:5c:c3:61:70:3a:9d:df:70:82:7e:56:97:7d:
                    40:5e:c1:a1:9c:01:35:8f:e0:5e:77:e6:29:1e:2a:
                    f7:29:bc:05:1c:d3:71:40:f7:a5:d8:ae:07:d8:16:
                    84:2a:d5:e9:7e:26:45:1e:1a:1d:4f:4e:a4:b4:10:
                    a5:e2:b4:5c:04:c7:32:1c:9a:3e:f2:ec:bb:9a:5f:
                    1c:e8:5a:01:d7:06:5a:9d:80:7b:7f:04:4d:f3:3c:
                    4d:a6:31:63:59:2f:fa:35:b6:d8:65:d0:1c:f1:7d:
                    8a:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:E6:0D:38:B6:A3:49:01:19:A2:50:96:D1:66:26:E8:FF:AE:82:A3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/881dacf6-d140-4abe-8126-8ab754799453.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  63.254.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4d:85:06:15:55:b6:bb:0c:89:48:a0:62:50:a1:92:7a:eb:91:
         e2:5c:96:96:ae:4f:bf:97:86:15:a2:1d:55:0b:b8:68:56:bc:
         71:fa:86:3c:49:4a:a5:c1:6e:f3:31:d3:cb:48:fb:fb:7f:2a:
         d4:0e:f8:f6:91:d2:52:02:c6:8b:86:10:e5:97:2c:42:72:ec:
         e6:a7:be:1d:86:8c:fe:d1:26:87:4a:ee:ff:00:da:77:4d:db:
         ad:41:f5:45:44:7d:fe:9d:a0:52:94:74:4d:31:e4:7a:82:3b:
         fb:77:89:90:63:a5:af:69:03:9e:ec:be:f6:e5:27:77:0f:7c:
         00:74:8c:45:df:37:dc:d3:65:23:ec:c5:f4:c4:46:a9:13:e1:
         4d:99:c0:f3:fc:32:6b:70:07:68:50:5d:ea:69:6e:78:cc:53:
         2e:5d:6b:a7:00:1e:07:e3:07:a5:62:a2:51:d9:79:00:7d:40:
         9b:bb:6b:24:a5:ca:f5:7c:c1:75:1b:53:e2:99:44:a2:14:76:
         8b:e4:9f:c5:fb:e0:b2:80:8a:00:79:88:ba:a9:56:f6:0f:9e:
         12:f4:f9:c1:1c:6b:90:c7:d6:c6:98:ed:fb:d4:b5:6c:1d:4d:
         15:87:54:c2:72:e1:55:d4:80:a0:51:88:e8:29:d7:ee:06:b4:
         63:3a:fc:b8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUANLdANvRDLsxu14IAL6AUci7y14wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MTUwMTE4WhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0A4Y2EzYTMyZjdjNDk4MWVjZmU2OGM4MGFkNDI2ZTRhMGQ0
YWNkYjhjZGFiYzVlMTcwNjVlNjM4MWU4M2M5MTdhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCDDq7+jyeVfdx752WgOsG5ywEQNqhFU3nKnjJ8RN1B00qd
xi7Dml3WTYnBaW7NFY2OD21tnkKfrjT3nc6vTmgKj6Vw512F1x2MG+rBWCay01IK
nJDX3uBpoVB8orsvNFKHMAEpLT3PvBR3Y4T3qHqz6SLlVGQuk1e3IH7ySBX41tnd
bCCONfAwLE/WjPhFJMe6dstUmLDUXMNhcDqd33CCflaXfUBewaGcATWP4F535ike
KvcpvAUc03FA96XYrgfYFoQq1el+JkUeGh1PTqS0EKXitFwExzIcmj7y7LuaXxzo
WgHXBlqdgHt/BE3zPE2mMWNZL/o1tthl0BzxfYpXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlOYNOLajSQEZolCW0WYm6P+ugqMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg4MWRhY2Y2LWQxNDAtNGFiZS04MTI2LThhYjc1NDc5OTQ1My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM//pAwDQYJKoZIhvcNAQELBQADggEBAE2FBhVVtrsMiUigYlChknrrkeJc
lpauT7+XhhWiHVULuGhWvHH6hjxJSqXBbvMx08tI+/t/KtQO+PaR0lICxouGEOWX
LEJy7Oanvh2GjP7RJodK7v8A2ndN261B9UVEff6doFKUdE0x5HqCO/t3iZBjpa9p
A57svvblJ3cPfAB0jEXfN9zTZSPsxfTERqkT4U2ZwPP8MmtwB2hQXeppbnjMUy5d
a6cAHgfjB6ViolHZeQB9QJu7aySlyvV8wXUbU+KZRKIUdovkn8X74LKAigB5iLqp
VvYPnhL0+cEca5DH1saY7fvUtWwdTRWHVMJy4VXUgKBRiOgp1+4GtGM6/Lg=
-----END CERTIFICATE-----