Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/88296b80-7a2f-4c78-bca6-31fd9a45902e.roa
File:                     88296b80-7a2f-4c78-bca6-31fd9a45902e.roa (raw, json)
Hash identifier:          ulVrBGRaaBBBWTGnYZD6G8fqztOVLeutgYF+NaAdhuQ=
Subject key identifier:   02:8D:C1:29:9A:9F:DF:44:D6:D9:C3:0A:9A:E2:35:DE:B3:FC:7D:60
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3E47857151CEA3D17B27CE1121141F1C2B421C4D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/88296b80-7a2f-4c78-bca6-31fd9a45902e.roa
Signing time:             Wed 01 Oct 2025 00:42:37 +0000
ROA not before:           Wed 01 Oct 2025 00:42:37 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        66.245.128.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:47:85:71:51:ce:a3:d1:7b:27:ce:11:21:14:1f:1c:2b:42:1c:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:42:37 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=712f640168660136926ae81ca325999509e911ca6a9c9484bb233fb21a58ec77, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:e8:1b:1a:0c:e9:60:7c:a3:38:16:0a:1d:77:
                    a8:7c:bd:b7:41:ab:b3:77:ae:2f:62:c3:f4:c4:d3:
                    ab:ab:97:f2:8f:86:0c:6b:e0:b3:c9:5a:8e:7c:d1:
                    2f:45:3f:68:92:a7:10:77:c7:16:9f:2e:36:c0:a1:
                    e5:cd:0e:30:87:d5:3f:a6:db:b4:fe:d9:7b:7d:57:
                    d5:be:d1:8d:3b:f1:41:e4:49:dd:a4:e5:38:00:08:
                    36:91:e0:aa:58:b1:16:0d:f3:94:7b:4f:6f:2c:75:
                    c5:62:63:fd:8c:44:34:d8:f0:3b:ac:5b:9b:62:bf:
                    21:22:63:85:13:2c:c0:62:b8:0e:2c:46:4a:d8:cd:
                    47:8c:87:13:43:1a:6d:21:08:fa:48:e7:86:49:24:
                    e6:bd:d4:0f:ad:2f:1f:23:c5:eb:54:6b:ee:1f:85:
                    4b:1e:f5:6d:bc:31:ff:e7:c3:79:94:1f:5a:b8:ec:
                    ea:87:ef:cc:b1:d7:3a:03:1e:db:cb:d1:a8:a2:f7:
                    14:ed:36:10:b9:42:44:71:b8:ae:ce:5e:19:07:ee:
                    3a:77:66:fa:b2:1f:8f:5e:27:45:56:e2:24:c2:ff:
                    e6:c9:d8:df:2b:e5:fb:fc:07:16:a6:be:39:e2:8f:
                    e5:13:64:cb:f2:45:bf:ce:91:93:ef:61:6b:a6:17:
                    fc:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:8D:C1:29:9A:9F:DF:44:D6:D9:C3:0A:9A:E2:35:DE:B3:FC:7D:60
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/88296b80-7a2f-4c78-bca6-31fd9a45902e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.245.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         25:b0:02:0a:8b:e8:2d:60:c5:fc:64:dc:d1:c3:c9:1d:f8:0f:
         07:c9:d8:be:e1:c5:a6:5e:2e:19:4f:e2:31:0d:54:c6:83:3c:
         e3:f6:2c:09:a7:fd:e1:92:b4:87:a1:0e:a3:25:82:cc:07:4c:
         8d:9c:f0:e8:a8:fa:7b:d6:62:3c:ac:d0:ee:ea:7f:c0:14:b2:
         43:4e:f1:61:8a:e8:c5:a0:ed:b5:8e:0c:4b:c1:6b:ac:57:af:
         58:8f:33:c1:c1:31:fd:c6:59:20:1c:08:42:1a:93:cc:5f:ae:
         d3:a7:2a:05:4d:24:5c:8e:75:4d:ea:5d:be:98:4d:57:32:d3:
         3a:18:69:c5:6c:fb:c7:e3:59:12:89:44:4d:bd:d9:9d:0a:42:
         d0:e2:c6:6d:de:87:ce:83:b8:b3:8f:7f:a4:8e:fe:73:7c:99:
         12:a2:63:fa:9a:f6:ad:ac:77:d5:6b:d5:29:03:87:2d:d0:06:
         7f:df:af:86:6b:e3:6f:bc:c8:c0:5f:63:a5:0f:4f:8e:fe:80:
         8e:3b:27:f1:c6:57:1d:7f:30:a5:fb:11:7e:71:f5:57:d2:13:
         c7:05:08:bf:b8:38:b8:cc:d2:d8:87:63:7a:d7:66:a6:81:bf:
         4c:83:a7:e5:14:9a:5e:ae:87:67:19:44:1b:f5:38:92:42:c5:
         50:3d:b9:8e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPkeFcVHOo9F7J84RIRQfHCtCHE0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDA0MjM3WhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MTJmNjQwMTY4NjYwMTM2OTI2YWU4MWNhMzI1OTk5NTA5
ZTkxMWNhNmE5Yzk0ODRiYjIzM2ZiMjFhNThlYzc3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDM6BsaDOlgfKM4Fgodd6h8vbdBq7N3ri9iw/TE06url/KP
hgxr4LPJWo580S9FP2iSpxB3xxafLjbAoeXNDjCH1T+m27T+2Xt9V9W+0Y078UHk
Sd2k5TgACDaR4KpYsRYN85R7T28sdcViY/2MRDTY8DusW5tivyEiY4UTLMBiuA4s
RkrYzUeMhxNDGm0hCPpI54ZJJOa91A+tLx8jxetUa+4fhUse9W28Mf/nw3mUH1q4
7OqH78yx1zoDHtvL0aii9xTtNhC5QkRxuK7OXhkH7jp3ZvqyH49eJ0VW4iTC/+bJ
2N8r5fv8Bxamvjnij+UTZMvyRb/OkZPvYWumF/z7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAo3BKZqf30TW2cMKmuI13rP8fWAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg4Mjk2YjgwLTdhMmYtNGM3OC1iY2E2LTMxZmQ5YTQ1OTAyZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVC9YAwDQYJKoZIhvcNAQELBQADggEBACWwAgqL6C1gxfxk3NHDyR34DwfJ
2L7hxaZeLhlP4jENVMaDPOP2LAmn/eGStIehDqMlgswHTI2c8Oio+nvWYjys0O7q
f8AUskNO8WGK6MWg7bWODEvBa6xXr1iPM8HBMf3GWSAcCEIak8xfrtOnKgVNJFyO
dU3qXb6YTVcy0zoYacVs+8fjWRKJRE292Z0KQtDixm3eh86DuLOPf6SO/nN8mRKi
Y/qa9q2sd9Vr1SkDhy3QBn/fr4Zr42+8yMBfY6UPT47+gI47J/HGVx1/MKX7EX5x
9VfSE8cFCL+4OLjM0tiHY3rXZqaBv0yDp+UUml6uh2cZRBv1OJJCxVA9uY4=
-----END CERTIFICATE-----