Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8e5cade7-274f-4d8d-9062-f019edfa1e70.roa
File:                     8e5cade7-274f-4d8d-9062-f019edfa1e70.roa (raw, json)
Hash identifier:          8PdjqEnx6LALxS7g+Qud9ben9uji6aRiqwGqfnWyfps=
Subject key identifier:   F5:91:56:92:08:B9:43:A4:B9:2B:BD:A9:D3:84:7B:38:DB:02:77:45
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2F0E5F7EBAAC02A4055A568C07053DD4C8191734
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8e5cade7-274f-4d8d-9062-f019edfa1e70.roa
Signing time:             Tue 07 Oct 2025 00:39:32 +0000
ROA not before:           Tue 07 Oct 2025 00:39:32 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        184.72.64.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:0e:5f:7e:ba:ac:02:a4:05:5a:56:8c:07:05:3d:d4:c8:19:17:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:39:32 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=cce05362ebf1b56359f771af04faccb3d17a5b8d16f139dcf2351151dc72d211, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:01:22:59:6a:2d:3a:3f:b3:1e:1f:65:56:36:
                    aa:4f:bf:55:36:86:bd:65:27:ac:b9:87:55:37:1b:
                    3e:f7:c0:5d:12:49:de:3d:09:3a:16:1d:5c:90:c5:
                    3b:2a:1b:cc:b2:e0:dd:04:ec:8d:1c:2e:c3:46:cd:
                    7b:2a:30:d7:11:6f:67:b6:6d:2f:23:e7:a7:c6:f7:
                    ea:13:40:99:7a:c8:f3:e7:e5:ec:fb:fa:8b:1b:df:
                    68:5a:75:17:1e:32:85:b7:65:e5:a1:9b:cc:a8:4c:
                    98:b2:5d:13:b1:32:21:91:15:e6:38:6f:ee:55:9f:
                    0a:f8:d8:c7:9a:8c:fa:19:ea:90:a2:5f:53:18:d2:
                    c7:0a:63:37:dc:ab:c3:79:dd:cd:96:6e:49:47:60:
                    1b:1f:d6:43:00:d8:9d:fd:86:95:dd:f6:3a:dd:01:
                    80:48:91:bf:d1:42:67:97:3b:0e:75:c2:8d:94:5a:
                    a4:69:87:93:36:a1:da:57:bc:d0:63:fa:ae:ce:64:
                    25:15:3d:c4:a9:53:6b:ee:5c:ec:e2:56:ec:ee:70:
                    eb:19:d0:b8:0b:35:90:34:65:88:c8:7b:24:0c:3c:
                    08:2e:68:97:a2:f4:e1:f1:3b:6e:6a:9e:52:9b:9f:
                    25:75:2d:1c:aa:1e:5e:3e:59:10:b7:17:f1:e9:37:
                    39:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:91:56:92:08:B9:43:A4:B9:2B:BD:A9:D3:84:7B:38:DB:02:77:45
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8e5cade7-274f-4d8d-9062-f019edfa1e70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  184.72.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         c5:7a:9f:51:7f:4c:92:1f:70:02:b6:99:b4:50:66:cf:09:1a:
         f4:2e:d8:05:24:a0:3a:2d:6b:f5:e7:fb:af:ba:d2:97:f2:38:
         7d:01:b8:66:5c:ca:a1:2e:f6:9b:e0:fc:12:19:c1:05:3a:80:
         55:9e:42:79:cd:09:40:9c:89:8e:85:0c:d9:73:33:7b:47:b3:
         87:db:a2:7f:c8:8b:62:ac:71:56:f7:b1:ab:59:52:ea:9c:f4:
         2b:69:fc:da:3b:66:2f:fa:68:d8:62:bf:c8:ae:bb:3e:e0:d8:
         c2:61:5e:18:f0:e2:8f:4c:d0:64:74:fc:90:e4:3e:1e:31:32:
         1b:05:9a:4f:67:12:db:38:85:21:13:5a:8c:db:44:54:80:10:
         fd:26:21:d3:67:0f:c0:b2:bd:13:a8:62:f5:42:33:5a:0b:70:
         94:e9:b3:8b:e0:f5:93:0c:41:69:e4:6c:8a:e2:96:94:5f:58:
         1b:e3:6f:a9:78:1a:e7:b9:69:9b:62:9b:73:91:c3:fd:cb:35:
         b9:f7:c4:e3:49:38:e1:77:4f:ee:3c:88:8b:5b:0d:c7:6e:ea:
         15:c1:2e:7d:52:3b:0c:90:e6:bc:1c:3c:57:82:c2:64:a7:bf:
         bb:ba:7e:b0:94:ca:e4:c7:55:1b:8d:6e:8c:05:ef:21:2a:26:
         03:0a:1d:8c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULw5ffrqsAqQFWlaMBwU91MgZFzQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDAzOTMyWhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0BjY2UwNTM2MmViZjFiNTYzNTlmNzcxYWYwNGZhY2NiM2Qx
N2E1YjhkMTZmMTM5ZGNmMjM1MTE1MWRjNzJkMjExMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmASJZai06P7MeH2VWNqpPv1U2hr1lJ6y5h1U3Gz73wF0S
Sd49CToWHVyQxTsqG8yy4N0E7I0cLsNGzXsqMNcRb2e2bS8j56fG9+oTQJl6yPPn
5ez7+osb32hadRceMoW3ZeWhm8yoTJiyXROxMiGRFeY4b+5Vnwr42MeajPoZ6pCi
X1MY0scKYzfcq8N53c2WbklHYBsf1kMA2J39hpXd9jrdAYBIkb/RQmeXOw51wo2U
WqRph5M2odpXvNBj+q7OZCUVPcSpU2vuXOziVuzucOsZ0LgLNZA0ZYjIeyQMPAgu
aJei9OHxO25qnlKbnyV1LRyqHl4+WRC3F/HpNzkjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9ZFWkgi5Q6S5K72p04R7ONsCd0UwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhlNWNhZGU3LTI3NGYtNGQ4ZC05MDYyLWYwMTllZGZhMWU3MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAS4SEAwDQYJKoZIhvcNAQELBQADggEBAMV6n1F/TJIfcAK2mbRQZs8JGvQu
2AUkoDota/Xn+6+60pfyOH0BuGZcyqEu9pvg/BIZwQU6gFWeQnnNCUCciY6FDNlz
M3tHs4fbon/Ii2KscVb3satZUuqc9Ctp/No7Zi/6aNhiv8iuuz7g2MJhXhjw4o9M
0GR0/JDkPh4xMhsFmk9nEts4hSETWozbRFSAEP0mIdNnD8CyvROoYvVCM1oLcJTp
s4vg9ZMMQWnkbIrilpRfWBvjb6l4Gue5aZtim3ORw/3LNbn3xONJOOF3T+48iItb
Dcdu6hXBLn1SOwyQ5rwcPFeCwmSnv7u6frCUyuTHVRuNbowF7yEqJgMKHYw=
-----END CERTIFICATE-----