Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9296230d-b510-447f-8d60-91a5403453bc.roa
File:                     9296230d-b510-447f-8d60-91a5403453bc.roa (raw, json)
Hash identifier:          E2zz3XVcyQPUm956WM0+VV2gIsw/YttsUortf2Gkag4=
Subject key identifier:   58:6C:7D:BF:FC:0B:B4:65:C2:55:D2:86:37:5C:8A:24:95:F7:44:95
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       663FC7330FF611C9B63B6DF2166123D19C3ECBBC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9296230d-b510-447f-8d60-91a5403453bc.roa
Signing time:             Fri 17 Oct 2025 00:21:20 +0000
ROA not before:           Fri 17 Oct 2025 00:21:20 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        107.21.64.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:3f:c7:33:0f:f6:11:c9:b6:3b:6d:f2:16:61:23:d1:9c:3e:cb:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 17 00:21:20 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=ddae43aa4918706a5b7e8b427de88a89f9b9dd92eb46dca500e91deb1af45593, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:d4:bf:48:3b:68:a4:c4:e1:80:d7:e8:29:95:
                    f4:74:2d:73:91:19:52:98:08:e7:af:50:16:68:e7:
                    6b:e1:a4:69:2e:37:f6:55:a1:61:25:5f:a7:61:05:
                    f5:f2:34:f8:1b:4b:ad:ce:5e:2a:87:a7:96:56:6c:
                    df:62:eb:b5:ba:40:d8:e5:29:00:37:1c:77:71:16:
                    82:72:dd:f9:01:44:e6:19:a1:34:c5:d9:7d:7f:cc:
                    ea:ad:d2:7a:4c:a5:c0:42:25:b4:10:06:cc:83:59:
                    43:77:e9:61:0d:b3:19:58:3f:87:24:5a:20:0d:a0:
                    1a:e7:a9:74:f5:87:42:c2:eb:b3:bd:0e:64:c8:24:
                    a4:46:b3:a3:0f:54:36:61:2c:ba:8a:89:c5:5e:75:
                    81:de:46:4d:f0:06:fe:ae:c2:b1:d7:25:a4:40:7f:
                    6d:d6:c1:3e:e1:f5:65:99:d1:ae:ab:97:a9:c8:0e:
                    59:d7:4f:30:87:0a:f2:76:ce:27:a4:dd:a0:2e:6a:
                    e5:3b:4b:5f:06:77:10:c3:50:5c:b5:65:f0:0d:ae:
                    3f:a3:8e:04:04:c1:a9:a1:ee:c1:1a:59:bf:27:43:
                    f1:c4:a4:1a:a5:5b:42:84:a0:c4:12:ad:37:e0:f3:
                    2d:79:c6:6f:55:52:ab:7d:84:22:03:77:b2:33:d8:
                    bb:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:6C:7D:BF:FC:0B:B4:65:C2:55:D2:86:37:5C:8A:24:95:F7:44:95
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9296230d-b510-447f-8d60-91a5403453bc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.21.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         c0:9e:0e:77:27:06:f4:4b:62:bc:93:24:26:66:13:d5:6d:09:
         02:92:7a:1b:20:a8:5b:ca:f2:68:7b:6a:76:0e:d7:73:f9:de:
         f9:88:a2:1b:61:26:15:f1:6c:ec:89:c7:1b:a5:d1:a6:ca:d3:
         d6:b6:27:0f:06:b6:40:65:c4:68:d5:4d:f9:ba:c0:ba:f1:ab:
         f1:15:97:3f:2b:af:79:bc:49:53:cd:7d:14:df:2e:eb:07:91:
         c7:7b:5b:5b:2a:d0:3f:b6:48:7a:9e:c0:d8:c7:5a:52:96:91:
         ca:54:91:26:71:04:15:d1:92:e3:15:92:17:79:3d:18:71:6f:
         a4:5b:0c:a0:bf:2b:9a:0f:07:23:23:6a:a3:4d:53:bf:d9:1c:
         f9:f4:0d:b6:02:0a:0c:67:d6:36:39:c5:cc:30:55:5f:22:ac:
         d2:96:74:e2:30:0e:56:e3:cb:fb:4b:ff:76:12:3c:8d:a3:83:
         73:aa:78:d3:6c:c0:cf:01:94:7f:22:a2:2a:22:80:fc:c1:b1:
         9e:1d:5d:74:b1:83:6c:1a:be:2a:95:43:c6:48:6a:ef:5f:54:
         80:72:60:d0:fc:30:54:ed:99:74:79:5f:1c:44:6d:18:32:15:
         e5:94:02:80:5c:59:7d:5d:04:47:04:11:90:2b:1f:0c:2b:a3:
         9f:a8:f7:ef
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZj/HMw/2Ecm2O23yFmEj0Zw+y7wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE3MDAyMTIwWhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BkZGFlNDNhYTQ5MTg3MDZhNWI3ZThiNDI3ZGU4OGE4OWY5
YjlkZDkyZWI0NmRjYTUwMGU5MWRlYjFhZjQ1NTkzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDW1L9IO2ikxOGA1+gplfR0LXORGVKYCOevUBZo52vhpGku
N/ZVoWElX6dhBfXyNPgbS63OXiqHp5ZWbN9i67W6QNjlKQA3HHdxFoJy3fkBROYZ
oTTF2X1/zOqt0npMpcBCJbQQBsyDWUN36WENsxlYP4ckWiANoBrnqXT1h0LC67O9
DmTIJKRGs6MPVDZhLLqKicVedYHeRk3wBv6uwrHXJaRAf23WwT7h9WWZ0a6rl6nI
DlnXTzCHCvJ2ziek3aAuauU7S18GdxDDUFy1ZfANrj+jjgQEwamh7sEaWb8nQ/HE
pBqlW0KEoMQSrTfg8y15xm9VUqt9hCIDd7Iz2Lv/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWGx9v/wLtGXCVdKGN1yKJJX3RJUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzkyOTYyMzBkLWI1MTAtNDQ3Zi04ZDYwLTkxYTU0MDM0NTNiYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARrFUAwDQYJKoZIhvcNAQELBQADggEBAMCeDncnBvRLYryTJCZmE9VtCQKS
ehsgqFvK8mh7anYO13P53vmIohthJhXxbOyJxxul0abK09a2Jw8GtkBlxGjVTfm6
wLrxq/EVlz8rr3m8SVPNfRTfLusHkcd7W1sq0D+2SHqewNjHWlKWkcpUkSZxBBXR
kuMVkhd5PRhxb6RbDKC/K5oPByMjaqNNU7/ZHPn0DbYCCgxn1jY5xcwwVV8irNKW
dOIwDlbjy/tL/3YSPI2jg3OqeNNswM8BlH8ioioigPzBsZ4dXXSxg2waviqVQ8ZI
au9fVIByYND8MFTtmXR5XxxEbRgyFeWUAoBcWX1dBEcEEZArHwwro5+o9+8=
-----END CERTIFICATE-----