Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/929c70ac-6fb3-463e-89bc-8fe3ea05d47e.roa
File:                     929c70ac-6fb3-463e-89bc-8fe3ea05d47e.roa (raw, json)
Hash identifier:          yoGfnW2st7gInRky0M43vCt8ivGSyUw2RH+JpgzRsVw=
Subject key identifier:   F4:8E:1A:09:C9:02:8A:02:19:70:F0:4C:38:C3:09:6C:F7:77:6C:9E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7528465C478449AFA3C7AF2033AA853336C1F1A2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/929c70ac-6fb3-463e-89bc-8fe3ea05d47e.roa
Signing time:             Mon 13 Oct 2025 15:52:39 +0000
ROA not before:           Mon 13 Oct 2025 15:52:39 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.91.12.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:28:46:5c:47:84:49:af:a3:c7:af:20:33:aa:85:33:36:c1:f1:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 13 15:52:39 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=2b6af4002ea597b9f3de41ee3878f5f547903f6bcea089c1f41be775dc75e5c7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:77:b2:4c:d5:83:b3:1c:c6:4e:0c:7a:6b:2e:
                    e2:4d:2d:e7:00:a0:02:cd:c5:f3:c9:af:79:d1:aa:
                    ea:71:2e:24:f6:4f:f2:25:bf:df:da:b5:a4:51:83:
                    de:1a:96:06:d9:37:31:c5:fd:74:73:cb:55:a2:0c:
                    67:93:3c:ec:1a:ca:52:68:ba:7c:6a:c5:4c:64:a7:
                    77:13:4e:65:ba:a8:b9:07:f1:80:5b:31:62:24:d4:
                    87:61:70:e1:29:4f:34:96:c7:32:a2:5d:60:ac:13:
                    86:25:98:66:e5:30:02:6c:be:72:0f:62:4b:b1:bd:
                    09:53:fe:77:53:f9:fc:54:65:6b:97:2f:47:92:61:
                    7c:96:45:66:15:b3:d1:4a:9e:9a:fb:1a:85:dc:fd:
                    d7:63:bd:07:08:3e:7a:31:26:4b:91:10:45:9e:c3:
                    c4:4e:6e:eb:1b:79:58:8b:cb:65:3f:e0:e0:69:8b:
                    d4:a7:49:0b:36:a6:fe:89:3d:fc:52:39:c5:16:7a:
                    7a:61:ed:e8:7a:ac:2b:1a:57:ab:1a:e0:c5:fa:bc:
                    d4:70:dc:21:6f:ae:f1:7b:62:db:2a:96:51:93:07:
                    d8:2c:56:44:ca:31:73:fc:af:ae:30:d4:d9:b7:46:
                    15:6d:59:bb:5b:e0:09:71:17:d8:d1:6d:80:99:d8:
                    77:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:8E:1A:09:C9:02:8A:02:19:70:F0:4C:38:C3:09:6C:F7:77:6C:9E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/929c70ac-6fb3-463e-89bc-8fe3ea05d47e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.91.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:23:34:80:44:ee:59:0a:71:78:41:60:ac:3e:36:ec:df:b3:
         57:3a:d8:f8:22:53:f6:28:f1:8a:e4:3a:17:b0:53:48:9f:df:
         d1:ca:ca:1d:78:72:24:c6:c8:9e:39:a3:5b:1d:4c:7a:58:92:
         04:d8:a9:a4:66:f8:5a:df:75:81:8e:f2:c3:77:47:6b:d6:6a:
         7e:29:52:1c:78:e0:c7:55:7b:be:4f:1b:5b:99:6a:9c:02:1d:
         2a:57:fb:1e:51:93:18:1b:69:be:98:db:91:25:90:1b:c0:9c:
         74:59:dd:74:1e:a1:29:13:39:45:9c:2b:49:3b:29:63:27:a5:
         b1:46:08:fd:8d:3f:7c:f4:01:b3:c2:2c:7c:2d:2c:91:e8:7a:
         e2:27:8b:82:4a:0e:2d:fe:6b:98:5c:0b:ee:7e:34:45:f3:33:
         c4:96:a2:f2:15:f7:4d:3c:cb:77:dd:04:d6:28:a9:b8:af:e9:
         e4:ac:45:eb:9c:8b:b7:dc:41:2d:ec:f8:73:b8:50:43:71:ff:
         fc:1e:e1:0b:76:08:e7:f6:5f:87:8a:65:b9:a7:0d:0c:8b:d0:
         88:fb:47:5a:35:ec:ef:85:af:7b:fb:15:bf:17:45:b5:7d:35:
         06:31:a0:03:70:42:e1:7d:8c:27:c0:cc:09:85:b9:8a:b1:af:
         6b:85:58:7b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdShGXEeESa+jx68gM6qFMzbB8aIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDEzMTU1MjM5WhcNMjUxMTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyYjZhZjQwMDJlYTU5N2I5ZjNkZTQxZWUzODc4ZjVmNTQ3
OTAzZjZiY2VhMDg5YzFmNDFiZTc3NWRjNzVlNWM3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrd7JM1YOzHMZODHprLuJNLecAoALNxfPJr3nRqupxLiT2
T/Ilv9/ataRRg94algbZNzHF/XRzy1WiDGeTPOwaylJounxqxUxkp3cTTmW6qLkH
8YBbMWIk1IdhcOEpTzSWxzKiXWCsE4YlmGblMAJsvnIPYkuxvQlT/ndT+fxUZWuX
L0eSYXyWRWYVs9FKnpr7GoXc/ddjvQcIPnoxJkuREEWew8RObusbeViLy2U/4OBp
i9SnSQs2pv6JPfxSOcUWenph7eh6rCsaV6sa4MX6vNRw3CFvrvF7YtsqllGTB9gs
VkTKMXP8r64w1Nm3RhVtWbtb4AlxF9jRbYCZ2HdxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9I4aCckCigIZcPBMOMMJbPd3bJ4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzkyOWM3MGFjLTZmYjMtNDYzZS04OWJjLThmZTNlYTA1ZDQ3ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAXWwwwDQYJKoZIhvcNAQELBQADggEBAH0jNIBE7lkKcXhBYKw+Nuzfs1c6
2PgiU/Yo8YrkOhewU0if39HKyh14ciTGyJ45o1sdTHpYkgTYqaRm+FrfdYGO8sN3
R2vWan4pUhx44MdVe75PG1uZapwCHSpX+x5Rkxgbab6Y25ElkBvAnHRZ3XQeoSkT
OUWcK0k7KWMnpbFGCP2NP3z0AbPCLHwtLJHoeuIni4JKDi3+a5hcC+5+NEXzM8SW
ovIV9008y3fdBNYoqbiv6eSsReuci7fcQS3s+HO4UENx//we4Qt2COf2X4eKZbmn
DQyL0Ij7R1o17O+Fr3v7Fb8XRbV9NQYxoANwQuF9jCfAzAmFuYqxr2uFWHs=
-----END CERTIFICATE-----