Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/955588be-c62d-488a-a9c1-49122ad1a211.roa
File:                     955588be-c62d-488a-a9c1-49122ad1a211.roa (raw, json)
Hash identifier:          9D6RRS4kBoCeADxB1pGTz/oC0YYmp7GkM3EK3FQE6SI=
Subject key identifier:   63:17:13:2F:18:69:16:83:D1:B4:AD:1E:88:D1:7C:8F:D3:A5:1F:A5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       474AA33F798C6AB5A07B70AD738A396E3C1F08CC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/955588be-c62d-488a-a9c1-49122ad1a211.roa
Signing time:             Sat 18 Oct 2025 03:31:11 +0000
ROA not before:           Sat 18 Oct 2025 03:31:11 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.8.116.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:4a:a3:3f:79:8c:6a:b5:a0:7b:70:ad:73:8a:39:6e:3c:1f:08:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 03:31:11 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=075f0e0fd9a81b9fa4db1b094583e828931e4bf791ca1a6bff0a186639ad261d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:bb:51:ed:f6:fc:c6:29:74:f4:99:87:20:6c:
                    72:06:16:c3:cc:8a:98:55:56:e6:f4:10:fc:53:ab:
                    8e:b7:85:d6:fb:1c:1c:4a:80:a0:37:67:41:bb:b3:
                    1e:96:5d:5b:9a:8d:e6:0a:ce:01:62:42:e3:c8:6e:
                    b2:ae:9b:bb:16:d1:02:13:dc:09:3d:17:01:64:72:
                    b9:62:00:02:fc:5e:77:51:67:b0:eb:b0:61:a4:2c:
                    46:e0:7d:16:f4:f3:9d:56:e2:19:88:98:57:0c:d1:
                    ad:62:55:a8:36:03:80:5d:89:46:50:b4:9d:5e:b7:
                    7c:9b:16:31:88:46:75:05:09:a3:33:56:e7:ef:fc:
                    4d:ac:13:7c:c7:96:ce:43:9d:1a:61:00:1b:65:b7:
                    8e:25:c7:33:c0:06:f7:6d:6c:6f:4f:38:90:ee:bf:
                    f2:e4:4a:76:1f:3a:2e:07:aa:92:ba:e7:ca:08:62:
                    30:c9:f5:37:2b:c2:6c:01:e7:9f:c0:be:c6:bb:cb:
                    3e:85:57:d7:09:f3:02:bb:1e:2d:2a:72:3b:24:d8:
                    c2:8a:e4:37:6f:29:94:70:e3:7f:8d:95:bd:5e:18:
                    bc:0c:98:5b:74:22:fe:49:a1:af:14:37:30:0c:e1:
                    5c:47:86:b8:29:d0:2a:24:a5:d0:e5:5a:9b:2a:b3:
                    7a:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:17:13:2F:18:69:16:83:D1:B4:AD:1E:88:D1:7C:8F:D3:A5:1F:A5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/955588be-c62d-488a-a9c1-49122ad1a211.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.8.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d5:5d:90:75:eb:f2:d6:a0:98:19:af:9a:f2:7d:d7:63:4a:de:
         b2:36:91:7f:69:44:3c:96:e6:5f:97:e3:6a:f6:f6:41:20:ac:
         3c:ce:5c:e9:0f:27:60:fe:3f:b6:cc:38:25:ab:22:62:27:a9:
         bb:57:42:2f:d0:7d:c0:98:73:9f:47:f4:b0:6f:cd:04:47:5d:
         18:80:61:3e:97:42:d8:61:47:f1:c4:6e:d1:01:56:bd:6b:3f:
         f3:50:d8:bb:9a:ec:49:e7:da:86:39:95:f8:a2:b8:e9:c8:92:
         53:18:8d:be:68:1f:ad:98:7d:c6:f4:d6:dd:ca:f1:ab:82:c1:
         62:a6:3b:3a:ad:93:9d:b9:f7:a1:7a:0b:e1:72:6e:37:e6:b9:
         6e:a6:35:3f:0c:ff:e9:b3:31:95:3c:84:69:c8:89:19:0f:87:
         01:6c:90:64:9e:74:00:2f:6e:22:bc:d9:15:a9:da:2d:73:a3:
         2d:0c:96:e6:95:87:f8:93:1a:b6:83:9d:23:b6:fd:5e:96:e3:
         3c:ae:7a:dc:a6:01:5b:73:75:aa:d2:e2:d7:a8:66:58:58:67:
         11:35:8b:d1:4d:67:97:c1:83:d1:bf:34:35:cc:57:ba:7e:e6:
         8f:c5:59:65:9b:20:12:a0:25:09:ba:e4:be:56:f6:5e:c3:0b:
         d7:36:38:a8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUR0qjP3mMarWge3Ctc4o5bjwfCMwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDMzMTExWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNzVmMGUwZmQ5YTgxYjlmYTRkYjFiMDk0NTgzZTgyODkz
MWU0YmY3OTFjYTFhNmJmZjBhMTg2NjM5YWQyNjFkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZu1Ht9vzGKXT0mYcgbHIGFsPMiphVVub0EPxTq463hdb7
HBxKgKA3Z0G7sx6WXVuajeYKzgFiQuPIbrKum7sW0QIT3Ak9FwFkcrliAAL8XndR
Z7DrsGGkLEbgfRb0851W4hmImFcM0a1iVag2A4BdiUZQtJ1et3ybFjGIRnUFCaMz
Vufv/E2sE3zHls5DnRphABtlt44lxzPABvdtbG9POJDuv/LkSnYfOi4HqpK658oI
YjDJ9TcrwmwB55/Avsa7yz6FV9cJ8wK7Hi0qcjsk2MKK5DdvKZRw43+Nlb1eGLwM
mFt0Iv5Joa8UNzAM4VxHhrgp0CokpdDlWpsqs3qLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYxcTLxhpFoPRtK0eiNF8j9OlH6UwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk1NTU4OGJlLWM2MmQtNDg4YS1hOWMxLTQ5MTIyYWQxYTIxMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFBCHQwDQYJKoZIhvcNAQELBQADggEBANVdkHXr8tagmBmvmvJ912NK3rI2
kX9pRDyW5l+X42r29kEgrDzOXOkPJ2D+P7bMOCWrImInqbtXQi/QfcCYc59H9LBv
zQRHXRiAYT6XQthhR/HEbtEBVr1rP/NQ2Lua7Enn2oY5lfiiuOnIklMYjb5oH62Y
fcb01t3K8auCwWKmOzqtk52596F6C+FybjfmuW6mNT8M/+mzMZU8hGnIiRkPhwFs
kGSedAAvbiK82RWp2i1zoy0MluaVh/iTGraDnSO2/V6W4zyuetymAVtzdarS4teo
ZlhYZxE1i9FNZ5fBg9G/NDXMV7p+5o/FWWWbIBKgJQm65L5W9l7DC9c2OKg=
-----END CERTIFICATE-----