Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/979dc8d9-65f6-490d-ba4a-cbcc274052e3.roa
File:                     979dc8d9-65f6-490d-ba4a-cbcc274052e3.roa (raw, json)
Hash identifier:          jM25/rGTVqQDj6wQj5cGRB658hgTqGTSXUNeRPg1E6Y=
Subject key identifier:   82:9A:1F:46:88:87:A1:ED:91:14:10:27:B9:00:EE:8A:9D:F0:87:02
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3DA15FDE88AFB09778C3930D3A78D29CF781E917
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/979dc8d9-65f6-490d-ba4a-cbcc274052e3.roa
Signing time:             Sat 11 Oct 2025 00:41:16 +0000
ROA not before:           Sat 11 Oct 2025 00:41:16 +0000
ROA not after:            Sat 15 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        69.0.152.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:a1:5f:de:88:af:b0:97:78:c3:93:0d:3a:78:d2:9c:f7:81:e9:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 11 00:41:16 2025 GMT
            Not After : Nov 15 23:59:59 2025 GMT
        Subject: serialNumber=128417350c28c94edbb349358cf70e3d7727b70dee1fdcea04a9c45a6b590242, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:0d:94:3f:2d:1a:76:60:c8:7f:a9:d0:c4:18:
                    5c:ef:bb:92:38:3d:06:26:d2:1f:b8:d8:08:24:a0:
                    df:f2:f1:e4:39:81:7a:b9:df:c8:f5:53:31:9a:0c:
                    0b:ad:ac:3f:17:46:24:74:cb:88:a0:9d:ef:a4:b6:
                    15:bc:6a:51:f4:06:85:31:95:f9:a9:c5:98:4d:0e:
                    29:cc:57:6e:bf:a3:5a:92:3b:c9:ba:1a:a5:52:10:
                    be:b3:7c:f7:58:e2:e4:1c:a5:40:60:cc:71:7a:d6:
                    13:61:6b:7d:84:42:6e:72:0c:80:09:b9:c5:48:ff:
                    05:e8:68:7a:e6:b9:aa:16:02:e0:3a:8a:aa:ba:ad:
                    c7:e8:8e:cf:e0:12:ad:33:a7:bc:5b:6c:f3:bb:5d:
                    87:03:b7:4c:e5:68:a5:7b:25:57:fe:58:26:79:a4:
                    37:6f:91:2b:1b:81:2d:83:3f:14:50:f9:a3:92:c7:
                    2e:ef:6d:6b:1a:dc:c9:23:1e:40:84:88:17:ba:52:
                    75:bb:7f:0a:1b:97:30:bf:4a:4d:87:5b:84:51:9f:
                    05:f5:88:e5:b8:66:08:b1:0a:aa:f6:2a:53:90:d1:
                    c9:cc:0d:3b:af:d6:8b:e0:a8:d9:d7:a9:70:e5:b7:
                    48:86:20:ce:c6:4e:4f:dc:04:90:b7:b8:68:c5:40:
                    43:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:9A:1F:46:88:87:A1:ED:91:14:10:27:B9:00:EE:8A:9D:F0:87:02
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/979dc8d9-65f6-490d-ba4a-cbcc274052e3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.0.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b5:19:a3:6b:f5:d3:77:a2:98:e4:90:1a:d7:68:9b:0e:db:b6:
         a5:04:38:e6:45:32:67:e6:8a:b9:ce:82:a6:bd:b8:ab:84:c1:
         40:0c:74:9b:51:38:36:47:1b:3c:44:d5:6f:22:05:2d:23:f6:
         b6:2f:a4:f6:93:a3:4a:5d:33:c3:49:cd:bf:a5:c8:c0:ee:b0:
         7a:42:32:e1:ca:2a:e9:ad:66:08:a0:96:90:76:e8:9a:c8:c5:
         98:b9:a5:7c:b2:d8:e4:2e:59:90:93:bc:e2:89:5a:dc:91:2b:
         8a:12:9e:30:de:08:a6:19:e9:da:19:3d:b0:98:1c:04:94:2a:
         c9:5a:2e:20:fc:07:ea:7e:65:42:5d:94:ad:c0:32:c6:54:42:
         36:52:63:8a:4a:4d:38:c9:33:e8:9e:32:34:c9:01:b5:7e:9c:
         fb:41:09:e5:ce:2b:8b:a9:04:bb:92:0a:60:ef:4e:a9:ec:92:
         97:11:a2:b7:74:81:3e:ae:ab:37:0c:69:2d:84:a8:22:a1:a6:
         1e:33:2a:54:98:8f:30:f9:11:63:50:91:a8:fa:b5:04:71:43:
         13:ee:4d:d9:34:8f:b8:ec:a1:28:8b:56:6a:3e:92:97:4b:5e:
         f6:c8:b2:21:7a:25:58:de:ca:53:d9:1e:d4:74:88:68:17:b9:
         b2:aa:df:36
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPaFf3oivsJd4w5MNOnjSnPeB6RcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDExMDA0MTE2WhcNMjUxMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMjg0MTczNTBjMjhjOTRlZGJiMzQ5MzU4Y2Y3MGUzZDc3
MjdiNzBkZWUxZmRjZWEwNGE5YzQ1YTZiNTkwMjQyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZDZQ/LRp2YMh/qdDEGFzvu5I4PQYm0h+42AgkoN/y8eQ5
gXq538j1UzGaDAutrD8XRiR0y4igne+kthW8alH0BoUxlfmpxZhNDinMV26/o1qS
O8m6GqVSEL6zfPdY4uQcpUBgzHF61hNha32EQm5yDIAJucVI/wXoaHrmuaoWAuA6
iqq6rcfojs/gEq0zp7xbbPO7XYcDt0zlaKV7JVf+WCZ5pDdvkSsbgS2DPxRQ+aOS
xy7vbWsa3MkjHkCEiBe6UnW7fwoblzC/Sk2HW4RRnwX1iOW4ZgixCqr2KlOQ0cnM
DTuv1ovgqNnXqXDlt0iGIM7GTk/cBJC3uGjFQENjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgpofRoiHoe2RFBAnuQDuip3whwIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk3OWRjOGQ5LTY1ZjYtNDkwZC1iYTRhLWNiY2MyNzQwNTJlMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANFAJgwDQYJKoZIhvcNAQELBQADggEBALUZo2v103eimOSQGtdomw7btqUE
OOZFMmfmirnOgqa9uKuEwUAMdJtRODZHGzxE1W8iBS0j9rYvpPaTo0pdM8NJzb+l
yMDusHpCMuHKKumtZgiglpB26JrIxZi5pXyy2OQuWZCTvOKJWtyRK4oSnjDeCKYZ
6doZPbCYHASUKslaLiD8B+p+ZUJdlK3AMsZUQjZSY4pKTTjJM+ieMjTJAbV+nPtB
CeXOK4upBLuSCmDvTqnskpcRord0gT6uqzcMaS2EqCKhph4zKlSYjzD5EWNQkaj6
tQRxQxPuTdk0j7jsoSiLVmo+kpdLXvbIsiF6JVjeylPZHtR0iGgXubKq3zY=
-----END CERTIFICATE-----