Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98bde87c-ce2e-4295-8b0f-ca4ee64d5242.roa
File:                     98bde87c-ce2e-4295-8b0f-ca4ee64d5242.roa (raw, json)
Hash identifier:          5fcH1ooqL08SMiDqEoSdGGwwjwdJWQIhAGp5+bmIP0Q=
Subject key identifier:   15:2C:C2:92:60:F6:4A:A0:48:DA:36:E4:B5:89:A9:9D:40:36:96:3C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6382DE66628C5BDF3A92DE7A0A9A88C68870BCA9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98bde87c-ce2e-4295-8b0f-ca4ee64d5242.roa
Signing time:             Tue 14 Oct 2025 17:42:50 +0000
ROA not before:           Tue 14 Oct 2025 17:42:50 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        71.152.3.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:82:de:66:62:8c:5b:df:3a:92:de:7a:0a:9a:88:c6:88:70:bc:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 17:42:50 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=284b89e330110f77c118a7e4d6258312c4f004b9ca09b7a7bf333b52c7379960, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:61:1d:1c:69:91:d3:88:91:97:aa:69:19:48:
                    63:c1:0b:c8:a8:71:c7:72:5f:5e:3e:f5:3d:59:22:
                    af:73:52:d3:d3:1c:44:f6:3b:e1:4e:23:31:38:d8:
                    0b:29:b4:15:bf:62:24:1a:a6:88:ba:57:06:c3:21:
                    82:2c:4c:c6:f0:b6:ac:7b:d5:f6:3a:b2:a0:10:8e:
                    29:04:5d:18:96:0c:40:18:db:fa:14:31:e1:f9:78:
                    b3:51:1c:f2:5f:f9:a2:39:2b:86:ee:68:74:25:6e:
                    9c:43:73:eb:bd:03:2e:70:b3:65:9f:5e:43:fe:73:
                    1f:44:e3:43:b2:21:fb:06:f5:58:38:ef:27:dd:b4:
                    e8:80:8b:7b:41:ed:3c:75:52:0f:6b:56:87:04:3f:
                    ec:50:33:0f:1d:f4:65:c2:51:7f:e2:93:86:d9:3e:
                    c9:73:fd:1c:41:7a:11:f0:f6:44:cf:c3:39:62:60:
                    1d:e3:dd:84:6f:f1:99:a6:74:8b:06:ff:78:65:cf:
                    7c:4a:ee:28:5e:89:7f:45:07:df:de:fe:1f:55:bd:
                    a5:41:b9:2d:25:48:a2:71:75:e5:de:5d:87:7d:7a:
                    ec:8b:1c:59:dc:7a:7c:bd:83:f2:e9:93:be:56:bb:
                    03:a5:6e:be:4a:41:10:9a:51:2c:7f:58:ee:90:a0:
                    01:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:2C:C2:92:60:F6:4A:A0:48:DA:36:E4:B5:89:A9:9D:40:36:96:3C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98bde87c-ce2e-4295-8b0f-ca4ee64d5242.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  71.152.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:16:3e:44:a5:8f:59:87:3a:d6:32:82:58:16:08:7b:c5:78:
         97:45:14:2b:ac:ab:ac:08:67:2f:36:57:e5:66:05:52:08:02:
         84:1f:04:39:48:e0:60:02:26:fc:47:e5:48:16:2f:39:ea:50:
         ab:e9:df:f7:18:7b:c0:f8:9f:ec:67:fb:20:f5:6c:15:37:30:
         b2:6f:c3:7c:68:89:19:c1:c3:53:f8:d7:bc:a3:15:c9:01:22:
         ee:ee:52:08:f6:61:89:89:70:b5:4c:5b:3c:ce:b7:91:c1:9b:
         c2:63:bd:6d:e8:0c:fe:fa:dc:1d:e8:9b:c4:50:87:44:05:38:
         6f:0e:98:c8:6c:a5:25:94:d7:a2:ec:58:6f:f5:6d:f8:7f:14:
         14:60:70:be:f2:fd:8d:0e:3e:75:ed:4e:f2:07:46:71:61:95:
         73:59:58:1d:9d:95:3b:cb:80:79:37:58:1d:03:79:64:98:b5:
         04:57:57:17:05:9a:25:54:f7:b8:ac:12:cc:1e:aa:1c:4d:95:
         c2:6a:42:40:7c:ca:78:24:bc:cd:4f:d2:d6:5e:f7:cd:4b:07:
         49:31:5d:60:69:29:22:f7:09:58:62:3e:2c:c4:8e:fa:42:64:
         ee:c5:85:a1:bd:da:73:c6:b2:ba:3e:1b:f4:65:25:31:de:47:
         2b:d6:41:76
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY4LeZmKMW986kt56CpqIxohwvKkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTc0MjUwWhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyODRiODllMzMwMTEwZjc3YzExOGE3ZTRkNjI1ODMxMmM0
ZjAwNGI5Y2EwOWI3YTdiZjMzM2I1MmM3Mzc5OTYwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMYR0caZHTiJGXqmkZSGPBC8ioccdyX14+9T1ZIq9zUtPT
HET2O+FOIzE42AsptBW/YiQapoi6VwbDIYIsTMbwtqx71fY6sqAQjikEXRiWDEAY
2/oUMeH5eLNRHPJf+aI5K4buaHQlbpxDc+u9Ay5ws2WfXkP+cx9E40OyIfsG9Vg4
7yfdtOiAi3tB7Tx1Ug9rVocEP+xQMw8d9GXCUX/ik4bZPslz/RxBehHw9kTPwzli
YB3j3YRv8ZmmdIsG/3hlz3xK7iheiX9FB9/e/h9VvaVBuS0lSKJxdeXeXYd9euyL
HFnceny9g/Lpk75WuwOlbr5KQRCaUSx/WO6QoAG1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFSzCkmD2SqBI2jbktYmpnUA2ljwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk4YmRlODdjLWNlMmUtNDI5NS04YjBmLWNhNGVlNjRkNTI0Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABHmAMwDQYJKoZIhvcNAQELBQADggEBAC4WPkSlj1mHOtYyglgWCHvFeJdF
FCusq6wIZy82V+VmBVIIAoQfBDlI4GACJvxH5UgWLznqUKvp3/cYe8D4n+xn+yD1
bBU3MLJvw3xoiRnBw1P417yjFckBIu7uUgj2YYmJcLVMWzzOt5HBm8JjvW3oDP76
3B3om8RQh0QFOG8OmMhspSWU16LsWG/1bfh/FBRgcL7y/Y0OPnXtTvIHRnFhlXNZ
WB2dlTvLgHk3WB0DeWSYtQRXVxcFmiVU97isEsweqhxNlcJqQkB8yngkvM1P0tZe
981LB0kxXWBpKSL3CVhiPizEjvpCZO7FhaG92nPGsro+G/RlJTHeRyvWQXY=
-----END CERTIFICATE-----