Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9b43fb05-693f-46c0-9be3-ab992fa4cf3f.roa
File:                     9b43fb05-693f-46c0-9be3-ab992fa4cf3f.roa (raw, json)
Hash identifier:          6F4WWlz2jYi5Y+0/E1Cd4pF94N+7qgNeyrk+8WM5HR8=
Subject key identifier:   1E:D8:B9:78:CA:BB:2D:88:35:7F:55:9C:E2:3E:0F:1C:03:1D:6F:31
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       49AF5AA35B74EC64A6AE6EF3B0396FB61DC9FD53
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9b43fb05-693f-46c0-9be3-ab992fa4cf3f.roa
Signing time:             Fri 03 Oct 2025 00:03:09 +0000
ROA not before:           Fri 03 Oct 2025 00:03:09 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        209.92.232.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:af:5a:a3:5b:74:ec:64:a6:ae:6e:f3:b0:39:6f:b6:1d:c9:fd:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:03:09 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=fd59c2bf1189ce399fe195c4688de6a9740818a0cbcb038849a576888c0db293, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:08:fa:e7:82:55:2d:6d:34:d1:74:db:b0:98:
                    ae:6d:c7:fb:4c:66:c0:30:8c:95:e9:d2:f0:ec:75:
                    31:76:19:5c:2a:72:b7:3c:fc:a5:ff:da:82:ad:8a:
                    81:d0:88:52:6a:0f:b8:74:50:a8:87:23:6c:e0:d7:
                    da:af:6a:b8:6d:92:34:14:5f:4d:e2:be:5f:5d:87:
                    48:d8:4b:66:3e:73:51:dc:73:c1:74:20:86:cf:ab:
                    53:86:ba:4a:03:ed:ea:70:46:3e:3f:35:58:70:bf:
                    ed:00:2f:75:4c:51:96:34:ec:0c:c8:d0:a5:c5:f2:
                    2c:8a:06:59:48:5f:b9:3e:15:e6:0f:7d:a9:67:06:
                    69:87:37:6d:db:21:33:7b:66:58:df:50:3d:49:95:
                    ff:ea:77:b3:69:0c:15:30:c3:80:4b:5d:69:af:93:
                    52:0d:ff:f8:1e:0a:17:52:30:b1:25:34:16:fc:2a:
                    54:95:f6:14:39:45:42:55:fd:cc:f4:7b:5a:f3:18:
                    22:ec:d5:cb:81:df:4e:5d:b9:cf:df:7b:df:95:ac:
                    fb:3e:47:a1:06:7b:de:01:72:96:8b:17:13:00:a9:
                    d5:44:40:32:e1:7c:f4:7c:24:77:15:a3:8d:90:2c:
                    de:59:fc:b2:1a:a8:94:ed:75:b3:03:06:bb:bc:e3:
                    f6:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:D8:B9:78:CA:BB:2D:88:35:7F:55:9C:E2:3E:0F:1C:03:1D:6F:31
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9b43fb05-693f-46c0-9be3-ab992fa4cf3f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.92.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         54:22:c3:f2:3b:c2:5f:b3:b5:93:8b:6f:0a:13:6d:af:88:fe:
         b5:42:12:21:cd:d8:6e:42:7f:a8:bc:34:f9:7f:31:1c:b0:5a:
         d1:98:aa:2f:34:32:a2:3a:6a:43:ac:1e:c1:95:a6:22:bc:85:
         45:3e:de:12:45:46:e3:59:79:2d:c6:51:59:ff:67:2d:1b:fe:
         a9:86:b5:b2:2b:6e:fd:f9:ac:a0:b4:f4:eb:0e:95:55:d4:ff:
         89:62:a4:43:55:f4:76:61:b5:3f:ee:40:a6:5c:82:e0:cd:71:
         9b:d3:a0:22:08:b0:1f:6e:33:89:a8:57:e5:17:05:a8:df:99:
         1e:7d:dd:f6:ec:07:2b:14:86:d2:af:ad:7d:04:1e:1d:7e:33:
         51:4d:a6:4e:33:dc:e4:74:30:a7:7c:0e:65:06:50:59:a5:c0:
         f8:ab:e8:0d:ff:96:0d:20:5e:da:d5:ba:70:b4:b5:7a:1f:29:
         33:2a:c3:31:a3:b7:bb:ff:1c:f6:fa:4c:8d:ce:2f:68:b9:e3:
         3a:1f:53:06:c3:be:63:ca:ee:d2:ac:f8:fa:bc:82:94:25:c9:
         57:40:63:58:cf:d7:ce:75:c6:7a:ac:0e:ca:06:ac:fa:dd:84:
         23:a0:da:f5:34:09:d2:72:36:b2:1f:4b:c3:22:d8:77:1c:53:
         78:60:25:bb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSa9ao1t07GSmrm7zsDlvth3J/VMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDAwMzA5WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZDU5YzJiZjExODljZTM5OWZlMTk1YzQ2ODhkZTZhOTc0
MDgxOGEwY2JjYjAzODg0OWE1NzY4ODhjMGRiMjkzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmCPrnglUtbTTRdNuwmK5tx/tMZsAwjJXp0vDsdTF2GVwq
crc8/KX/2oKtioHQiFJqD7h0UKiHI2zg19qvarhtkjQUX03ivl9dh0jYS2Y+c1Hc
c8F0IIbPq1OGukoD7epwRj4/NVhwv+0AL3VMUZY07AzI0KXF8iyKBllIX7k+FeYP
falnBmmHN23bITN7ZljfUD1Jlf/qd7NpDBUww4BLXWmvk1IN//geChdSMLElNBb8
KlSV9hQ5RUJV/cz0e1rzGCLs1cuB305duc/fe9+VrPs+R6EGe94BcpaLFxMAqdVE
QDLhfPR8JHcVo42QLN5Z/LIaqJTtdbMDBru84/aVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHti5eMq7LYg1f1Wc4j4PHAMdbzEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzliNDNmYjA1LTY5M2YtNDZjMC05YmUzLWFiOTkyZmE0Y2YzZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPRXOgwDQYJKoZIhvcNAQELBQADggEBAFQiw/I7wl+ztZOLbwoTba+I/rVC
EiHN2G5Cf6i8NPl/MRywWtGYqi80MqI6akOsHsGVpiK8hUU+3hJFRuNZeS3GUVn/
Zy0b/qmGtbIrbv35rKC09OsOlVXU/4lipENV9HZhtT/uQKZcguDNcZvToCIIsB9u
M4moV+UXBajfmR593fbsBysUhtKvrX0EHh1+M1FNpk4z3OR0MKd8DmUGUFmlwPir
6A3/lg0gXtrVunC0tXofKTMqwzGjt7v/HPb6TI3OL2i54zofUwbDvmPK7tKs+Pq8
gpQlyVdAY1jP1851xnqsDsoGrPrdhCOg2vU0CdJyNrIfS8Mi2HccU3hgJbs=
-----END CERTIFICATE-----