Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9eaf6742-59c5-48eb-a0f8-74c2f6d197de.roa
File:                     9eaf6742-59c5-48eb-a0f8-74c2f6d197de.roa (raw, json)
Hash identifier:          f75e4NMYTdX2+uH7j8Bfl2pc/xMq668tFTagYuz7qPg=
Subject key identifier:   4C:85:FC:F2:4F:D9:C3:58:08:24:43:0E:19:B1:E3:1D:A0:BF:D9:C0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       74828AF9A3F2E3297192FD79F6F3C44B49613D7C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9eaf6742-59c5-48eb-a0f8-74c2f6d197de.roa
Signing time:             Sat 18 Oct 2025 02:30:14 +0000
ROA not before:           Sat 18 Oct 2025 02:30:14 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        23.22.73.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:82:8a:f9:a3:f2:e3:29:71:92:fd:79:f6:f3:c4:4b:49:61:3d:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 02:30:14 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=2f01a20432ea6bb209c75fd75843807cdec29aef9568892d8ec7530aa211a620, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:13:a9:1d:76:ec:04:78:7b:44:a0:3c:e6:a7:
                    65:78:20:9d:35:55:85:fe:7e:77:28:0c:32:79:7d:
                    19:62:37:29:c0:67:21:0e:7b:3a:bc:49:61:0e:34:
                    36:3f:aa:d5:bb:74:ef:09:4a:5d:c5:99:15:2e:92:
                    e0:96:af:3f:00:ec:ca:be:48:71:6a:f4:d8:a4:14:
                    52:20:c4:a9:7c:5f:bd:6d:ac:f4:cc:bb:89:e2:96:
                    bf:b5:5e:6f:e0:76:6c:9a:93:66:84:be:ea:82:50:
                    7d:43:52:6d:2c:03:8c:80:b2:3d:89:62:82:32:37:
                    06:2c:1c:00:77:27:85:e2:87:6e:9d:a7:a4:2c:04:
                    6f:bc:db:97:7b:d3:28:9f:68:91:b0:50:4c:bb:77:
                    48:3d:41:01:9e:a7:ec:8a:84:c4:49:15:1d:42:1b:
                    f9:25:5b:73:6e:cf:ea:bc:66:34:ef:25:f6:62:8f:
                    99:cb:ed:c7:42:ee:65:d7:91:8c:ad:c9:3a:51:5d:
                    c9:16:f3:90:ee:3d:7c:99:7e:40:90:ba:b9:1c:a3:
                    d9:a6:c5:7e:76:ed:28:8e:9d:54:f7:15:26:d4:a6:
                    c5:c5:50:52:ab:01:d8:68:6d:9b:42:9f:7a:99:52:
                    41:14:f6:92:48:7f:50:c3:0d:20:f1:73:f0:15:25:
                    9c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:85:FC:F2:4F:D9:C3:58:08:24:43:0E:19:B1:E3:1D:A0:BF:D9:C0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9eaf6742-59c5-48eb-a0f8-74c2f6d197de.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.22.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:0d:73:de:bd:63:e8:36:be:ef:59:23:e7:97:9f:2b:e2:96:
         2c:c3:b2:54:c1:31:36:5e:83:b0:3a:8c:98:7d:b0:16:b7:71:
         8a:bb:92:0f:07:89:2f:89:41:50:95:63:65:60:39:7f:92:0f:
         ed:fe:62:41:7f:c9:13:59:21:b0:6e:fa:63:bc:a6:73:6d:72:
         9f:24:dc:ec:b6:7b:f9:b9:56:88:fe:08:43:d3:67:75:d3:e6:
         58:3b:a9:03:ae:b6:b3:62:5f:03:b4:5f:d1:cf:26:2a:9a:0c:
         9a:3e:df:dc:db:5f:89:ba:73:f6:e0:09:4f:62:f9:f2:16:c8:
         e0:dc:7c:60:06:7f:4f:5e:b4:df:b4:31:24:94:8b:74:d1:9d:
         f0:37:8f:48:ad:b6:c1:b9:72:68:c7:4e:41:49:32:18:b6:c6:
         f1:50:72:57:f5:e7:e0:24:87:01:62:ac:fe:41:4b:6f:c4:ae:
         e1:ff:d6:38:c1:cf:22:7c:2c:5a:f1:2e:bb:44:c1:86:cf:12:
         06:d9:65:8a:3c:96:84:2f:49:71:80:9c:b3:b6:bc:b7:a9:83:
         ea:5c:48:23:8c:1d:69:d7:a1:2b:4e:e4:15:39:b4:37:b2:a7:
         d2:d4:09:42:8b:19:63:7c:53:36:cd:96:10:0c:66:b0:80:47:
         c2:96:de:e3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdIKK+aPy4ylxkv159vPES0lhPXwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDIzMDE0WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyZjAxYTIwNDMyZWE2YmIyMDljNzVmZDc1ODQzODA3Y2Rl
YzI5YWVmOTU2ODg5MmQ4ZWM3NTMwYWEyMTFhNjIwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDeE6kdduwEeHtEoDzmp2V4IJ01VYX+fncoDDJ5fRliNynA
ZyEOezq8SWEONDY/qtW7dO8JSl3FmRUukuCWrz8A7Mq+SHFq9NikFFIgxKl8X71t
rPTMu4nilr+1Xm/gdmyak2aEvuqCUH1DUm0sA4yAsj2JYoIyNwYsHAB3J4Xih26d
p6QsBG+825d70yifaJGwUEy7d0g9QQGep+yKhMRJFR1CG/klW3Nuz+q8ZjTvJfZi
j5nL7cdC7mXXkYytyTpRXckW85DuPXyZfkCQurkco9mmxX527SiOnVT3FSbUpsXF
UFKrAdhobZtCn3qZUkEU9pJIf1DDDSDxc/AVJZwpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTIX88k/Zw1gIJEMOGbHjHaC/2cAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzllYWY2NzQyLTU5YzUtNDhlYi1hMGY4LTc0YzJmNmQxOTdkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAXFkkwDQYJKoZIhvcNAQELBQADggEBAF8Nc969Y+g2vu9ZI+eXnyvilizD
slTBMTZeg7A6jJh9sBa3cYq7kg8HiS+JQVCVY2VgOX+SD+3+YkF/yRNZIbBu+mO8
pnNtcp8k3Oy2e/m5Voj+CEPTZ3XT5lg7qQOutrNiXwO0X9HPJiqaDJo+39zbX4m6
c/bgCU9i+fIWyODcfGAGf09etN+0MSSUi3TRnfA3j0ittsG5cmjHTkFJMhi2xvFQ
clf15+AkhwFirP5BS2/EruH/1jjBzyJ8LFrxLrtEwYbPEgbZZYo8loQvSXGAnLO2
vLepg+pcSCOMHWnXoStO5BU5tDeyp9LUCUKLGWN8UzbNlhAMZrCAR8KW3uM=
-----END CERTIFICATE-----