Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7e4e4c8-325e-4c4d-8dfa-29db72c04b6e.roa
File:                     a7e4e4c8-325e-4c4d-8dfa-29db72c04b6e.roa (raw, json)
Hash identifier:          Mm860loR54XEwQwQghuHzXbMGuJwewYTPiI4yRd2Dfk=
Subject key identifier:   6D:1A:FC:2C:B5:E9:E1:C3:EE:8F:AD:7F:A6:5D:29:3C:DC:F1:0A:13
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3250FBF1D248148C543F441EC60007EC4295AA4B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7e4e4c8-325e-4c4d-8dfa-29db72c04b6e.roa
Signing time:             Sat 27 Sep 2025 00:01:24 +0000
ROA not before:           Sat 27 Sep 2025 00:01:24 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        210.89.64.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:50:fb:f1:d2:48:14:8c:54:3f:44:1e:c6:00:07:ec:42:95:aa:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 27 00:01:24 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=5ca268d250f5e24e375ba5dd4fb5e0c45cc5f110649dca32c2963138aa908115, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b5:3c:33:1f:38:ca:a6:b1:11:09:40:b3:a7:
                    22:e0:7f:b5:fc:73:c9:83:e9:5b:b9:0a:f0:a4:cd:
                    90:a0:e8:f8:b4:3d:df:a0:ff:d1:75:bc:ea:fa:79:
                    f0:0d:2f:58:67:e8:50:51:72:3e:94:0f:c6:21:f6:
                    d7:92:16:e1:0a:92:e8:24:6b:75:7d:ef:60:4f:4e:
                    98:72:b4:90:ea:fa:3b:b5:f2:1f:29:7c:03:64:0c:
                    4e:55:12:7c:90:5d:88:bb:db:00:0f:21:97:80:6b:
                    65:ba:67:e4:ed:36:05:17:f4:1f:ea:a0:c8:09:b0:
                    55:bb:ed:11:e9:a3:8b:98:99:78:e6:4c:7f:a3:0f:
                    d4:46:5d:a5:01:5f:13:83:b5:32:53:1f:67:16:b9:
                    2e:8a:bf:70:3f:33:7e:a1:22:88:bf:34:ff:86:dc:
                    ab:55:6d:32:2f:a6:b2:18:3a:a4:86:87:51:a6:82:
                    d5:40:04:9b:7f:d8:ac:d2:32:37:53:b2:20:3d:e9:
                    00:70:78:7e:30:ab:a8:a7:e4:eb:18:4e:17:dc:db:
                    fc:29:f9:8e:5a:6c:5b:85:bb:7e:55:ac:92:2d:5f:
                    41:20:97:80:4d:5a:5e:20:99:c9:ce:f8:07:3d:25:
                    a1:18:e4:3b:39:ca:09:c7:44:58:61:20:85:72:69:
                    16:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:1A:FC:2C:B5:E9:E1:C3:EE:8F:AD:7F:A6:5D:29:3C:DC:F1:0A:13
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7e4e4c8-325e-4c4d-8dfa-29db72c04b6e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  210.89.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         06:1b:df:b6:6f:f1:f6:66:5e:19:4f:93:0e:43:af:d0:0f:7b:
         61:6f:57:1e:4c:64:8d:8b:4a:2a:0c:73:c8:e4:62:df:c7:60:
         51:4e:5c:92:55:ac:d7:1a:ee:f3:2d:ab:39:98:3b:5f:69:96:
         96:9d:50:ae:3f:4e:35:bf:4f:31:3e:d9:4f:d8:49:49:8a:ac:
         7a:46:24:59:5f:56:ec:39:85:29:1d:08:8a:c0:ac:99:07:a3:
         d9:dd:05:88:1f:ae:51:e0:c2:7c:7e:39:c3:3b:00:3e:2e:8d:
         58:75:1f:d1:f4:9e:5a:81:13:b5:25:2b:f2:b2:e8:1d:d2:d0:
         dd:14:f8:5c:a4:4d:05:f2:d0:fe:ec:18:c7:f0:72:7e:d2:29:
         d7:0c:c0:f0:1c:05:d0:98:34:51:58:7b:63:bf:74:90:bd:aa:
         74:cb:1c:58:c1:f0:89:2e:92:60:c7:98:33:c5:31:f8:24:c5:
         3c:7e:12:5c:0f:73:55:35:8d:49:36:7e:24:e5:a4:33:17:f5:
         63:58:da:96:61:5c:5a:0f:56:e7:49:fa:c3:84:32:ba:20:bd:
         16:cf:60:cf:f4:30:ba:6e:19:c3:2b:d9:62:43:13:4b:69:88:
         41:43:9d:25:46:48:25:a3:3d:f3:e8:08:d9:82:5a:a0:75:08:
         c2:c8:06:ba
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMlD78dJIFIxUP0QexgAH7EKVqkswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI3MDAwMTI0WhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1Y2EyNjhkMjUwZjVlMjRlMzc1YmE1ZGQ0ZmI1ZTBjNDVj
YzVmMTEwNjQ5ZGNhMzJjMjk2MzEzOGFhOTA4MTE1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxtTwzHzjKprERCUCzpyLgf7X8c8mD6Vu5CvCkzZCg6Pi0
Pd+g/9F1vOr6efANL1hn6FBRcj6UD8Yh9teSFuEKkugka3V972BPTphytJDq+ju1
8h8pfANkDE5VEnyQXYi72wAPIZeAa2W6Z+TtNgUX9B/qoMgJsFW77RHpo4uYmXjm
TH+jD9RGXaUBXxODtTJTH2cWuS6Kv3A/M36hIoi/NP+G3KtVbTIvprIYOqSGh1Gm
gtVABJt/2KzSMjdTsiA96QBweH4wq6in5OsYThfc2/wp+Y5abFuFu35VrJItX0Eg
l4BNWl4gmcnO+Ac9JaEY5Ds5ygnHRFhhIIVyaRYzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbRr8LLXp4cPuj61/pl0pPNzxChMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E3ZTRlNGM4LTMyNWUtNGM0ZC04ZGZhLTI5ZGI3MmMwNGI2ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXSWUAwDQYJKoZIhvcNAQELBQADggEBAAYb37Zv8fZmXhlPkw5Dr9APe2Fv
Vx5MZI2LSioMc8jkYt/HYFFOXJJVrNca7vMtqzmYO19plpadUK4/TjW/TzE+2U/Y
SUmKrHpGJFlfVuw5hSkdCIrArJkHo9ndBYgfrlHgwnx+OcM7AD4ujVh1H9H0nlqB
E7UlK/Ky6B3S0N0U+FykTQXy0P7sGMfwcn7SKdcMwPAcBdCYNFFYe2O/dJC9qnTL
HFjB8IkukmDHmDPFMfgkxTx+ElwPc1U1jUk2fiTlpDMX9WNY2pZhXFoPVudJ+sOE
MrogvRbPYM/0MLpuGcMr2WJDE0tpiEFDnSVGSCWjPfPoCNmCWqB1CMLIBro=
-----END CERTIFICATE-----