Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a9d0356d-ebd3-4994-9756-b2199398d95a.roa
File:                     a9d0356d-ebd3-4994-9756-b2199398d95a.roa (raw, json)
Hash identifier:          t8Ve9t1Y2G8oAF+pYju7+ssTxlIL80L4ElDAW4HXBTA=
Subject key identifier:   74:1D:87:66:12:08:A4:85:87:BC:BF:A8:DB:5E:2B:C1:08:C0:D5:9A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2FB5D2CB080B9A460362B82E937448C80C3E32A3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a9d0356d-ebd3-4994-9756-b2199398d95a.roa
Signing time:             Sat 11 Oct 2025 00:40:03 +0000
ROA not before:           Sat 11 Oct 2025 00:40:03 +0000
ROA not after:            Sat 15 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.198.66.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:b5:d2:cb:08:0b:9a:46:03:62:b8:2e:93:74:48:c8:0c:3e:32:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 11 00:40:03 2025 GMT
            Not After : Nov 15 23:59:59 2025 GMT
        Subject: serialNumber=8752347a2ad733088fb1bd04025fcaa341c226bc7c3e7c9aa129a9a32492c1ba, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:5f:20:df:f0:d9:8d:8a:13:16:96:5f:d0:41:
                    85:01:bd:d4:b2:fe:66:e7:d5:63:3b:ba:58:e1:5c:
                    65:76:67:b9:a0:7c:f4:e2:fb:9f:c5:3a:b1:1a:66:
                    9a:c8:e0:f8:b5:22:ae:18:91:8e:f2:a6:72:7f:00:
                    a8:f6:74:58:e4:31:92:ed:88:a3:2c:f5:db:1e:e4:
                    fd:d5:e9:37:89:3a:bc:3e:3e:93:5b:fd:63:99:35:
                    d9:fa:d0:8f:68:76:6f:28:9a:25:66:b7:7c:63:37:
                    9f:fe:be:07:95:cc:f3:49:70:78:2c:83:a1:e9:0d:
                    fe:38:c9:63:45:fd:72:d5:67:53:d2:db:69:a3:ef:
                    59:10:51:f4:44:00:63:03:14:3f:f9:3d:ff:41:b7:
                    11:cc:ae:bf:f8:e1:b8:a4:29:bc:95:c1:10:b9:aa:
                    07:85:b9:fd:64:69:5c:85:ed:2b:6d:cc:2d:45:b1:
                    8c:25:d7:f0:15:51:bf:9d:80:d6:a8:01:53:d8:06:
                    e4:1a:eb:c3:64:fe:4b:15:06:7d:2b:66:4f:75:86:
                    b2:54:93:24:b3:dc:e5:cd:4b:cf:66:8c:ff:30:17:
                    56:c3:ac:e1:05:b7:7b:8a:a6:fe:a4:96:56:90:55:
                    8e:85:5c:08:ed:60:75:92:31:a9:83:80:ac:43:1b:
                    f1:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:1D:87:66:12:08:A4:85:87:BC:BF:A8:DB:5E:2B:C1:08:C0:D5:9A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a9d0356d-ebd3-4994-9756-b2199398d95a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.198.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:2d:d6:0e:d0:43:8e:4a:c6:6f:8d:c3:73:65:e3:4b:15:a8:
         3f:1d:08:49:76:d8:05:cf:77:9e:c1:c3:ba:97:73:ca:41:1e:
         f1:3a:2b:7c:9c:cc:4f:f8:94:df:db:f9:9e:ec:af:6c:3a:d4:
         d5:62:93:2b:94:a9:2f:86:9d:d0:5f:c2:41:8b:54:e2:6a:9a:
         b8:d0:69:6f:d1:16:da:d5:66:29:3f:6a:73:ba:5b:a9:45:e6:
         c7:3b:a8:16:d9:8f:0d:c3:fa:28:ef:3b:2f:0f:c2:e9:ab:44:
         e3:c0:52:56:5e:af:6c:66:51:51:2d:b2:e6:f6:5c:94:41:ae:
         e4:35:e6:f8:b5:99:77:e5:c6:b6:80:56:8c:e7:05:40:cf:31:
         5e:74:7d:95:a8:a7:cb:5f:d0:82:7e:99:e1:9a:a1:79:89:95:
         70:52:f8:7a:3e:22:f2:02:54:c0:25:09:f0:b8:02:be:33:3c:
         ef:8b:46:d9:01:05:68:6a:ba:c8:e7:08:21:7f:37:0a:a6:c9:
         73:71:85:64:ec:d0:61:e9:22:50:ad:a6:36:5d:d6:cf:ce:9e:
         39:22:01:57:8e:eb:3d:9d:b1:0b:63:1b:9e:8f:c6:eb:9b:ba:
         d1:35:10:8b:ab:a2:65:15:cc:a1:e7:46:ab:ea:96:17:cf:20:
         71:6d:41:b1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL7XSywgLmkYDYrguk3RIyAw+MqMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDExMDA0MDAzWhcNMjUxMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NzUyMzQ3YTJhZDczMzA4OGZiMWJkMDQwMjVmY2FhMzQx
YzIyNmJjN2MzZTdjOWFhMTI5YTlhMzI0OTJjMWJhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7XyDf8NmNihMWll/QQYUBvdSy/mbn1WM7uljhXGV2Z7mg
fPTi+5/FOrEaZprI4Pi1Iq4YkY7ypnJ/AKj2dFjkMZLtiKMs9dse5P3V6TeJOrw+
PpNb/WOZNdn60I9odm8omiVmt3xjN5/+vgeVzPNJcHgsg6HpDf44yWNF/XLVZ1PS
22mj71kQUfREAGMDFD/5Pf9BtxHMrr/44bikKbyVwRC5qgeFuf1kaVyF7SttzC1F
sYwl1/AVUb+dgNaoAVPYBuQa68Nk/ksVBn0rZk91hrJUkySz3OXNS89mjP8wF1bD
rOEFt3uKpv6kllaQVY6FXAjtYHWSMamDgKxDG/GvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdB2HZhIIpIWHvL+o214rwQjA1ZowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E5ZDAzNTZkLWViZDMtNDk5NC05NzU2LWIyMTk5Mzk4ZDk1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADYxkIwDQYJKoZIhvcNAQELBQADggEBAF8t1g7QQ45Kxm+Nw3Nl40sVqD8d
CEl22AXPd57Bw7qXc8pBHvE6K3yczE/4lN/b+Z7sr2w61NVikyuUqS+GndBfwkGL
VOJqmrjQaW/RFtrVZik/anO6W6lF5sc7qBbZjw3D+ijvOy8PwumrROPAUlZer2xm
UVEtsub2XJRBruQ15vi1mXflxraAVoznBUDPMV50fZWop8tf0IJ+meGaoXmJlXBS
+Ho+IvICVMAlCfC4Ar4zPO+LRtkBBWhqusjnCCF/NwqmyXNxhWTs0GHpIlCtpjZd
1s/OnjkiAVeO6z2dsQtjG56PxuubutE1EIuromUVzKHnRqvqlhfPIHFtQbE=
-----END CERTIFICATE-----