Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aa264b3d-8132-4f1a-9f40-817238e6d836.roa
File:                     aa264b3d-8132-4f1a-9f40-817238e6d836.roa (raw, json)
Hash identifier:          rjx/MKI8zeEl1LlNdT+RO7Wu0T5C1fVeU0Lym7b5Lmo=
Subject key identifier:   F0:51:CC:69:9F:15:E5:F5:19:01:F5:2A:9E:05:71:22:98:DC:48:DA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5C06F39CD10F22E9C80AFE7523678D8D580D5FC9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aa264b3d-8132-4f1a-9f40-817238e6d836.roa
Signing time:             Sat 27 Sep 2025 00:12:07 +0000
ROA not before:           Sat 27 Sep 2025 00:12:07 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.250.0.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:06:f3:9c:d1:0f:22:e9:c8:0a:fe:75:23:67:8d:8d:58:0d:5f:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 27 00:12:07 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=140215fbbf52ffcc2e550e0d2cb654c0ec65dc4e430247fb10f9bc4bfd93878c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b6:30:ac:40:c7:a5:c7:87:43:a1:59:fa:94:
                    81:c2:f7:fa:55:3a:64:1d:bb:96:55:2f:e4:65:9b:
                    22:6e:3a:73:b2:8e:07:3e:1e:19:58:be:b7:01:e1:
                    5e:b8:07:d8:07:2d:ed:44:f5:4b:6c:5c:63:5d:dc:
                    49:2c:58:e5:98:c0:2c:e6:15:75:96:6a:4d:41:f5:
                    a2:f9:97:e5:68:79:c5:b1:1a:bf:ab:1c:0b:a1:ef:
                    c6:2a:4c:98:e9:e9:78:f2:96:2a:c5:8c:4e:d9:19:
                    88:70:fb:19:f0:04:3d:4c:80:1a:d3:08:c6:62:69:
                    81:ee:a3:6c:a0:2c:91:ac:ad:1c:40:c4:27:2e:ec:
                    30:d9:43:24:75:e6:df:2e:0d:4b:9d:b9:4f:3e:56:
                    2e:ef:4c:31:ee:c3:86:8e:38:bc:4c:3b:81:8b:c4:
                    5c:3a:37:c4:e8:fd:9a:94:bc:f7:2e:ba:48:04:31:
                    f9:17:bd:bf:36:a7:2c:3f:81:57:b4:27:5b:3a:43:
                    eb:50:df:c5:ba:d2:48:60:f7:94:7b:20:97:2f:44:
                    72:7d:28:09:99:e5:3a:74:9b:b4:95:c7:cc:09:88:
                    fb:56:fa:ca:c5:01:0d:3b:71:b7:18:cf:14:53:f0:
                    fa:51:c6:ee:b2:85:ff:1b:9c:9d:eb:a8:02:59:44:
                    ad:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:51:CC:69:9F:15:E5:F5:19:01:F5:2A:9E:05:71:22:98:DC:48:DA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aa264b3d-8132-4f1a-9f40-817238e6d836.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.250.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         3d:e0:e1:36:e5:73:f2:dc:a8:89:24:d0:2c:87:c3:a5:40:83:
         f8:23:3a:0c:d0:4b:34:24:8c:16:0b:e3:1d:48:0e:5b:2c:ce:
         95:b2:e3:47:b5:c4:6c:77:7b:fc:02:3a:ab:b8:41:bd:ce:6d:
         e1:86:dc:cf:6f:6d:40:07:41:94:96:8a:72:20:08:2c:cb:51:
         60:15:30:8d:89:eb:64:84:2a:2a:14:c2:da:07:11:3f:be:8e:
         23:62:ef:cb:96:6d:38:3a:fd:e7:e9:c4:1d:77:8c:ca:83:ea:
         f4:d1:fc:e4:29:80:82:39:3c:cd:dc:f9:51:4a:99:94:e8:05:
         ae:59:7d:5f:02:ee:9b:62:de:b8:4c:e8:d0:b4:4b:85:34:74:
         f1:a2:64:08:0a:9d:f9:58:bd:50:e9:ba:cc:b5:07:9c:1a:41:
         b0:29:8b:a4:bf:43:95:8a:c9:9e:0b:6a:f4:73:4a:20:7a:10:
         9d:32:74:fc:ea:b3:ee:82:51:68:a7:b9:a0:72:cf:68:0a:2e:
         0b:be:cc:b3:cf:5d:37:d3:71:26:2b:8b:09:0a:5d:84:5a:db:
         fb:4d:db:d3:49:bb:dd:74:25:81:df:a7:44:dc:47:64:de:e3:
         c3:a8:ec:87:4c:2e:26:c0:23:8a:66:73:f9:3d:d3:2d:ae:e3:
         85:2b:c2:47
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXAbznNEPIunICv51I2eNjVgNX8kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI3MDAxMjA3WhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNDAyMTVmYmJmNTJmZmNjMmU1NTBlMGQyY2I2NTRjMGVj
NjVkYzRlNDMwMjQ3ZmIxMGY5YmM0YmZkOTM4NzhjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCotjCsQMelx4dDoVn6lIHC9/pVOmQdu5ZVL+RlmyJuOnOy
jgc+HhlYvrcB4V64B9gHLe1E9UtsXGNd3EksWOWYwCzmFXWWak1B9aL5l+VoecWx
Gr+rHAuh78YqTJjp6XjylirFjE7ZGYhw+xnwBD1MgBrTCMZiaYHuo2ygLJGsrRxA
xCcu7DDZQyR15t8uDUuduU8+Vi7vTDHuw4aOOLxMO4GLxFw6N8To/ZqUvPcuukgE
MfkXvb82pyw/gVe0J1s6Q+tQ38W60khg95R7IJcvRHJ9KAmZ5Tp0m7SVx8wJiPtW
+srFAQ07cbcYzxRT8PpRxu6yhf8bnJ3rqAJZRK1BAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8FHMaZ8V5fUZAfUqngVxIpjcSNowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FhMjY0YjNkLTgxMzItNGYxYS05ZjQwLTgxNzIzOGU2ZDgzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcX+gAwDQYJKoZIhvcNAQELBQADggEBAD3g4Tblc/LcqIkk0CyHw6VAg/gj
OgzQSzQkjBYL4x1IDlsszpWy40e1xGx3e/wCOqu4Qb3ObeGG3M9vbUAHQZSWinIg
CCzLUWAVMI2J62SEKioUwtoHET++jiNi78uWbTg6/efpxB13jMqD6vTR/OQpgII5
PM3c+VFKmZToBa5ZfV8C7pti3rhM6NC0S4U0dPGiZAgKnflYvVDpusy1B5waQbAp
i6S/Q5WKyZ4LavRzSiB6EJ0ydPzqs+6CUWinuaByz2gKLgu+zLPPXTfTcSYriwkK
XYRa2/tN29NJu910JYHfp0TcR2Te48Oo7IdMLibAI4pmc/k90y2u44Urwkc=
-----END CERTIFICATE-----