Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aa9b2c74-44be-4506-8c26-0e262e9213ae.roa
File:                     aa9b2c74-44be-4506-8c26-0e262e9213ae.roa (raw, json)
Hash identifier:          kpIgNVnJBg7TJhxvE5P8sy/dI297Qg/ScAWCW+BtdvU=
Subject key identifier:   B0:B8:2C:0C:73:B5:BA:B4:15:D8:E9:28:0E:12:6C:42:C0:12:DE:49
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       49D0EF18E875B8EDEC66B701E8AED4106474CE69
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aa9b2c74-44be-4506-8c26-0e262e9213ae.roa
Signing time:             Sat 11 Oct 2025 00:39:54 +0000
ROA not before:           Sat 11 Oct 2025 00:39:54 +0000
ROA not after:            Sat 15 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        207.21.248.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:d0:ef:18:e8:75:b8:ed:ec:66:b7:01:e8:ae:d4:10:64:74:ce:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 11 00:39:54 2025 GMT
            Not After : Nov 15 23:59:59 2025 GMT
        Subject: serialNumber=477431ce19a4786bdc008ca9a97f6579c05cd43b217bc3e4d5fb0520f9d90141, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:34:a7:67:9e:46:4a:e9:28:09:1b:e3:5d:8e:
                    1b:c4:9d:d7:e8:f7:ab:bd:6a:a3:15:f9:96:eb:20:
                    c7:43:e0:0e:16:36:0e:a8:7b:d5:85:ff:15:a7:01:
                    28:e6:16:88:26:d6:7f:44:75:aa:01:ef:c2:d2:a9:
                    fc:37:cf:30:b6:5f:a7:c0:bf:ad:2f:a5:2a:df:ca:
                    bc:69:e5:64:30:e3:56:62:2a:b7:5e:ba:28:72:38:
                    10:81:8f:2b:df:b9:c2:d9:13:db:47:be:f2:f0:59:
                    9a:9e:70:6b:05:33:18:7d:73:d5:4c:0b:c4:6b:38:
                    52:2e:30:a8:c4:5d:e7:1f:d8:29:8d:82:97:d1:c0:
                    9e:fe:10:90:09:d2:d0:c0:f1:95:d8:4a:4f:b4:39:
                    7b:82:dc:e1:31:9b:be:83:12:11:f6:c9:5e:8d:77:
                    93:63:ae:b3:0e:97:50:bd:8a:68:e2:c0:1d:91:6b:
                    1d:e0:61:05:c1:2a:95:12:c0:ea:7e:c3:7d:7e:5f:
                    c6:bc:c3:cb:98:93:b3:66:37:31:f0:9c:fc:e5:80:
                    ee:fd:f0:da:bf:bb:21:38:cc:d0:c5:d0:51:26:28:
                    c4:ca:cd:98:6c:64:4a:85:5e:c6:43:7c:8a:d0:a5:
                    a8:ce:05:9f:25:14:7e:3c:97:6f:5a:fd:01:19:ac:
                    78:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:B8:2C:0C:73:B5:BA:B4:15:D8:E9:28:0E:12:6C:42:C0:12:DE:49
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aa9b2c74-44be-4506-8c26-0e262e9213ae.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.21.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         bd:0e:00:64:51:f6:70:47:7b:b2:fd:fe:11:f2:8e:40:31:72:
         14:b8:11:1b:bd:ee:10:c4:8e:0f:49:40:df:c5:9b:b0:22:c6:
         ce:29:09:26:35:1a:99:08:af:de:80:88:1f:dd:43:c5:10:20:
         d0:1e:61:de:4b:c7:7f:19:ed:0f:fc:d0:11:f0:57:cb:97:32:
         80:f8:71:c8:e4:03:5c:05:2c:f4:58:ed:6e:0f:8d:cd:5c:90:
         28:d8:d6:dc:86:cf:dd:03:c7:5d:20:3b:4e:ce:c9:02:27:39:
         67:3f:07:89:f2:aa:02:87:55:a2:96:53:65:7f:fd:42:b8:6a:
         d0:c4:0b:96:2b:71:b0:c9:27:24:f1:72:ea:86:b1:c8:18:21:
         08:00:1c:98:b8:7f:db:23:f2:ce:42:de:ac:2e:a4:cf:ff:f9:
         d6:d0:55:a9:9e:08:b5:f9:30:6e:2d:db:6c:21:9c:82:7a:8a:
         61:1f:26:97:fa:c7:bf:a5:c1:2f:66:c5:4e:da:ee:99:b8:02:
         62:01:ff:99:65:a1:67:fd:68:ee:d8:5b:34:87:68:dd:19:5b:
         8e:82:3b:18:0c:75:ac:dc:85:60:cc:2e:35:a9:f4:8a:3b:35:
         30:a2:f3:40:82:e2:9d:5d:35:ec:54:77:71:5c:51:d9:59:6b:
         b0:7f:6b:25
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSdDvGOh1uO3sZrcB6K7UEGR0zmkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDExMDAzOTU0WhcNMjUxMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0Nzc0MzFjZTE5YTQ3ODZiZGMwMDhjYTlhOTdmNjU3OWMw
NWNkNDNiMjE3YmMzZTRkNWZiMDUyMGY5ZDkwMTQxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyNKdnnkZK6SgJG+NdjhvEndfo96u9aqMV+ZbrIMdD4A4W
Ng6oe9WF/xWnASjmFogm1n9EdaoB78LSqfw3zzC2X6fAv60vpSrfyrxp5WQw41Zi
KrdeuihyOBCBjyvfucLZE9tHvvLwWZqecGsFMxh9c9VMC8RrOFIuMKjEXecf2CmN
gpfRwJ7+EJAJ0tDA8ZXYSk+0OXuC3OExm76DEhH2yV6Nd5NjrrMOl1C9imjiwB2R
ax3gYQXBKpUSwOp+w31+X8a8w8uYk7NmNzHwnPzlgO798Nq/uyE4zNDF0FEmKMTK
zZhsZEqFXsZDfIrQpajOBZ8lFH48l29a/QEZrHiVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsLgsDHO1urQV2OkoDhJsQsAS3kkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FhOWIyYzc0LTQ0YmUtNDUwNi04YzI2LTBlMjYyZTkyMTNhZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPPFfgwDQYJKoZIhvcNAQELBQADggEBAL0OAGRR9nBHe7L9/hHyjkAxchS4
ERu97hDEjg9JQN/Fm7Aixs4pCSY1GpkIr96AiB/dQ8UQINAeYd5Lx38Z7Q/80BHw
V8uXMoD4ccjkA1wFLPRY7W4Pjc1ckCjY1tyGz90Dx10gO07OyQInOWc/B4nyqgKH
VaKWU2V//UK4atDEC5YrcbDJJyTxcuqGscgYIQgAHJi4f9sj8s5C3qwupM//+dbQ
VameCLX5MG4t22whnIJ6imEfJpf6x7+lwS9mxU7a7pm4AmIB/5lloWf9aO7YWzSH
aN0ZW46COxgMdazchWDMLjWp9Io7NTCi80CC4p1dNexUd3FcUdlZa7B/ayU=
-----END CERTIFICATE-----