Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b2348448-c641-49ba-bf2c-926c26af7c99.roa
File:                     b2348448-c641-49ba-bf2c-926c26af7c99.roa (raw, json)
Hash identifier:          bj4EJnVQQ5Q5YNCe4Fle697AWdMMz55sGdmdMYSn/R4=
Subject key identifier:   31:F8:78:DE:C5:57:ED:9B:75:09:37:44:14:85:F4:D2:1F:5B:FC:52
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       670815ECF7D22D8F8F052DFA39478DF87186B16C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b2348448-c641-49ba-bf2c-926c26af7c99.roa
Signing time:             Fri 26 Sep 2025 00:01:33 +0000
ROA not before:           Fri 26 Sep 2025 00:01:33 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        104.194.224.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:08:15:ec:f7:d2:2d:8f:8f:05:2d:fa:39:47:8d:f8:71:86:b1:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 26 00:01:33 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=1ede7054e8f208a8389a6b6c24a4496abb53816b9a560fa6693c1ee53db4c36c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c1:65:df:35:c9:89:9d:8f:c8:76:8b:41:c7:
                    72:77:55:29:d3:63:4a:83:27:04:02:d7:7d:11:ed:
                    f4:99:90:72:86:20:21:ac:ae:c6:ba:dd:af:cc:10:
                    15:71:7c:d7:ff:1c:54:00:6a:ce:61:26:5e:99:be:
                    92:87:e6:33:93:47:ad:e5:1a:e3:3e:8b:d0:a1:95:
                    45:88:77:b6:78:ec:80:e8:2b:3c:fb:0d:5d:bb:51:
                    c6:8d:94:82:46:26:0f:e9:2b:9b:2d:d4:fc:1b:a9:
                    0c:65:ec:a1:30:96:ac:78:37:0a:88:1e:d8:f5:4f:
                    23:4e:bf:4f:e8:22:a8:25:da:d2:4c:6e:c5:95:e9:
                    56:6d:86:cc:02:ad:af:dc:f7:ba:5e:18:ab:a2:73:
                    6c:ce:f5:7a:a4:59:7f:8f:b3:e9:3a:e7:21:90:85:
                    32:12:d5:ed:7d:6c:bb:27:f5:fc:9a:13:49:97:86:
                    0a:1b:4c:4d:c9:5a:72:1f:7c:57:98:e0:ef:49:0f:
                    bd:e3:84:cb:f6:f8:ed:d7:fa:9d:21:1f:68:1f:9a:
                    1d:fa:ae:ed:6a:fb:06:15:e7:aa:80:97:82:8f:2c:
                    eb:cf:ce:a0:54:0e:67:da:87:e5:0f:fd:bb:b5:b5:
                    10:2b:97:66:e0:6c:74:16:7d:0a:a4:84:e6:dd:24:
                    3e:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:F8:78:DE:C5:57:ED:9B:75:09:37:44:14:85:F4:D2:1F:5B:FC:52
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b2348448-c641-49ba-bf2c-926c26af7c99.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.194.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         6c:fb:2a:66:2c:88:8d:d9:9c:9e:f9:ef:d1:8c:ce:0f:1f:12:
         8b:7a:a3:bc:39:a1:10:aa:0a:0b:f5:30:3c:c8:1f:cc:c5:22:
         4f:57:b1:75:b6:2d:f0:6b:41:0f:28:08:62:2b:bf:be:56:a4:
         64:d1:df:5f:cb:aa:a6:4c:84:6e:ee:11:50:c5:ae:7e:be:1a:
         c9:ae:2d:f6:f3:58:72:fb:c2:3a:1f:59:7c:89:87:dc:24:cb:
         d1:dc:a4:d1:78:86:bc:56:9c:c8:5b:1c:03:ad:c0:a7:57:99:
         2f:8a:86:c6:88:5a:00:0a:85:fc:8b:36:5b:4a:56:65:94:5e:
         19:32:05:aa:09:54:3b:7d:4f:b0:3d:bb:f6:1d:30:4a:a5:31:
         50:3c:05:13:e6:d7:24:cc:8d:74:8c:92:f3:8c:59:fc:1a:4b:
         d1:2c:a4:72:37:6c:d3:20:ed:a3:f1:b9:3b:13:71:cc:dd:c0:
         91:aa:95:56:6a:4c:83:d6:d8:30:f8:c6:27:e2:70:c1:65:cc:
         b2:7d:35:f5:a7:cf:d5:66:69:a2:eb:22:24:8b:59:f4:da:0c:
         b8:55:9c:46:ec:2a:cb:e6:6c:6d:08:3c:74:83:13:cd:59:8e:
         ea:c2:bc:b1:c6:ab:e6:f4:47:10:2e:b3:69:b5:9d:f3:13:11:
         13:eb:1f:46
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZwgV7PfSLY+PBS36OUeN+HGGsWwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI2MDAwMTMzWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxZWRlNzA1NGU4ZjIwOGE4Mzg5YTZiNmMyNGE0NDk2YWJi
NTM4MTZiOWE1NjBmYTY2OTNjMWVlNTNkYjRjMzZjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvwWXfNcmJnY/IdotBx3J3VSnTY0qDJwQC130R7fSZkHKG
ICGsrsa63a/MEBVxfNf/HFQAas5hJl6ZvpKH5jOTR63lGuM+i9ChlUWId7Z47IDo
Kzz7DV27UcaNlIJGJg/pK5st1PwbqQxl7KEwlqx4NwqIHtj1TyNOv0/oIqgl2tJM
bsWV6VZthswCra/c97peGKuic2zO9XqkWX+Ps+k65yGQhTIS1e19bLsn9fyaE0mX
hgobTE3JWnIffFeY4O9JD73jhMv2+O3X+p0hH2gfmh36ru1q+wYV56qAl4KPLOvP
zqBUDmfah+UP/bu1tRArl2bgbHQWfQqkhObdJD5ZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMfh43sVX7Zt1CTdEFIX00h9b/FIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IyMzQ4NDQ4LWM2NDEtNDliYS1iZjJjLTkyNmMyNmFmN2M5OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVowuAwDQYJKoZIhvcNAQELBQADggEBAGz7KmYsiI3ZnJ7579GMzg8fEot6
o7w5oRCqCgv1MDzIH8zFIk9XsXW2LfBrQQ8oCGIrv75WpGTR31/LqqZMhG7uEVDF
rn6+GsmuLfbzWHL7wjofWXyJh9wky9HcpNF4hrxWnMhbHAOtwKdXmS+KhsaIWgAK
hfyLNltKVmWUXhkyBaoJVDt9T7A9u/YdMEqlMVA8BRPm1yTMjXSMkvOMWfwaS9Es
pHI3bNMg7aPxuTsTcczdwJGqlVZqTIPW2DD4xificMFlzLJ9NfWnz9VmaaLrIiSL
WfTaDLhVnEbsKsvmbG0IPHSDE81ZjurCvLHGq+b0RxAus2m1nfMTERPrH0Y=
-----END CERTIFICATE-----