Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b624d9cc-a7a2-4009-8cac-c0856276648d.roa
File:                     b624d9cc-a7a2-4009-8cac-c0856276648d.roa (raw, json)
Hash identifier:          Y806HwsLECWzToXEl7wV90CJafjxSwtAxsv7RMx8op0=
Subject key identifier:   89:6F:5A:4B:35:DC:4C:90:7A:07:0F:13:35:57:33:F8:54:82:58:25
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       232805FEDADBD9C095F9573B0B8F95B7FCFEFF96
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b624d9cc-a7a2-4009-8cac-c0856276648d.roa
Signing time:             Tue 07 Oct 2025 00:41:08 +0000
ROA not before:           Tue 07 Oct 2025 00:41:08 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        209.114.224.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:28:05:fe:da:db:d9:c0:95:f9:57:3b:0b:8f:95:b7:fc:fe:ff:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:41:08 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=b939233cc6a7b5abf09ce873811670eb38cacdcd247446e4d20d907c0702c915, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b2:76:29:9b:5c:dc:43:56:4b:86:77:8d:c1:
                    f0:13:b3:bf:9f:dd:2b:af:3f:e8:c8:2f:52:4a:de:
                    7e:f4:62:90:61:1a:a0:b7:30:47:f8:5f:5c:a6:3e:
                    88:21:a6:4b:e2:e7:b2:6c:7a:4a:f5:60:90:7c:18:
                    7b:a7:5a:e8:3a:29:1d:0a:83:17:81:50:1f:8e:7a:
                    bf:ca:8b:41:d1:9b:f1:5c:c7:b5:33:60:a3:6f:71:
                    e1:18:4c:c9:f8:84:c7:03:30:3c:77:54:ff:ce:2e:
                    12:2b:c2:fd:e2:05:29:a5:e4:e6:1d:6a:33:c7:90:
                    fd:69:17:4e:45:14:5b:da:c0:58:25:d5:6a:39:ac:
                    51:8a:92:0b:e0:02:4c:db:99:b0:65:be:cd:e5:a3:
                    b5:95:3c:f0:4b:23:b2:10:48:71:76:05:01:3a:05:
                    84:7d:c9:02:17:79:35:b9:b5:58:5f:18:6d:f1:7f:
                    bc:dc:4e:40:1f:1f:b4:4a:65:3c:99:81:8e:40:53:
                    9f:f7:7c:8f:c9:5d:af:c2:97:38:59:23:32:96:fe:
                    06:82:08:3b:14:3b:e4:88:bc:63:7b:2b:bb:8f:7d:
                    73:a7:1b:b4:9d:5f:d9:9b:42:b1:26:e0:85:f2:1a:
                    31:e2:2a:6c:f7:ee:d8:05:ec:4b:07:73:e0:3e:e0:
                    67:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:6F:5A:4B:35:DC:4C:90:7A:07:0F:13:35:57:33:F8:54:82:58:25
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b624d9cc-a7a2-4009-8cac-c0856276648d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.114.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a2:b6:06:bd:8d:4f:87:11:d2:5f:ea:0b:33:37:57:0e:64:0b:
         86:5c:c4:e6:0a:7c:a3:99:0e:c1:f8:b3:36:54:05:a6:7c:77:
         2b:7d:56:0e:b1:e8:d9:44:30:3f:3b:c4:09:49:5e:0b:c6:fc:
         cd:0f:7b:3e:0a:2a:24:33:34:9b:82:5b:dd:af:7b:c1:6b:46:
         c7:34:9f:98:ee:3c:c7:e3:4d:69:67:c3:90:11:d1:45:3d:04:
         17:41:91:38:bc:d7:13:4c:89:94:e4:18:33:1c:69:88:fa:0c:
         2e:ad:c6:ca:dc:4a:aa:a6:4e:a7:d0:54:8f:99:d6:3c:ce:0d:
         52:bb:91:15:f4:b3:e6:4e:cc:ae:6d:3e:ed:80:16:e6:1e:c1:
         29:0b:8f:55:ce:f8:8b:fc:b1:42:62:64:ce:8b:89:4b:d9:32:
         8f:5d:28:1d:25:76:7c:28:73:74:c8:d0:b2:bc:2f:a6:3c:53:
         e5:b8:16:9b:7a:36:13:5c:a3:28:44:3f:93:c5:99:83:9a:98:
         c8:8d:9e:21:bb:69:65:f7:f9:ea:6f:9d:d6:3b:86:2b:9d:ce:
         38:0f:68:bd:05:20:fe:b8:80:cc:58:e2:b0:1e:bb:6f:7c:50:
         62:21:48:0f:7a:f8:77:60:3a:5f:85:7f:e4:88:09:01:d7:ed:
         26:eb:f6:35
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIygF/trb2cCV+Vc7C4+Vt/z+/5YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDA0MTA4WhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0BiOTM5MjMzY2M2YTdiNWFiZjA5Y2U4NzM4MTE2NzBlYjM4
Y2FjZGNkMjQ3NDQ2ZTRkMjBkOTA3YzA3MDJjOTE1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2snYpm1zcQ1ZLhneNwfATs7+f3SuvP+jIL1JK3n70YpBh
GqC3MEf4X1ymPoghpkvi57Jsekr1YJB8GHunWug6KR0KgxeBUB+Oer/Ki0HRm/Fc
x7UzYKNvceEYTMn4hMcDMDx3VP/OLhIrwv3iBSml5OYdajPHkP1pF05FFFvawFgl
1Wo5rFGKkgvgAkzbmbBlvs3lo7WVPPBLI7IQSHF2BQE6BYR9yQIXeTW5tVhfGG3x
f7zcTkAfH7RKZTyZgY5AU5/3fI/JXa/ClzhZIzKW/gaCCDsUO+SIvGN7K7uPfXOn
G7SdX9mbQrEm4IXyGjHiKmz37tgF7EsHc+A+4GeBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiW9aSzXcTJB6Bw8TNVcz+FSCWCUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I2MjRkOWNjLWE3YTItNDAwOS04Y2FjLWMwODU2Mjc2NjQ4ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXRcuAwDQYJKoZIhvcNAQELBQADggEBAKK2Br2NT4cR0l/qCzM3Vw5kC4Zc
xOYKfKOZDsH4szZUBaZ8dyt9Vg6x6NlEMD87xAlJXgvG/M0Pez4KKiQzNJuCW92v
e8FrRsc0n5juPMfjTWlnw5AR0UU9BBdBkTi81xNMiZTkGDMcaYj6DC6txsrcSqqm
TqfQVI+Z1jzODVK7kRX0s+ZOzK5tPu2AFuYewSkLj1XO+Iv8sUJiZM6LiUvZMo9d
KB0ldnwoc3TI0LK8L6Y8U+W4Fpt6NhNcoyhEP5PFmYOamMiNniG7aWX3+epvndY7
hiudzjgPaL0FIP64gMxY4rAeu298UGIhSA96+HdgOl+Ff+SICQHX7Sbr9jU=
-----END CERTIFICATE-----