Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b71116c1-887f-4f52-9bbf-d2a0cde22ef3.roa
File:                     b71116c1-887f-4f52-9bbf-d2a0cde22ef3.roa (raw, json)
Hash identifier:          obAxX6wF9StCIgzpFbYNPRpyAlMQM5wyyNuVLKsZe6M=
Subject key identifier:   41:93:2D:84:F4:B3:35:6C:80:E5:AB:89:5C:AF:36:87:91:A3:47:EF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2E5F9A21FFC4FA8A47A54567E61E705C8FFA4CEE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b71116c1-887f-4f52-9bbf-d2a0cde22ef3.roa
Signing time:             Sat 18 Oct 2025 02:30:20 +0000
ROA not before:           Sat 18 Oct 2025 02:30:20 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.8.168.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:5f:9a:21:ff:c4:fa:8a:47:a5:45:67:e6:1e:70:5c:8f:fa:4c:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 02:30:20 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=173713022fdd833c32af2e5470be0934e753809ba1d1edc81a3dd145196737f8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:54:b8:a3:ec:1c:2e:00:c0:bb:3f:1c:34:5c:
                    d4:0a:7c:e6:d1:d4:08:51:55:7e:ba:02:20:d4:89:
                    2e:a1:8f:8a:9a:a4:34:56:a1:ac:bf:8e:9b:d0:22:
                    1b:19:a6:0d:de:d1:c3:75:c3:31:2a:26:ca:bd:f0:
                    8b:3e:e7:4f:2b:c1:7f:b8:9f:1a:bd:f7:31:71:5a:
                    74:99:7c:01:26:0b:4c:81:b1:ac:63:75:3a:fb:17:
                    5f:13:59:8c:41:82:fe:98:53:db:c6:7c:ce:66:48:
                    cb:ca:e3:47:90:8c:05:9e:aa:6e:0b:98:94:fc:d2:
                    18:e8:ac:55:7a:11:52:09:5e:58:10:06:a9:ae:c2:
                    04:bb:9c:e0:73:96:f6:bb:da:86:d6:d1:18:40:ab:
                    62:bc:ee:65:d4:1e:f4:3d:06:ac:9a:92:28:ee:47:
                    24:91:43:08:b6:1b:0a:03:11:c2:1a:fe:89:5e:d1:
                    8b:3b:74:be:a9:ab:3c:74:96:db:a1:6f:f5:75:62:
                    c0:e9:a8:80:d9:a5:70:17:c1:38:6c:c8:dc:52:37:
                    17:da:1b:9f:c9:d9:8e:d5:30:10:f8:78:0c:cc:61:
                    1d:1c:e1:a3:fe:70:b5:2f:6d:e4:a7:d8:34:29:33:
                    a4:65:cb:71:be:c7:cb:74:0e:a6:70:b6:60:84:43:
                    88:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:93:2D:84:F4:B3:35:6C:80:E5:AB:89:5C:AF:36:87:91:A3:47:EF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b71116c1-887f-4f52-9bbf-d2a0cde22ef3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.8.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c8:07:52:9f:40:25:13:84:f8:6a:eb:10:15:a6:52:12:4c:fc:
         47:ee:4d:98:7a:35:51:4e:f2:8d:b2:b0:c7:18:55:05:93:22:
         47:f7:81:e9:cc:c9:a1:38:fd:a8:e8:f0:f9:6e:57:b3:ce:df:
         57:77:d2:6d:96:07:44:7e:cb:85:b6:bc:27:b1:75:19:b3:84:
         dd:86:b8:a3:ed:49:d8:39:03:6b:c7:72:89:7a:a6:3c:78:3f:
         81:ca:7c:4a:a9:40:71:51:cf:66:e9:29:9f:3d:6c:0a:2f:aa:
         83:10:1e:58:69:35:2a:61:52:e1:98:e7:90:ea:50:10:2b:e6:
         cb:ee:c0:39:99:76:a5:d0:61:27:35:7c:04:98:0e:24:a0:e2:
         35:7a:ed:de:8e:a5:40:1c:21:2a:17:03:20:ea:cc:79:1a:bd:
         d9:dc:1c:ae:20:76:ab:23:92:8f:1d:1a:72:77:d5:58:2b:41:
         4a:13:6b:d5:ff:a8:21:b5:cc:99:b7:b9:1e:f6:37:ac:2d:02:
         a8:5f:c7:1e:dc:08:ed:8f:9a:d4:9d:74:bd:4b:a9:e9:7c:74:
         b6:93:0c:02:4b:5b:6a:88:a2:f4:33:dd:4a:49:65:c3:94:74:
         2d:6b:ef:52:6c:34:8c:6d:c6:ba:80:44:e2:01:eb:a3:f8:38:
         40:1f:de:cb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULl+aIf/E+opHpUVn5h5wXI/6TO4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDIzMDIwWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNzM3MTMwMjJmZGQ4MzNjMzJhZjJlNTQ3MGJlMDkzNGU3
NTM4MDliYTFkMWVkYzgxYTNkZDE0NTE5NjczN2Y4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDrVLij7BwuAMC7Pxw0XNQKfObR1AhRVX66AiDUiS6hj4qa
pDRWoay/jpvQIhsZpg3e0cN1wzEqJsq98Is+508rwX+4nxq99zFxWnSZfAEmC0yB
saxjdTr7F18TWYxBgv6YU9vGfM5mSMvK40eQjAWeqm4LmJT80hjorFV6EVIJXlgQ
BqmuwgS7nOBzlva72obW0RhAq2K87mXUHvQ9BqyakijuRySRQwi2GwoDEcIa/ole
0Ys7dL6pqzx0ltuhb/V1YsDpqIDZpXAXwThsyNxSNxfaG5/J2Y7VMBD4eAzMYR0c
4aP+cLUvbeSn2DQpM6Rly3G+x8t0DqZwtmCEQ4hJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQZMthPSzNWyA5auJXK82h5GjR+8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I3MTExNmMxLTg4N2YtNGY1Mi05YmJmLWQyYTBjZGUyMmVmMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFBCKgwDQYJKoZIhvcNAQELBQADggEBAMgHUp9AJROE+GrrEBWmUhJM/Efu
TZh6NVFO8o2ysMcYVQWTIkf3genMyaE4/ajo8PluV7PO31d30m2WB0R+y4W2vCex
dRmzhN2GuKPtSdg5A2vHcol6pjx4P4HKfEqpQHFRz2bpKZ89bAovqoMQHlhpNSph
UuGY55DqUBAr5svuwDmZdqXQYSc1fASYDiSg4jV67d6OpUAcISoXAyDqzHkavdnc
HK4gdqsjko8dGnJ31VgrQUoTa9X/qCG1zJm3uR72N6wtAqhfxx7cCO2PmtSddL1L
qel8dLaTDAJLW2qIovQz3UpJZcOUdC1r71JsNIxtxrqAROIB66P4OEAf3ss=
-----END CERTIFICATE-----