Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b882886f-d8f9-4f8d-9e55-da68a8d482ed.roa
File:                     b882886f-d8f9-4f8d-9e55-da68a8d482ed.roa (raw, json)
Hash identifier:          kojARm1L7K7wewygf9xWxhNu8WTYBag/oIgUjxuNWGg=
Subject key identifier:   E4:88:4E:1F:35:C3:DA:97:BA:08:99:A4:12:9E:EC:22:C1:5D:F7:F4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5392CBEB339AA983361283E9E411CF06C02E64B8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b882886f-d8f9-4f8d-9e55-da68a8d482ed.roa
Signing time:             Tue 30 Sep 2025 00:21:07 +0000
ROA not before:           Tue 30 Sep 2025 00:21:07 +0000
ROA not after:            Tue 04 Nov 2025 23:59:59 +0000
asID:                     21664
IP address blocks:        168.185.4.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:92:cb:eb:33:9a:a9:83:36:12:83:e9:e4:11:cf:06:c0:2e:64:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 30 00:21:07 2025 GMT
            Not After : Nov  4 23:59:59 2025 GMT
        Subject: serialNumber=39fb5ecca5c468d93bd668f0acd389feafa9e7a7ccc97e06506b2b2bdac46f2e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:5b:a9:e4:a7:fb:01:2f:36:8b:c4:ff:64:da:
                    41:e9:f1:18:0a:16:0b:02:05:ab:8a:65:5a:db:bd:
                    dd:ec:ea:d0:10:69:87:42:88:9c:ea:85:bb:fe:fd:
                    d8:2e:18:d6:18:81:12:64:e8:4f:99:cc:93:03:48:
                    d4:c0:70:2e:9c:bd:2c:89:38:3d:5e:3f:d0:1d:05:
                    5d:78:8c:c8:41:f4:48:83:93:c8:81:23:2e:aa:83:
                    3d:27:18:26:96:db:c2:24:63:2f:31:91:67:4d:df:
                    c8:2d:5d:82:c5:ed:a2:32:32:3b:3e:f9:f7:b8:08:
                    d4:66:82:ea:94:a1:dd:04:d1:62:b7:64:31:28:d6:
                    2c:a1:09:c5:b5:5c:aa:54:02:2c:99:91:1a:71:fa:
                    7b:6a:ef:8b:47:c7:74:cc:d4:68:9e:eb:19:1e:3c:
                    3c:a9:ba:a7:6f:96:77:1b:7c:d6:32:c9:e1:5c:95:
                    5a:0d:66:d2:a0:93:d0:c8:9f:c5:2b:ff:56:93:92:
                    df:2a:f8:40:01:b4:02:20:f6:82:d4:49:81:89:e8:
                    83:7a:0a:d0:db:9e:b3:4a:f2:f6:1e:11:b1:21:e2:
                    a5:88:b4:86:10:4f:bc:c6:ab:b7:49:da:90:32:66:
                    f1:24:ce:f3:ee:0c:47:87:d6:8d:ae:a5:c1:a9:65:
                    53:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:88:4E:1F:35:C3:DA:97:BA:08:99:A4:12:9E:EC:22:C1:5D:F7:F4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b882886f-d8f9-4f8d-9e55-da68a8d482ed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.185.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:74:3f:e6:c5:3c:03:05:7f:38:ca:00:d9:57:a5:07:1a:fe:
         c7:c2:16:2f:e8:6a:42:3e:5b:ac:73:32:cf:c8:d2:2d:3a:7f:
         59:52:c2:37:4d:a2:1c:c1:54:31:06:cd:07:4a:56:bf:67:ab:
         0e:3e:70:28:07:0c:58:00:b2:56:73:d0:8c:be:34:82:4b:76:
         df:1f:79:78:fe:81:7a:98:e3:fd:3a:7b:b6:81:3c:c4:49:c6:
         8a:69:1b:77:e9:20:80:e5:7c:a5:71:85:de:4b:a1:7c:b1:94:
         0a:22:9d:a6:3e:79:f4:8a:e2:21:43:ef:7a:60:aa:c4:1b:a8:
         10:79:a5:41:bb:6b:b1:83:7f:69:8d:36:79:93:9b:45:21:16:
         c7:31:d6:3c:46:ae:3c:38:af:d4:db:86:a0:e1:47:54:0f:64:
         0c:75:d7:de:3c:a4:00:44:bc:9a:dd:21:4e:08:40:4c:2d:23:
         4d:ce:2d:f4:ef:b4:b5:c3:c8:00:9d:f7:7e:62:f8:7d:0c:a9:
         84:78:fa:29:9d:4e:b2:a7:b6:e0:93:fa:88:fb:2a:8a:3f:a9:
         ec:39:b3:5c:bd:ca:54:58:42:7a:4e:15:04:4a:c2:33:ce:7f:
         38:a3:a4:8a:ca:e2:34:f8:7d:bc:a9:2b:e8:b7:31:7c:23:9e:
         47:b6:f7:51
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU5LL6zOaqYM2EoPp5BHPBsAuZLgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTMwMDAyMTA3WhcNMjUxMTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzOWZiNWVjY2E1YzQ2OGQ5M2JkNjY4ZjBhY2QzODlmZWFm
YTllN2E3Y2NjOTdlMDY1MDZiMmIyYmRhYzQ2ZjJlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDlW6nkp/sBLzaLxP9k2kHp8RgKFgsCBauKZVrbvd3s6tAQ
aYdCiJzqhbv+/dguGNYYgRJk6E+ZzJMDSNTAcC6cvSyJOD1eP9AdBV14jMhB9EiD
k8iBIy6qgz0nGCaW28IkYy8xkWdN38gtXYLF7aIyMjs++fe4CNRmguqUod0E0WK3
ZDEo1iyhCcW1XKpUAiyZkRpx+ntq74tHx3TM1Gie6xkePDypuqdvlncbfNYyyeFc
lVoNZtKgk9DIn8Ur/1aTkt8q+EABtAIg9oLUSYGJ6IN6CtDbnrNK8vYeEbEh4qWI
tIYQT7zGq7dJ2pAyZvEkzvPuDEeH1o2upcGpZVNvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5IhOHzXD2pe6CJmkEp7sIsFd9/QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I4ODI4ODZmLWQ4ZjktNGY4ZC05ZTU1LWRhNjhhOGQ0ODJlZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAKouQQwDQYJKoZIhvcNAQELBQADggEBAHV0P+bFPAMFfzjKANlXpQca/sfC
Fi/oakI+W6xzMs/I0i06f1lSwjdNohzBVDEGzQdKVr9nqw4+cCgHDFgAslZz0Iy+
NIJLdt8feXj+gXqY4/06e7aBPMRJxoppG3fpIIDlfKVxhd5LoXyxlAoinaY+efSK
4iFD73pgqsQbqBB5pUG7a7GDf2mNNnmTm0UhFscx1jxGrjw4r9TbhqDhR1QPZAx1
1948pABEvJrdIU4IQEwtI03OLfTvtLXDyACd935i+H0MqYR4+imdTrKntuCT+oj7
Koo/qew5s1y9ylRYQnpOFQRKwjPOfzijpIrK4jT4fbypK+i3MXwjnke291E=
-----END CERTIFICATE-----