Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bb585bc4-a775-43d7-a10b-741706f5e07f.roa
File:                     bb585bc4-a775-43d7-a10b-741706f5e07f.roa (raw, json)
Hash identifier:          vCqy+Si/sOpJS7WlN0qC1c9Od0gltYLu5XucKSOQHns=
Subject key identifier:   9A:3C:DF:E5:DF:27:00:FE:CC:71:C6:67:0D:23:B6:F0:C2:5E:1B:A3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1EA82C901D7F26F711482E3768182D5EF83BC885
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bb585bc4-a775-43d7-a10b-741706f5e07f.roa
Signing time:             Mon 13 Oct 2025 15:52:02 +0000
ROA not before:           Mon 13 Oct 2025 15:52:02 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        24.110.33.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:a8:2c:90:1d:7f:26:f7:11:48:2e:37:68:18:2d:5e:f8:3b:c8:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 13 15:52:02 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=14c1a8ce9f9c270d9d3b0524fdd1fa95b761b2d66d6a0ab08f88e83ce03b51c2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b1:00:93:ff:79:d9:90:70:92:e2:e5:dc:8e:
                    ce:bf:40:bb:be:ed:8a:b1:a6:d5:e5:82:52:c0:80:
                    64:df:c3:91:e1:86:b6:70:3b:15:d4:a8:da:a3:d9:
                    da:5b:30:19:2c:5b:c9:e1:e3:28:a2:4e:db:8c:74:
                    60:39:40:f8:c0:af:40:32:0f:52:04:f2:c2:c0:41:
                    cd:6d:f9:24:51:90:73:e4:ca:25:fe:bc:6c:6a:79:
                    0e:ce:a9:bf:48:bd:3c:e7:31:ba:6f:44:88:c1:a0:
                    c7:15:ce:9b:c0:bc:88:1e:83:65:d3:49:d4:f9:e6:
                    c3:47:99:f5:a1:42:5f:e6:49:b3:a8:57:2e:33:9d:
                    a7:bb:a7:70:8c:c7:0d:4a:82:a6:b0:3b:24:97:29:
                    15:0e:3d:de:b9:a6:62:5c:9d:6b:76:b1:27:8d:55:
                    b7:fb:89:e2:0c:d8:1b:a3:30:60:9b:f8:4f:37:bd:
                    ff:4f:c3:c1:c8:17:49:75:53:e5:57:55:c6:bc:1f:
                    81:f7:08:1c:62:82:d9:50:40:5e:65:dc:11:88:72:
                    e4:2d:bf:5e:f2:1d:a9:2c:75:34:c9:0f:39:21:de:
                    31:cd:75:8b:5d:77:d6:a7:b7:7e:a0:fc:a8:fa:08:
                    49:08:cf:cf:21:ac:25:f2:a4:bb:fc:d8:72:0f:a2:
                    2a:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:3C:DF:E5:DF:27:00:FE:CC:71:C6:67:0D:23:B6:F0:C2:5E:1B:A3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bb585bc4-a775-43d7-a10b-741706f5e07f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  24.110.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:76:2c:19:6b:25:36:7d:a0:85:51:8c:c1:4a:86:d7:28:8f:
         4e:6f:3c:59:9f:3b:92:ca:e1:3b:ea:c5:9e:47:cc:83:9f:c7:
         b7:42:fd:6f:5f:6a:50:eb:cd:7d:42:a5:71:61:b9:b7:be:88:
         07:66:00:a5:01:7e:c3:1d:0e:68:44:df:c8:34:b7:bc:40:52:
         00:74:aa:3b:ae:c9:cf:0c:9d:bd:4e:2d:8d:37:67:7b:c6:3e:
         03:1c:fe:ba:3e:82:c1:af:23:8b:33:c1:86:eb:5f:11:bf:84:
         a0:12:63:93:dd:f2:66:82:43:5a:71:14:5f:79:b3:cf:eb:ba:
         7f:f8:72:35:82:8c:25:c7:37:bf:9e:ae:83:9a:d6:4f:9e:8f:
         e1:69:c0:e9:25:90:c0:35:83:3a:a9:ab:6d:25:81:8b:3b:f6:
         8a:db:e3:f1:38:dd:7a:97:51:e4:f8:c6:df:ad:21:64:d0:b6:
         2a:fb:58:09:0d:3f:5f:de:7a:a4:0a:6d:68:6b:13:e6:a9:f5:
         f9:c0:3b:82:53:70:76:72:1d:a0:15:12:14:d6:90:5f:48:e7:
         46:11:47:17:a8:ba:26:dd:3f:0f:a3:f0:6e:32:4f:5b:7c:e5:
         43:ce:27:7e:d1:61:60:4a:25:f1:49:41:df:6a:e4:09:d1:cd:
         fb:0c:28:0b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHqgskB1/JvcRSC43aBgtXvg7yIUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDEzMTU1MjAyWhcNMjUxMTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNGMxYThjZTlmOWMyNzBkOWQzYjA1MjRmZGQxZmE5NWI3
NjFiMmQ2NmQ2YTBhYjA4Zjg4ZTgzY2UwM2I1MWMyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOsQCT/3nZkHCS4uXcjs6/QLu+7YqxptXlglLAgGTfw5Hh
hrZwOxXUqNqj2dpbMBksW8nh4yiiTtuMdGA5QPjAr0AyD1IE8sLAQc1t+SRRkHPk
yiX+vGxqeQ7Oqb9IvTznMbpvRIjBoMcVzpvAvIgeg2XTSdT55sNHmfWhQl/mSbOo
Vy4znae7p3CMxw1KgqawOySXKRUOPd65pmJcnWt2sSeNVbf7ieIM2BujMGCb+E83
vf9Pw8HIF0l1U+VXVca8H4H3CBxigtlQQF5l3BGIcuQtv17yHaksdTTJDzkh3jHN
dYtdd9ant36g/Kj6CEkIz88hrCXypLv82HIPoiobAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmjzf5d8nAP7MccZnDSO28MJeG6MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JiNTg1YmM0LWE3NzUtNDNkNy1hMTBiLTc0MTcwNmY1ZTA3Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAYbiEwDQYJKoZIhvcNAQELBQADggEBABZ2LBlrJTZ9oIVRjMFKhtcoj05v
PFmfO5LK4TvqxZ5HzIOfx7dC/W9falDrzX1CpXFhube+iAdmAKUBfsMdDmhE38g0
t7xAUgB0qjuuyc8Mnb1OLY03Z3vGPgMc/ro+gsGvI4szwYbrXxG/hKASY5Pd8maC
Q1pxFF95s8/run/4cjWCjCXHN7+eroOa1k+ej+FpwOklkMA1gzqpq20lgYs79orb
4/E43XqXUeT4xt+tIWTQtir7WAkNP1/eeqQKbWhrE+ap9fnAO4JTcHZyHaAVEhTW
kF9I50YRRxeouibdPw+j8G4yT1t85UPOJ37RYWBKJfFJQd9q5AnRzfsMKAs=
-----END CERTIFICATE-----