Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c3b9896d-fe24-4be4-8de9-1739a2278787.roa
File:                     c3b9896d-fe24-4be4-8de9-1739a2278787.roa (raw, json)
Hash identifier:          MtYtVH5bQghZOPP2UdQ4ynFrtQruX+mj+IUM0G2ZSGk=
Subject key identifier:   EC:E7:12:4C:50:54:21:16:B6:82:2B:EB:BE:76:A9:B5:3F:3C:D2:20
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7D78FC45E4CF45F8AB78DEA6A6413DA363402A8F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c3b9896d-fe24-4be4-8de9-1739a2278787.roa
Signing time:             Mon 06 Oct 2025 15:39:04 +0000
ROA not before:           Mon 06 Oct 2025 15:39:04 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     7224
IP address blocks:        24.110.12.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:78:fc:45:e4:cf:45:f8:ab:78:de:a6:a6:41:3d:a3:63:40:2a:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 15:39:04 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=12e5bd76c1420b10f8f427a4ef7c1ffd17c94e2326d11af95c09e7bfe2c2408d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:92:06:73:53:b5:46:41:da:f1:d6:af:9e:68:
                    1f:32:9e:a3:7b:06:12:d4:e1:95:8c:26:ab:6a:21:
                    18:b3:12:97:b7:71:db:b0:d5:37:78:cf:49:63:dc:
                    dd:5e:48:e7:de:ab:00:3b:87:8b:27:14:87:69:b1:
                    7c:97:7d:26:7c:41:ca:0a:1b:6d:0f:30:f4:9d:35:
                    27:62:f0:2b:41:51:b4:3f:b4:16:1b:bc:83:dc:88:
                    fa:9d:e6:37:38:83:eb:95:3c:93:47:73:58:b6:88:
                    4c:1b:3d:aa:cc:f1:26:73:cc:f2:86:d1:e2:cd:8e:
                    cb:a2:f1:68:e6:1f:99:52:51:ae:6d:83:97:e1:01:
                    53:8e:de:d9:64:26:0b:63:7f:e1:57:9c:b7:09:5f:
                    81:c0:cf:7f:2e:c5:5e:e2:6b:94:8a:99:c9:d7:83:
                    89:8e:2a:9a:ee:62:0d:8d:d6:11:b6:17:8e:2b:fa:
                    d8:f0:d8:dc:19:4b:66:50:9f:f4:95:9b:6a:70:11:
                    97:0e:96:ea:67:8d:87:bb:0b:e1:6f:b1:e0:9e:bc:
                    96:ea:8a:eb:ba:39:d7:be:dd:91:9b:45:f3:49:d4:
                    be:47:bf:be:3d:2d:19:97:c6:cb:47:1e:08:a4:0e:
                    03:ae:18:80:3f:51:4f:72:98:32:2b:07:9e:17:4d:
                    50:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:E7:12:4C:50:54:21:16:B6:82:2B:EB:BE:76:A9:B5:3F:3C:D2:20
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c3b9896d-fe24-4be4-8de9-1739a2278787.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  24.110.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:6e:97:64:ac:47:e3:2d:ec:3b:6b:56:3a:dd:3d:ed:1c:b6:
         48:c1:c1:9f:9c:63:b4:ed:c6:62:23:a4:29:fd:4d:0c:d0:ba:
         79:ec:c3:ac:54:51:ea:3d:84:7e:97:25:de:1e:1d:09:41:dd:
         44:55:b1:4d:85:a7:5a:93:d7:8a:2b:11:9a:63:a0:43:1d:8d:
         fb:c2:4e:a7:d0:56:e4:57:6b:dd:48:98:96:e1:66:2c:8a:21:
         57:89:bc:a1:33:c6:3c:a9:b3:38:62:99:fb:96:ed:53:bf:88:
         05:a0:24:75:31:fa:d6:6f:0f:13:eb:33:b4:2c:8a:cb:89:9e:
         39:51:8c:23:d4:35:6d:2c:bb:3b:f2:72:79:b1:82:d5:18:db:
         fa:2a:5f:62:37:e7:30:fd:83:44:2d:f2:22:28:16:a2:a3:c9:
         fe:65:1e:10:c2:04:d5:fc:17:ca:98:58:b5:74:8c:a0:51:a3:
         3a:ee:88:59:4e:17:ed:78:97:39:f7:7e:e4:b6:3f:9a:47:bd:
         8f:a0:be:c7:45:4e:dc:96:76:bd:50:e3:c5:73:65:95:d3:d0:
         b0:ad:5d:b7:c0:0c:58:ad:e4:77:7a:f5:d1:26:6c:76:44:7e:
         5f:5a:d1:4c:1a:e2:9e:bd:1e:40:1d:d4:62:20:54:da:81:3e:
         e9:c3:ac:9b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfXj8ReTPRfireN6mpkE9o2NAKo8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTUzOTA0WhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMmU1YmQ3NmMxNDIwYjEwZjhmNDI3YTRlZjdjMWZmZDE3
Yzk0ZTIzMjZkMTFhZjk1YzA5ZTdiZmUyYzI0MDhkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7kgZzU7VGQdrx1q+eaB8ynqN7BhLU4ZWMJqtqIRizEpe3
cduw1Td4z0lj3N1eSOfeqwA7h4snFIdpsXyXfSZ8QcoKG20PMPSdNSdi8CtBUbQ/
tBYbvIPciPqd5jc4g+uVPJNHc1i2iEwbParM8SZzzPKG0eLNjsui8WjmH5lSUa5t
g5fhAVOO3tlkJgtjf+FXnLcJX4HAz38uxV7ia5SKmcnXg4mOKpruYg2N1hG2F44r
+tjw2NwZS2ZQn/SVm2pwEZcOlupnjYe7C+FvseCevJbqiuu6Ode+3ZGbRfNJ1L5H
v749LRmXxstHHgikDgOuGIA/UU9ymDIrB54XTVDJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7OcSTFBUIRa2givrvnaptT880iAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MzYjk4OTZkLWZlMjQtNGJlNC04ZGU5LTE3MzlhMjI3ODc4Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIYbgwwDQYJKoZIhvcNAQELBQADggEBAHNul2SsR+Mt7DtrVjrdPe0ctkjB
wZ+cY7TtxmIjpCn9TQzQunnsw6xUUeo9hH6XJd4eHQlB3URVsU2Fp1qT14orEZpj
oEMdjfvCTqfQVuRXa91ImJbhZiyKIVeJvKEzxjypszhimfuW7VO/iAWgJHUx+tZv
DxPrM7QsisuJnjlRjCPUNW0suzvycnmxgtUY2/oqX2I35zD9g0Qt8iIoFqKjyf5l
HhDCBNX8F8qYWLV0jKBRozruiFlOF+14lzn3fuS2P5pHvY+gvsdFTtyWdr1Q48Vz
ZZXT0LCtXbfADFit5Hd69dEmbHZEfl9a0Uwa4p69HkAd1GIgVNqBPunDrJs=
-----END CERTIFICATE-----