Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c9025971-4f0f-4ad4-9ab8-6448dc5b46bd.roa
File:                     c9025971-4f0f-4ad4-9ab8-6448dc5b46bd.roa (raw, json)
Hash identifier:          lDcCu9eoP1cvuM+SKqQFXDVdBx5aZwf7C/cJ4D5eS/M=
Subject key identifier:   44:B7:77:3A:64:20:29:E9:23:D1:01:69:DE:02:C2:EC:B4:58:43:B8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3D6C06422CA9C07D18813F2D226164C32024742A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c9025971-4f0f-4ad4-9ab8-6448dc5b46bd.roa
Signing time:             Fri 03 Oct 2025 00:11:10 +0000
ROA not before:           Fri 03 Oct 2025 00:11:10 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.64.0.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:6c:06:42:2c:a9:c0:7d:18:81:3f:2d:22:61:64:c3:20:24:74:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:11:10 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=559c6b85d0a18fd2a843b18c4e277ecb5a3381e25e74f68b8252ee4f41e4bd66, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:26:83:13:64:b5:d8:12:cf:3f:98:95:fe:89:
                    b1:a1:4d:d4:a3:51:cd:41:83:ea:96:85:b0:b6:7e:
                    5f:50:8f:c2:2a:40:c3:52:da:bf:85:2c:ec:1b:ff:
                    3e:d1:99:6c:77:05:e8:fd:40:2b:28:c6:df:70:c7:
                    b6:6b:2d:62:09:f1:57:45:22:77:03:06:d0:45:a4:
                    43:ab:a2:f0:0b:23:f9:f0:a6:e1:39:86:78:68:87:
                    a8:ca:c6:92:bc:e1:b0:6d:f5:36:c6:71:1e:fe:71:
                    23:e5:89:74:00:0c:12:22:74:0a:3c:fb:79:ef:47:
                    36:cd:aa:53:9c:ae:38:19:6d:0c:87:67:0e:58:0c:
                    1b:38:72:5f:8b:8e:2d:64:25:45:a9:8d:07:8f:55:
                    75:02:03:5d:4c:c5:7f:0e:52:fc:68:a1:c4:72:0d:
                    e5:63:ee:1e:79:6c:4d:0a:11:2f:3f:df:55:16:5f:
                    f9:6e:93:15:b7:78:89:59:5a:6a:11:c6:4a:b2:17:
                    04:1c:bc:fd:2c:7b:2c:c0:5b:2a:9d:2d:30:6e:3a:
                    8c:50:df:2e:e6:9e:59:24:4e:93:11:66:8b:a1:8a:
                    36:53:8e:94:4f:0e:94:5e:d8:2e:58:60:a6:19:89:
                    da:99:46:16:f1:36:7f:1e:00:84:42:3d:bb:82:f1:
                    94:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:B7:77:3A:64:20:29:E9:23:D1:01:69:DE:02:C2:EC:B4:58:43:B8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c9025971-4f0f-4ad4-9ab8-6448dc5b46bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.64.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         d8:f6:46:cc:ba:81:c5:b2:4c:de:a9:26:f8:18:03:0e:1c:fc:
         f1:93:3c:88:4f:44:a1:71:35:a5:09:6f:0b:0d:12:ea:7a:e4:
         90:c0:a3:29:4a:9b:a5:4b:2c:e1:a4:b8:9f:8d:fb:2c:f1:55:
         09:45:6f:ff:59:7a:8b:41:80:ae:98:b5:0a:69:92:b7:94:28:
         b2:33:5b:20:ce:25:57:2f:7d:6d:f0:94:79:e1:27:a8:54:af:
         81:64:e8:7d:43:7a:ba:d4:a1:8b:c6:e6:06:94:06:d6:92:db:
         09:09:3f:3e:3b:d1:b6:9f:a7:10:75:26:2d:c6:be:83:d6:1b:
         ca:36:66:e1:36:c6:5a:00:c8:b8:6d:eb:b7:11:f2:fa:b9:cf:
         cf:60:d9:d2:64:0d:30:69:58:df:72:df:d4:08:6c:b1:f3:7a:
         b9:e7:4b:da:89:56:e8:e0:12:d9:06:e1:3b:d9:1d:63:e7:7e:
         c1:0e:82:a1:36:27:01:5a:65:bf:b7:2e:93:ea:f5:17:65:3a:
         9d:a3:8b:e8:2f:17:fd:11:4c:5b:3f:c1:6b:bc:78:40:3e:38:
         15:d9:03:9d:44:ad:0e:3e:38:7f:56:57:f9:02:13:9e:99:78:
         cd:3e:fc:86:db:37:01:f9:91:17:23:40:5a:08:5d:7c:68:ca:
         87:1a:c9:a6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPWwGQiypwH0YgT8tImFkwyAkdCowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDAxMTEwWhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NTljNmI4NWQwYTE4ZmQyYTg0M2IxOGM0ZTI3N2VjYjVh
MzM4MWUyNWU3NGY2OGI4MjUyZWU0ZjQxZTRiZDY2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCaJoMTZLXYEs8/mJX+ibGhTdSjUc1Bg+qWhbC2fl9Qj8Iq
QMNS2r+FLOwb/z7RmWx3Bej9QCsoxt9wx7ZrLWIJ8VdFIncDBtBFpEOrovALI/nw
puE5hnhoh6jKxpK84bBt9TbGcR7+cSPliXQADBIidAo8+3nvRzbNqlOcrjgZbQyH
Zw5YDBs4cl+Lji1kJUWpjQePVXUCA11MxX8OUvxoocRyDeVj7h55bE0KES8/31UW
X/lukxW3eIlZWmoRxkqyFwQcvP0seyzAWyqdLTBuOoxQ3y7mnlkkTpMRZouhijZT
jpRPDpRe2C5YYKYZidqZRhbxNn8eAIRCPbuC8ZQrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURLd3OmQgKekj0QFp3gLC7LRYQ7gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M5MDI1OTcxLTRmMGYtNGFkNC05YWI4LTY0NDhkYzViNDZiZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAfYQAAwDQYJKoZIhvcNAQELBQADggEBANj2Rsy6gcWyTN6pJvgYAw4c/PGT
PIhPRKFxNaUJbwsNEup65JDAoylKm6VLLOGkuJ+N+yzxVQlFb/9ZeotBgK6YtQpp
kreUKLIzWyDOJVcvfW3wlHnhJ6hUr4Fk6H1DerrUoYvG5gaUBtaS2wkJPz470baf
pxB1Ji3GvoPWG8o2ZuE2xloAyLht67cR8vq5z89g2dJkDTBpWN9y39QIbLHzernn
S9qJVujgEtkG4TvZHWPnfsEOgqE2JwFaZb+3LpPq9RdlOp2ji+gvF/0RTFs/wWu8
eEA+OBXZA51ErQ4+OH9WV/kCE56ZeM0+/IbbNwH5kRcjQFoIXXxoyocayaY=
-----END CERTIFICATE-----