Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c90a48dd-ff7d-4b74-a091-ef4b92a1422d.roa
File:                     c90a48dd-ff7d-4b74-a091-ef4b92a1422d.roa (raw, json)
Hash identifier:          n6Jt6j7UXiIz+QfSO1ZF7bhACJ0EIc57ACr/4DFSNJQ=
Subject key identifier:   8D:D8:2D:BA:07:45:A7:2F:8E:08:F9:DA:8B:95:11:6F:3A:ED:E7:CA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       70FADCFDEB2D764542719A8402C930E3F1EBF0EB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c90a48dd-ff7d-4b74-a091-ef4b92a1422d.roa
Signing time:             Sat 18 Oct 2025 02:31:50 +0000
ROA not before:           Sat 18 Oct 2025 02:31:50 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.9.128.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:fa:dc:fd:eb:2d:76:45:42:71:9a:84:02:c9:30:e3:f1:eb:f0:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 02:31:50 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=8ed1b63e651b5d0dc664fe7705baedd529333888ba5a11d351ab7f254295db34, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:e2:1f:a5:fb:ff:e7:89:7c:03:cf:dc:78:eb:
                    6b:bb:9b:44:84:d5:72:72:88:05:fb:e8:cb:b4:c4:
                    ed:4c:8f:6f:0f:02:73:b7:be:0d:2b:d1:62:61:f6:
                    86:90:d6:e0:20:6f:d6:40:e0:46:94:74:50:bb:c9:
                    ec:b9:9d:a1:9f:57:1a:cf:0a:d3:28:21:ae:4d:64:
                    1c:59:08:26:7d:41:30:75:89:32:32:aa:31:e0:61:
                    e0:77:f9:82:70:1e:6b:82:e9:17:a5:b5:df:49:72:
                    26:f4:63:b2:58:6f:d2:c5:22:49:db:e8:9d:d2:b8:
                    66:8d:66:cf:21:9a:ed:bb:fb:37:60:91:8f:38:d0:
                    20:ff:9e:b2:0b:fb:34:83:cd:9d:9f:8f:72:de:17:
                    5b:40:05:be:b1:22:e5:ae:5f:31:ae:09:bd:29:f9:
                    3a:e7:fe:4d:3f:2a:c3:f4:91:ea:ad:a2:b2:9c:4c:
                    ba:ce:b4:db:29:e2:6c:48:fe:93:7c:9a:ed:33:78:
                    e2:d3:12:ba:fb:0d:82:fd:ab:ab:8c:e6:fb:7c:65:
                    3b:0b:00:f8:c1:05:40:65:55:a7:1d:c4:60:4f:17:
                    2d:26:b9:94:c4:8f:1a:ba:0f:78:b2:6d:54:25:a2:
                    6b:03:7a:9c:c5:fd:89:3e:63:b7:f3:07:9c:6f:69:
                    19:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:D8:2D:BA:07:45:A7:2F:8E:08:F9:DA:8B:95:11:6F:3A:ED:E7:CA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c90a48dd-ff7d-4b74-a091-ef4b92a1422d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.9.128.0/21

    Signature Algorithm: sha256WithRSAEncryption
         c9:98:71:13:eb:69:65:f5:b7:29:46:f5:68:d9:ef:4b:a5:b1:
         89:03:b9:45:46:c4:89:08:d5:bc:db:40:c4:19:d7:be:b3:ff:
         93:e3:97:01:b7:50:e8:59:d7:f8:d9:65:59:1d:94:66:ec:38:
         e8:ff:99:d1:c2:3d:ce:c7:78:5f:aa:44:ce:29:0a:72:68:d9:
         27:85:cb:4a:d0:5e:bd:7e:dd:5b:89:89:fe:69:2f:70:f3:ee:
         7e:b0:3e:47:a4:07:37:e9:3d:2e:2c:93:ec:01:6c:c9:a4:d6:
         ee:07:8f:c5:ff:ec:17:d8:f2:32:f8:b1:c9:4e:a0:0f:3c:e7:
         b3:a5:58:90:70:b5:f3:81:56:fc:73:af:6a:07:f4:be:9e:ff:
         58:56:87:b0:0b:69:c6:2c:0f:f1:fe:e7:47:4f:e1:ad:4b:d7:
         61:90:1a:6e:94:41:a6:0e:7c:0a:0f:c4:ce:92:b3:f9:17:2e:
         09:71:f5:bf:1b:c7:0f:41:1b:0c:f2:67:29:c0:c0:8f:0e:e4:
         55:73:e2:a0:93:93:e1:fc:36:d5:8f:d6:f1:8d:ce:2f:8b:61:
         f0:a0:70:c8:62:b1:6a:3c:dc:5b:c8:79:56:e8:f8:1d:89:3a:
         d5:b4:da:87:90:e7:52:b6:2b:0e:51:cd:82:f9:8a:fc:dc:a3:
         23:7e:17:1d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcPrc/estdkVCcZqEAskw4/Hr8OswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDIzMTUwWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZWQxYjYzZTY1MWI1ZDBkYzY2NGZlNzcwNWJhZWRkNTI5
MzMzODg4YmE1YTExZDM1MWFiN2YyNTQyOTVkYjM0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDO4h+l+//niXwDz9x462u7m0SE1XJyiAX76Mu0xO1Mj28P
AnO3vg0r0WJh9oaQ1uAgb9ZA4EaUdFC7yey5naGfVxrPCtMoIa5NZBxZCCZ9QTB1
iTIyqjHgYeB3+YJwHmuC6Reltd9Jcib0Y7JYb9LFIknb6J3SuGaNZs8hmu27+zdg
kY840CD/nrIL+zSDzZ2fj3LeF1tABb6xIuWuXzGuCb0p+Trn/k0/KsP0keqtorKc
TLrOtNsp4mxI/pN8mu0zeOLTErr7DYL9q6uM5vt8ZTsLAPjBBUBlVacdxGBPFy0m
uZTEjxq6D3iybVQlomsDepzF/Yk+Y7fzB5xvaRkNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjdgtugdFpy+OCPnai5URbzrt58owHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M5MGE0OGRkLWZmN2QtNGI3NC1hMDkxLWVmNGI5MmExNDIyZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANBCYAwDQYJKoZIhvcNAQELBQADggEBAMmYcRPraWX1tylG9WjZ70ulsYkD
uUVGxIkI1bzbQMQZ176z/5PjlwG3UOhZ1/jZZVkdlGbsOOj/mdHCPc7HeF+qRM4p
CnJo2SeFy0rQXr1+3VuJif5pL3Dz7n6wPkekBzfpPS4sk+wBbMmk1u4Hj8X/7BfY
8jL4sclOoA8857OlWJBwtfOBVvxzr2oH9L6e/1hWh7ALacYsD/H+50dP4a1L12GQ
Gm6UQaYOfAoPxM6Ss/kXLglx9b8bxw9BGwzyZynAwI8O5FVz4qCTk+H8NtWP1vGN
zi+LYfCgcMhisWo83FvIeVbo+B2JOtW02oeQ51K2Kw5RzYL5ivzcoyN+Fx0=
-----END CERTIFICATE-----