Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb56cb92-b2af-486c-8e14-550871fce8cf.roa
File:                     cb56cb92-b2af-486c-8e14-550871fce8cf.roa (raw, json)
Hash identifier:          BjFToag/HzTqK8T0jVCVovf2znuUMpWQSjeFPjZKD/o=
Subject key identifier:   12:DB:C9:C3:63:A1:F7:7A:02:CE:02:BC:31:40:45:EA:E6:FD:BB:0E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       311ECFDECCBEFC1604B37ACC84AC30C2905F7902
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb56cb92-b2af-486c-8e14-550871fce8cf.roa
Signing time:             Sat 27 Sep 2025 00:40:27 +0000
ROA not before:           Sat 27 Sep 2025 00:40:27 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        70.131.192.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:1e:cf:de:cc:be:fc:16:04:b3:7a:cc:84:ac:30:c2:90:5f:79:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 27 00:40:27 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=e7828f0936103bfd056bee4ce094b5840b29037d3980e7e0464e15d32028bda0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:49:a9:3c:93:4d:a6:62:d5:c2:d7:1b:76:98:
                    7b:1b:da:21:3c:c2:58:88:ec:a3:f2:33:99:b8:02:
                    e4:c3:81:6e:3b:07:9b:76:bf:59:63:5a:c2:e5:a1:
                    55:61:46:8a:3e:30:ce:3c:4e:4b:62:89:82:a6:1f:
                    89:d7:e6:7d:36:a9:f6:ee:47:a8:dd:61:5f:53:6d:
                    0e:b2:ff:2f:1d:d9:96:21:eb:0f:e8:be:bd:f0:c9:
                    e3:48:38:0a:1f:1f:01:7c:89:20:b5:8c:05:30:39:
                    7b:8e:2f:97:32:36:e8:60:43:e2:26:ae:d0:cb:6e:
                    54:d1:09:40:3f:ea:07:49:53:6d:43:f1:03:73:f1:
                    d7:83:07:aa:4f:f5:e1:1a:cf:dc:63:35:a1:51:e1:
                    29:e0:fc:32:0b:f8:22:48:75:83:a0:f3:2c:59:c5:
                    82:4b:58:85:6c:91:20:bd:e8:45:95:64:b1:3a:cf:
                    b1:11:db:7a:c4:2b:89:a6:e8:68:83:60:f2:49:20:
                    f5:b7:ff:d9:22:64:61:53:f8:82:98:f4:62:b4:02:
                    16:8c:fc:2e:34:ee:b6:35:fb:8d:0a:e8:e8:a6:bf:
                    f0:e2:49:27:1a:b9:04:94:2b:2b:7e:e7:f6:55:c6:
                    ef:70:e5:22:aa:a0:5f:87:3e:64:07:46:2e:f2:17:
                    a0:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:DB:C9:C3:63:A1:F7:7A:02:CE:02:BC:31:40:45:EA:E6:FD:BB:0E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb56cb92-b2af-486c-8e14-550871fce8cf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  70.131.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         b1:0f:09:2a:35:ed:2e:d4:c8:34:50:10:97:dc:8d:9d:01:93:
         9b:ea:4e:30:45:6b:38:f2:db:07:4f:c0:52:87:96:94:48:ed:
         91:64:57:5d:92:86:e4:25:c0:f5:5c:7e:ab:dd:6a:e0:1c:e0:
         08:ca:18:e5:9c:aa:50:28:2f:7b:fc:4e:a7:ce:71:5c:1b:ae:
         11:c7:23:f2:0a:2b:6c:45:31:fb:7b:77:a8:14:97:71:8a:30:
         a5:b6:e5:04:30:6e:c7:ef:37:2e:e8:57:60:65:5d:78:3a:66:
         9c:31:3c:f2:9f:9a:42:5a:88:7b:3c:6d:80:27:4a:bb:a4:1e:
         b2:54:13:34:5d:1c:03:08:8c:a0:0d:a1:35:ef:e5:90:5c:60:
         62:e7:54:3e:59:9e:0a:1b:3c:8d:f9:30:e0:df:ab:08:c5:52:
         92:10:54:fb:80:43:d8:c8:59:d5:59:f7:66:18:66:3f:19:f5:
         67:9d:43:76:e4:93:16:ec:38:f7:09:3b:5d:f7:41:af:39:83:
         f6:ab:71:a3:75:7f:04:b9:29:65:58:12:5c:e4:4d:75:04:68:
         85:08:a2:22:ac:4c:dd:64:f5:63:c8:00:d3:05:89:47:7c:95:
         3d:ce:e5:c0:d3:bb:85:0a:5d:c2:1f:5f:52:92:67:ea:04:67:
         26:d1:82:16
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMR7P3sy+/BYEs3rMhKwwwpBfeQIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI3MDA0MDI3WhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlNzgyOGYwOTM2MTAzYmZkMDU2YmVlNGNlMDk0YjU4NDBi
MjkwMzdkMzk4MGU3ZTA0NjRlMTVkMzIwMjhiZGEwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCISak8k02mYtXC1xt2mHsb2iE8wliI7KPyM5m4AuTDgW47
B5t2v1ljWsLloVVhRoo+MM48TktiiYKmH4nX5n02qfbuR6jdYV9TbQ6y/y8d2ZYh
6w/ovr3wyeNIOAofHwF8iSC1jAUwOXuOL5cyNuhgQ+ImrtDLblTRCUA/6gdJU21D
8QNz8deDB6pP9eEaz9xjNaFR4Sng/DIL+CJIdYOg8yxZxYJLWIVskSC96EWVZLE6
z7ER23rEK4mm6GiDYPJJIPW3/9kiZGFT+IKY9GK0AhaM/C407rY1+40K6Oimv/Di
SScauQSUKyt+5/ZVxu9w5SKqoF+HPmQHRi7yF6CbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEtvJw2Oh93oCzgK8MUBF6ub9uw4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NiNTZjYjkyLWIyYWYtNDg2Yy04ZTE0LTU1MDg3MWZjZThjZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZGg8AwDQYJKoZIhvcNAQELBQADggEBALEPCSo17S7UyDRQEJfcjZ0Bk5vq
TjBFazjy2wdPwFKHlpRI7ZFkV12ShuQlwPVcfqvdauAc4AjKGOWcqlAoL3v8TqfO
cVwbrhHHI/IKK2xFMft7d6gUl3GKMKW25QQwbsfvNy7oV2BlXXg6ZpwxPPKfmkJa
iHs8bYAnSrukHrJUEzRdHAMIjKANoTXv5ZBcYGLnVD5ZngobPI35MODfqwjFUpIQ
VPuAQ9jIWdVZ92YYZj8Z9WedQ3bkkxbsOPcJO133Qa85g/arcaN1fwS5KWVYElzk
TXUEaIUIoiKsTN1k9WPIANMFiUd8lT3O5cDTu4UKXcIfX1KSZ+oEZybRghY=
-----END CERTIFICATE-----