Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cf53c219-4499-438d-b19e-5579548a9fbd.roa
File:                     cf53c219-4499-438d-b19e-5579548a9fbd.roa (raw, json)
Hash identifier:          q5eEsvXr8GnBIS0ETiBEw31c5oVjN737PKsmBxMqr1A=
Subject key identifier:   0F:67:37:94:97:49:8B:AF:BA:C7:EC:7B:50:4E:76:41:C7:88:F0:EA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5D68A12C4471B382D210022A014BEE08BB0D95D5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cf53c219-4499-438d-b19e-5579548a9fbd.roa
Signing time:             Wed 01 Oct 2025 00:03:00 +0000
ROA not before:           Wed 01 Oct 2025 00:03:00 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        162.213.232.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:68:a1:2c:44:71:b3:82:d2:10:02:2a:01:4b:ee:08:bb:0d:95:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:03:00 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=b52bb4f436c174cda53068e18aa00be397abf73b97b12545d5cde7082df64533, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:8f:92:5e:25:94:8a:c3:e8:4a:00:d2:19:05:
                    4d:3c:6e:9d:e0:22:20:19:84:2f:ca:51:d3:11:71:
                    d3:61:68:55:b1:3a:14:51:f5:72:ed:ff:4d:36:28:
                    c3:3f:c2:d1:d4:e0:e8:b8:fe:d6:f4:fd:ce:a5:62:
                    0a:a3:06:c3:ee:39:ed:3e:d8:2b:a4:ac:e6:e3:94:
                    d6:11:ed:2e:9a:1f:2c:26:c2:bc:c8:f5:1b:b4:22:
                    da:7c:7b:43:2c:79:e9:f6:cb:28:71:cc:52:1a:90:
                    52:77:a8:21:14:33:42:e1:f5:83:5c:cd:87:3d:85:
                    d5:43:ee:ac:cf:1e:d3:ff:24:a8:10:1c:31:cc:f6:
                    89:b8:ec:f1:6c:8d:24:53:68:63:24:c9:73:97:22:
                    3f:a1:fe:74:87:32:00:4c:72:12:e5:cc:b1:05:af:
                    f1:34:90:60:8d:2d:54:05:88:c7:d0:92:c9:96:c7:
                    d9:b9:ea:d9:42:14:4d:b3:a8:92:ca:ed:99:47:d6:
                    a1:98:cc:f8:ea:37:0e:6b:0a:74:f4:7b:22:fc:ac:
                    e6:bb:44:69:8a:95:f2:03:98:c2:c9:25:8d:7e:22:
                    41:14:e5:e5:44:62:76:1a:f7:ac:33:11:47:84:14:
                    ef:7e:f8:64:f5:28:b9:7e:51:68:12:61:73:7a:08:
                    34:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:67:37:94:97:49:8B:AF:BA:C7:EC:7B:50:4E:76:41:C7:88:F0:EA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cf53c219-4499-438d-b19e-5579548a9fbd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.213.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:e6:e6:a1:c4:01:cf:f7:e5:53:c5:bc:ed:fd:40:e8:f7:7a:
         a8:3b:6f:15:64:8c:aa:3c:9a:25:c9:00:b7:82:af:c8:fb:4b:
         c6:05:a4:a2:60:26:e4:51:0b:a7:c9:86:a0:bd:c0:6e:01:96:
         85:29:68:fa:2f:60:bf:7d:06:11:bb:99:75:ac:6d:8f:64:48:
         cf:cf:7e:1c:3a:24:3f:a2:87:14:39:69:4d:be:32:dc:1a:c6:
         a2:58:b6:7c:e7:fd:75:ac:4c:93:b7:b3:c4:97:98:f2:71:fb:
         89:58:c9:81:fe:18:c8:73:af:e6:ea:72:cd:ba:a7:5d:4f:ef:
         94:6d:30:25:d9:89:f7:4c:ec:a7:56:a9:cc:89:f4:fd:c5:8d:
         bf:2d:92:ea:42:5b:59:f7:a4:2c:46:0e:7c:e2:38:32:bb:a3:
         ec:1e:c1:6e:c2:bc:c4:f4:a7:7f:db:b7:55:82:25:cc:fa:6a:
         b6:f9:cb:e4:24:18:63:63:a8:f3:29:79:f8:e3:98:03:d3:d5:
         bc:c9:94:f9:b0:0e:0a:d9:9f:34:af:52:7c:2e:b0:77:1f:65:
         e9:63:44:bb:d4:43:1d:ff:98:69:35:6c:67:8f:2a:5c:e3:96:
         80:31:8d:91:80:c5:39:d9:6f:a2:e6:3b:51:10:8c:ac:b9:e2:
         22:ab:40:76
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXWihLERxs4LSEAIqAUvuCLsNldUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDAwMzAwWhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNTJiYjRmNDM2YzE3NGNkYTUzMDY4ZTE4YWEwMGJlMzk3
YWJmNzNiOTdiMTI1NDVkNWNkZTcwODJkZjY0NTMzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLj5JeJZSKw+hKANIZBU08bp3gIiAZhC/KUdMRcdNhaFWx
OhRR9XLt/002KMM/wtHU4Oi4/tb0/c6lYgqjBsPuOe0+2CukrObjlNYR7S6aHywm
wrzI9Ru0Itp8e0Mseen2yyhxzFIakFJ3qCEUM0Lh9YNczYc9hdVD7qzPHtP/JKgQ
HDHM9om47PFsjSRTaGMkyXOXIj+h/nSHMgBMchLlzLEFr/E0kGCNLVQFiMfQksmW
x9m56tlCFE2zqJLK7ZlH1qGYzPjqNw5rCnT0eyL8rOa7RGmKlfIDmMLJJY1+IkEU
5eVEYnYa96wzEUeEFO9++GT1KLl+UWgSYXN6CDSFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUD2c3lJdJi6+6x+x7UE52QceI8OowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NmNTNjMjE5LTQ0OTktNDM4ZC1iMTllLTU1Nzk1NDhhOWZiZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAKi1egwDQYJKoZIhvcNAQELBQADggEBAB/m5qHEAc/35VPFvO39QOj3eqg7
bxVkjKo8miXJALeCr8j7S8YFpKJgJuRRC6fJhqC9wG4BloUpaPovYL99BhG7mXWs
bY9kSM/Pfhw6JD+ihxQ5aU2+MtwaxqJYtnzn/XWsTJO3s8SXmPJx+4lYyYH+GMhz
r+bqcs26p11P75RtMCXZifdM7KdWqcyJ9P3Fjb8tkupCW1n3pCxGDnziODK7o+we
wW7CvMT0p3/bt1WCJcz6arb5y+QkGGNjqPMpefjjmAPT1bzJlPmwDgrZnzSvUnwu
sHcfZeljRLvUQx3/mGk1bGePKlzjloAxjZGAxTnZb6LmO1EQjKy54iKrQHY=
-----END CERTIFICATE-----