Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4314907-a293-452a-8393-4b578c9f3645.roa
File:                     d4314907-a293-452a-8393-4b578c9f3645.roa (raw, json)
Hash identifier:          5phGzDVG+bVvLVkj3iX71toasc22wlyxpxl5XxWTeq8=
Subject key identifier:   F7:E3:C8:28:4D:5B:BF:1F:BA:6B:EB:E4:75:0D:58:CC:2B:87:EF:A7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       26AB7ACD6331016EFD3CC0907D828A1E0FCA243A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4314907-a293-452a-8393-4b578c9f3645.roa
Signing time:             Sat 18 Oct 2025 02:21:32 +0000
ROA not before:           Sat 18 Oct 2025 02:21:32 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        5.60.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:ab:7a:cd:63:31:01:6e:fd:3c:c0:90:7d:82:8a:1e:0f:ca:24:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 02:21:32 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=ea1044029b20b067fcefea7a961dab6784726e79e91798043fbf0a3db650b90f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:92:b6:55:a2:bb:4e:78:2e:c9:4d:08:d8:98:
                    1e:4e:95:09:83:29:57:b5:25:9b:c9:87:06:d1:54:
                    f4:cc:58:db:bf:82:64:d3:e9:9f:0b:22:5d:e1:18:
                    cf:2f:32:4b:3c:ae:9f:d0:f6:8f:dd:85:b3:ee:82:
                    04:3a:77:d2:06:5a:2b:ff:b8:0a:e6:49:be:73:f2:
                    c5:b8:4e:15:9d:ea:fd:69:87:9b:1f:c5:26:0e:9d:
                    9e:f2:ca:24:73:b5:d7:dd:22:1d:af:3d:30:a3:2e:
                    79:6b:fa:b1:4d:86:37:2d:1e:d4:a4:22:90:bf:64:
                    42:ee:3e:51:3b:87:0c:1e:63:fa:32:4f:99:4c:51:
                    f9:95:a4:4e:ec:a9:e2:3f:09:f7:b5:0d:0a:6e:99:
                    ee:4f:ea:a8:de:62:6a:9e:40:ab:6a:2c:e1:60:5d:
                    ee:06:02:e9:bc:ff:2b:0f:f2:f6:41:3e:4a:bc:4d:
                    8f:9f:84:2e:2c:56:85:67:5a:38:26:e9:ad:57:ba:
                    d0:59:35:05:38:c9:02:12:2d:d9:7a:56:f7:de:3f:
                    10:3b:bf:90:c2:8c:59:d1:e3:ff:dd:6f:6e:20:10:
                    8e:56:6b:c6:4d:33:c4:aa:d2:76:0d:14:22:30:1a:
                    0b:f1:32:01:a7:f9:c9:d5:79:4b:09:96:dd:6a:80:
                    26:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:E3:C8:28:4D:5B:BF:1F:BA:6B:EB:E4:75:0D:58:CC:2B:87:EF:A7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4314907-a293-452a-8393-4b578c9f3645.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.60.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         16:20:82:67:5d:ca:2c:9d:17:ec:cb:b3:95:70:4f:03:b0:2e:
         76:e6:d6:ab:1b:f0:ba:dd:2c:62:8f:4a:82:c6:4f:54:db:93:
         1e:cf:39:3a:1e:f8:5f:3a:1e:1c:dd:8d:d4:db:ec:dd:73:e5:
         e0:de:44:37:fc:4a:bb:82:b7:5f:9e:24:b5:f4:90:bd:70:64:
         14:87:46:b6:ed:7f:17:48:1b:77:28:d9:0e:23:b1:8e:58:b9:
         87:71:9b:94:cf:66:f7:72:72:42:1f:c9:91:24:c1:db:5f:4e:
         1d:2d:c3:28:6e:a0:4d:b8:03:74:c0:4f:9e:7c:d4:a0:8c:ea:
         25:88:d9:3e:15:5f:1b:46:c9:16:05:cd:23:9b:2b:bd:92:82:
         58:49:4b:37:c4:d1:b7:99:06:cc:ba:b0:29:d1:49:04:ee:df:
         95:b8:1c:b0:5e:24:37:e7:ae:30:02:e9:99:d4:90:76:3b:70:
         17:e9:a9:d0:3d:2d:7c:2f:61:f9:b2:97:40:1c:1f:68:62:08:
         72:5b:04:9c:e2:d9:dd:26:d3:e4:97:bc:2d:21:0f:e5:16:66:
         5c:2b:fd:cb:19:89:0d:8d:ea:9f:b9:88:34:36:4a:bc:c9:08:
         76:e1:c2:b4:38:8d:20:6a:db:47:91:38:27:b5:2c:76:f9:28:
         26:a1:8d:b3
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUJqt6zWMxAW79PMCQfYKKHg/KJDowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDIyMTMyWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BlYTEwNDQwMjliMjBiMDY3ZmNlZmVhN2E5NjFkYWI2Nzg0
NzI2ZTc5ZTkxNzk4MDQzZmJmMGEzZGI2NTBiOTBmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwkrZVortOeC7JTQjYmB5OlQmDKVe1JZvJhwbRVPTMWNu/
gmTT6Z8LIl3hGM8vMks8rp/Q9o/dhbPuggQ6d9IGWiv/uArmSb5z8sW4ThWd6v1p
h5sfxSYOnZ7yyiRztdfdIh2vPTCjLnlr+rFNhjctHtSkIpC/ZELuPlE7hwweY/oy
T5lMUfmVpE7sqeI/Cfe1DQpume5P6qjeYmqeQKtqLOFgXe4GAum8/ysP8vZBPkq8
TY+fhC4sVoVnWjgm6a1XutBZNQU4yQISLdl6VvfePxA7v5DCjFnR4//db24gEI5W
a8ZNM8Sq0nYNFCIwGgvxMgGn+cnVeUsJlt1qgCY1AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU9+PIKE1bvx+6a+vkdQ1YzCuH76cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q0MzE0OTA3LWEyOTMtNDUyYS04MzkzLTRiNTc4YzlmMzY0NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAFPDANBgkqhkiG9w0BAQsFAAOCAQEAFiCCZ13KLJ0X7MuzlXBPA7AudubW
qxvwut0sYo9KgsZPVNuTHs85Oh74XzoeHN2N1Nvs3XPl4N5EN/xKu4K3X54ktfSQ
vXBkFIdGtu1/F0gbdyjZDiOxjli5h3GblM9m93JyQh/JkSTB219OHS3DKG6gTbgD
dMBPnnzUoIzqJYjZPhVfG0bJFgXNI5srvZKCWElLN8TRt5kGzLqwKdFJBO7flbgc
sF4kN+euMALpmdSQdjtwF+mp0D0tfC9h+bKXQBwfaGIIclsEnOLZ3SbT5Je8LSEP
5RZmXCv9yxmJDY3qn7mINDZKvMkIduHCtDiNIGrbR5E4J7UsdvkoJqGNsw==
-----END CERTIFICATE-----