Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d5be2472-af1a-4957-889f-91229016b0c9.roa
File:                     d5be2472-af1a-4957-889f-91229016b0c9.roa (raw, json)
Hash identifier:          EFw7gqoAXOwGRGloS8kx/lti29kmbKDSIdZ9787JTzU=
Subject key identifier:   89:58:1A:9A:A2:2E:61:36:5C:66:6B:66:78:D0:07:5D:FE:34:46:40
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6959F1C99254621F51813E227377853FDD691FFC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d5be2472-af1a-4957-889f-91229016b0c9.roa
Signing time:             Sat 04 Oct 2025 00:37:33 +0000
ROA not before:           Sat 04 Oct 2025 00:37:33 +0000
ROA not after:            Sat 08 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        129.223.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:59:f1:c9:92:54:62:1f:51:81:3e:22:73:77:85:3f:dd:69:1f:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  4 00:37:33 2025 GMT
            Not After : Nov  8 23:59:59 2025 GMT
        Subject: serialNumber=9b9ccc70041cd85005b728439d0c57a7e9b2dcc7e7dcf4b21b75cbd4b0c384ad, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ab:bb:11:6c:29:3a:d8:a6:e0:81:f7:5f:5b:
                    14:cf:a8:69:6c:9d:bf:09:7d:ed:3b:87:37:c7:67:
                    86:e0:93:23:61:8d:73:e4:83:04:0c:c9:55:1d:e0:
                    25:d6:27:a3:e7:db:9b:ae:8e:67:9f:a8:0b:a7:bb:
                    4e:c4:49:9e:db:8a:36:8d:18:b2:d4:61:95:7d:99:
                    75:b1:ec:d5:55:e4:59:60:76:dd:fa:f4:9b:a6:ca:
                    89:53:e4:e2:00:29:fb:e3:c2:32:98:06:b2:c3:87:
                    09:5e:b8:7c:cf:94:4c:01:32:a4:e9:84:e4:80:88:
                    41:19:74:48:9c:db:59:0a:0d:b9:3f:ea:c9:6c:c8:
                    6c:c8:c2:c0:62:03:c0:a9:bc:28:8b:4a:9e:93:3c:
                    9e:54:22:c6:f9:7e:bb:8b:3c:5f:8b:a3:b6:5d:1b:
                    b2:38:40:60:e8:35:a3:b1:21:8b:37:fe:fd:4d:5c:
                    16:a3:ba:4d:73:70:4d:c1:fa:a7:95:71:7a:8e:ab:
                    0f:92:11:fb:1c:c5:48:ee:b6:2d:e5:1c:0f:b5:f5:
                    37:4a:f3:f0:0e:92:6a:f3:c2:b4:11:d2:c9:43:9d:
                    ca:9e:bf:1e:9c:34:dc:95:8f:38:ba:74:e1:c5:f5:
                    ce:be:6b:2e:c4:d3:44:7f:8f:b9:7c:8a:57:c8:a7:
                    10:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:58:1A:9A:A2:2E:61:36:5C:66:6B:66:78:D0:07:5D:FE:34:46:40
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d5be2472-af1a-4957-889f-91229016b0c9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.223.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         61:15:ab:4c:3f:2f:56:b8:ff:3f:c5:90:21:ec:8c:69:62:45:
         92:35:4e:c8:e4:07:c1:55:62:88:ce:b9:d2:24:94:9d:e5:aa:
         fc:37:20:85:cc:9e:8e:d7:78:20:f0:93:45:79:bb:67:48:90:
         cc:59:9a:da:b2:76:31:fa:eb:58:78:36:b3:49:3d:39:9a:f3:
         31:ab:9d:04:b4:e7:d8:f0:16:fd:a5:de:fe:0e:73:96:b8:1c:
         fc:59:22:3a:4d:eb:9a:3b:8f:7c:16:61:51:a1:0e:6c:12:0b:
         9a:fa:67:69:30:3e:0e:00:d0:0d:80:ab:c0:e8:39:00:cd:61:
         08:83:38:ac:7e:96:29:a5:66:aa:42:f8:88:78:b3:60:48:0b:
         32:32:a1:d8:ac:f3:06:1b:39:71:3a:21:30:75:a4:d5:b7:f5:
         18:33:ec:c2:99:f8:ca:c3:32:64:65:17:63:91:cd:d1:1b:a1:
         f3:77:54:24:c6:aa:e6:b5:17:b5:48:aa:2c:77:5f:09:88:2b:
         fb:23:52:38:b5:5e:d0:82:a8:ee:14:e0:f5:0d:08:c7:90:01:
         d9:12:e7:a4:bf:31:b1:5e:80:71:5c:75:43:23:de:20:b4:01:
         ce:23:bd:55:ec:98:54:64:ce:03:a8:f2:94:6c:1d:a2:02:60:
         53:6e:d4:af
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUaVnxyZJUYh9RgT4ic3eFP91pH/wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA0MDAzNzMzWhcNMjUxMTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5YjljY2M3MDA0MWNkODUwMDViNzI4NDM5ZDBjNTdhN2U5
YjJkY2M3ZTdkY2Y0YjIxYjc1Y2JkNGIwYzM4NGFkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHq7sRbCk62KbggfdfWxTPqGlsnb8Jfe07hzfHZ4bgkyNh
jXPkgwQMyVUd4CXWJ6Pn25uujmefqAunu07ESZ7bijaNGLLUYZV9mXWx7NVV5Flg
dt369JumyolT5OIAKfvjwjKYBrLDhwleuHzPlEwBMqTphOSAiEEZdEic21kKDbk/
6slsyGzIwsBiA8CpvCiLSp6TPJ5UIsb5fruLPF+Lo7ZdG7I4QGDoNaOxIYs3/v1N
XBajuk1zcE3B+qeVcXqOqw+SEfscxUjuti3lHA+19TdK8/AOkmrzwrQR0slDncqe
vx6cNNyVjzi6dOHF9c6+ay7E00R/j7l8ilfIpxBFAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUiVgamqIuYTZcZmtmeNAHXf40RkAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q1YmUyNDcyLWFmMWEtNDk1Ny04ODlmLTkxMjI5MDE2YjBjOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCB3zANBgkqhkiG9w0BAQsFAAOCAQEAYRWrTD8vVrj/P8WQIeyMaWJFkjVO
yOQHwVViiM650iSUneWq/Dcghcyejtd4IPCTRXm7Z0iQzFma2rJ2MfrrWHg2s0k9
OZrzMaudBLTn2PAW/aXe/g5zlrgc/FkiOk3rmjuPfBZhUaEObBILmvpnaTA+DgDQ
DYCrwOg5AM1hCIM4rH6WKaVmqkL4iHizYEgLMjKh2KzzBhs5cTohMHWk1bf1GDPs
wpn4ysMyZGUXY5HN0Ruh83dUJMaq5rUXtUiqLHdfCYgr+yNSOLVe0IKo7hTg9Q0I
x5AB2RLnpL8xsV6AcVx1QyPeILQBziO9VeyYVGTOA6jylGwdogJgU27Urw==
-----END CERTIFICATE-----