Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8752aa3-1736-46a6-af08-1ff1a107c6fb.roa
File:                     d8752aa3-1736-46a6-af08-1ff1a107c6fb.roa (raw, json)
Hash identifier:          5z9tBaKyau3jVTNgH+1OQ6pT9vrDGcDkmfKhY/dyLv0=
Subject key identifier:   94:DD:67:0A:FD:32:E3:09:28:4B:FB:12:69:9E:7B:97:EF:0C:A2:B7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       59B880D67C5B56D86BA87BFC99EF48414FFC8FBE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8752aa3-1736-46a6-af08-1ff1a107c6fb.roa
Signing time:             Sat 11 Oct 2025 00:41:57 +0000
ROA not before:           Sat 11 Oct 2025 00:41:57 +0000
ROA not after:            Sat 15 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.190.84.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:b8:80:d6:7c:5b:56:d8:6b:a8:7b:fc:99:ef:48:41:4f:fc:8f:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 11 00:41:57 2025 GMT
            Not After : Nov 15 23:59:59 2025 GMT
        Subject: serialNumber=95220220a5fc360a5861b6e0b7554c7edcde08599a8f1b86108a39eb783b69de, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:3a:6d:ae:31:83:2d:9d:7f:09:22:a3:84:1b:
                    d1:ef:bc:1c:ec:72:4b:77:e7:88:fe:34:c7:bb:5c:
                    a7:f6:35:93:83:f6:f7:d4:b6:0a:37:f4:f8:b4:e2:
                    64:24:a4:b0:d0:a4:75:51:98:8a:5d:2c:0c:90:81:
                    e8:c6:6d:6e:f8:d5:25:40:45:4f:51:a2:03:65:e8:
                    e6:59:c9:64:15:bf:98:fc:08:bd:30:c0:19:8c:80:
                    0e:5c:24:38:e5:fd:f7:1f:4e:20:35:a0:12:57:75:
                    b9:89:10:a7:2b:51:2f:79:55:2d:f1:a7:40:64:15:
                    ff:02:b2:00:5a:6f:09:27:2c:97:4f:70:09:d3:06:
                    dc:ce:c6:02:9f:d7:e8:ea:85:3d:a3:d4:0c:13:9d:
                    2a:21:e8:90:09:02:0b:83:63:e6:13:90:96:01:94:
                    3d:ec:c2:74:aa:67:c3:3c:25:fa:14:ee:5d:9d:6f:
                    99:34:d2:f1:84:5c:a3:2f:a7:53:63:7d:22:a3:03:
                    09:db:b4:32:26:71:e5:f2:02:ab:95:96:ec:bc:86:
                    2f:f9:9a:9f:d8:05:45:65:07:67:27:7e:0b:79:a0:
                    d8:83:29:05:47:f4:78:28:c4:5a:22:65:4b:52:f6:
                    eb:0b:af:7c:d9:3f:a9:3a:54:9f:1f:14:50:27:37:
                    77:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:DD:67:0A:FD:32:E3:09:28:4B:FB:12:69:9E:7B:97:EF:0C:A2:B7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8752aa3-1736-46a6-af08-1ff1a107c6fb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.190.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:ca:e3:3a:4a:de:fc:c0:b9:01:ff:c1:49:2a:60:26:44:4a:
         c0:28:9b:c1:ce:99:05:c7:4f:4a:c6:5f:4a:4b:3d:e9:8d:3f:
         11:4d:5a:be:12:85:b9:dc:c0:02:85:44:10:bd:b6:80:af:33:
         21:77:c6:06:d1:29:32:18:dc:84:a4:12:7b:1f:2b:8e:af:50:
         c4:7b:03:d2:1f:03:21:45:6b:01:ce:c7:08:b5:36:cb:49:74:
         d1:64:2a:15:ed:89:00:ca:97:06:b7:eb:71:c2:e1:f2:cc:2a:
         d5:b7:8d:80:44:0c:43:d9:ea:90:c8:af:5a:62:89:75:0b:09:
         d9:f6:cc:1d:f5:8b:2b:46:86:c6:82:cd:47:cf:f1:cd:24:0a:
         16:2b:6f:9b:0c:01:c6:30:2f:7b:56:21:43:07:1f:72:1c:c0:
         b0:60:38:b6:fe:f5:dd:f3:7c:e4:02:43:cd:aa:ad:8a:63:78:
         ea:e7:7a:29:84:ee:d5:0e:8f:8d:31:f7:75:67:9a:de:47:89:
         2c:6c:8c:35:4d:55:b2:df:cd:4d:9b:a7:b3:ff:03:32:69:ce:
         b7:ed:69:1b:2e:9b:4b:f6:c5:52:a1:d2:af:b0:e0:67:49:da:
         0f:f8:d5:70:33:10:a8:31:a9:d0:33:df:c1:b3:39:47:04:16:
         f6:5c:93:71
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWbiA1nxbVthrqHv8me9IQU/8j74wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDExMDA0MTU3WhcNMjUxMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NTIyMDIyMGE1ZmMzNjBhNTg2MWI2ZTBiNzU1NGM3ZWRj
ZGUwODU5OWE4ZjFiODYxMDhhMzllYjc4M2I2OWRlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuOm2uMYMtnX8JIqOEG9HvvBzsckt354j+NMe7XKf2NZOD
9vfUtgo39Pi04mQkpLDQpHVRmIpdLAyQgejGbW741SVARU9RogNl6OZZyWQVv5j8
CL0wwBmMgA5cJDjl/fcfTiA1oBJXdbmJEKcrUS95VS3xp0BkFf8CsgBabwknLJdP
cAnTBtzOxgKf1+jqhT2j1AwTnSoh6JAJAguDY+YTkJYBlD3swnSqZ8M8JfoU7l2d
b5k00vGEXKMvp1NjfSKjAwnbtDImceXyAquVluy8hi/5mp/YBUVlB2cnfgt5oNiD
KQVH9HgoxFoiZUtS9usLr3zZP6k6VJ8fFFAnN3cTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlN1nCv0y4wkoS/sSaZ57l+8MorcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q4NzUyYWEzLTE3MzYtNDZhNi1hZjA4LTFmZjFhMTA3YzZmYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJAvlQwDQYJKoZIhvcNAQELBQADggEBACXK4zpK3vzAuQH/wUkqYCZESsAo
m8HOmQXHT0rGX0pLPemNPxFNWr4ShbncwAKFRBC9toCvMyF3xgbRKTIY3ISkEnsf
K46vUMR7A9IfAyFFawHOxwi1NstJdNFkKhXtiQDKlwa363HC4fLMKtW3jYBEDEPZ
6pDIr1piiXULCdn2zB31iytGhsaCzUfP8c0kChYrb5sMAcYwL3tWIUMHH3IcwLBg
OLb+9d3zfOQCQ82qrYpjeOrneimE7tUOj40x93Vnmt5HiSxsjDVNVbLfzU2bp7P/
AzJpzrftaRsum0v2xVKh0q+w4GdJ2g/41XAzEKgxqdAz38GzOUcEFvZck3E=
-----END CERTIFICATE-----