Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da2018ac-b866-486c-b428-f94e6186b0db.roa
File:                     da2018ac-b866-486c-b428-f94e6186b0db.roa (raw, json)
Hash identifier:          EmKRwZguwti8ACbNbDRk5tG54SKDZCRRaIKqsQ5kn80=
Subject key identifier:   46:C3:CF:90:E6:10:93:0F:4E:AC:62:AA:93:90:80:73:8D:96:70:CE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       34302069763F59D7915141F2CC342929961C6699
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da2018ac-b866-486c-b428-f94e6186b0db.roa
Signing time:             Sat 11 Oct 2025 00:39:52 +0000
ROA not before:           Sat 11 Oct 2025 00:39:52 +0000
ROA not after:            Sat 15 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        207.21.232.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:30:20:69:76:3f:59:d7:91:51:41:f2:cc:34:29:29:96:1c:66:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 11 00:39:52 2025 GMT
            Not After : Nov 15 23:59:59 2025 GMT
        Subject: serialNumber=e5513f76cf0e594e864598947ed9d7a4ab3e612c8160a306e56ea6a9030d1be1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:f8:99:14:75:cb:5d:49:48:0a:43:ab:99:90:
                    b3:da:1d:d7:6c:8f:e1:96:b2:ea:62:9a:84:63:cc:
                    79:ef:06:d0:ce:49:e0:f2:a1:21:85:a2:29:58:0c:
                    b2:c3:6a:b0:a0:25:5f:dd:4b:0d:0c:4b:d9:ae:b0:
                    66:ee:51:dc:7b:64:93:a1:64:03:23:28:64:ee:99:
                    d5:76:c1:71:74:e2:ba:da:9a:49:02:fd:2d:6a:5c:
                    36:aa:ab:3b:bf:78:15:18:48:00:51:7d:8f:69:81:
                    0d:51:1b:e8:90:dc:e1:c6:56:bc:48:d8:ff:4d:6f:
                    d5:80:5a:e1:6d:61:17:22:aa:87:b8:f9:c6:d8:ca:
                    d1:c0:d9:0b:75:ef:b9:ab:fb:00:06:53:be:7d:90:
                    a3:c7:89:b0:b8:ce:df:c6:74:1f:60:3d:8f:95:b1:
                    a5:e5:ee:70:6a:85:0c:35:19:76:d0:ae:74:9a:a2:
                    b5:19:c9:b1:85:80:0a:1a:00:e5:10:2d:a6:5c:78:
                    a3:6a:de:90:23:3c:01:34:68:8f:f5:9e:1d:4d:a8:
                    b1:bf:9e:56:d3:6d:47:03:f6:79:dc:42:79:84:7c:
                    cf:eb:a7:d7:75:86:0f:3e:ac:12:c8:92:2d:a0:74:
                    13:ce:02:06:37:92:6b:dc:66:7b:08:ff:dd:3f:79:
                    cf:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:C3:CF:90:E6:10:93:0F:4E:AC:62:AA:93:90:80:73:8D:96:70:CE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da2018ac-b866-486c-b428-f94e6186b0db.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.21.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:56:01:48:29:97:69:53:c2:ac:db:69:b3:cd:1b:ee:aa:04:
         89:de:4c:45:41:e1:6d:65:a5:33:31:03:d7:b1:19:4e:a4:a2:
         63:be:f2:ae:60:28:4e:31:ba:51:61:04:54:20:11:ce:fb:5c:
         40:c3:28:df:e1:33:b2:74:8d:ca:a8:6b:fd:32:6c:43:c4:0a:
         eb:9a:58:a1:ae:ff:54:ca:cd:c4:c3:8c:c0:25:f6:48:cd:41:
         ee:44:f9:06:61:ba:64:77:69:47:a8:2d:f2:92:ce:9a:42:ed:
         9f:07:ed:eb:34:e5:a7:7b:08:65:75:c0:a9:6a:bb:d0:70:66:
         ba:39:11:66:19:c3:5a:d7:f8:28:1f:d7:6b:a1:df:b0:4a:8a:
         3b:80:a3:75:a6:cd:65:c0:02:4e:c3:5b:cf:f1:05:a1:29:eb:
         3d:ca:d9:9d:6d:97:2c:cd:ad:d4:bb:41:1e:59:df:76:5a:41:
         50:c3:a4:83:ba:a7:b9:38:ca:6e:96:a7:a5:a4:f8:09:9c:bc:
         0f:9f:27:17:7c:54:f6:04:4d:9c:e5:1f:c8:48:18:49:7a:49:
         af:8f:83:45:40:74:d4:0a:7f:b3:6a:02:de:df:c8:13:cb:c1:
         df:ca:10:94:d3:e9:a1:23:db:01:a1:f7:69:20:fd:ce:9e:45:
         ad:74:16:71
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNDAgaXY/WdeRUUHyzDQpKZYcZpkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDExMDAzOTUyWhcNMjUxMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNTUxM2Y3NmNmMGU1OTRlODY0NTk4OTQ3ZWQ5ZDdhNGFi
M2U2MTJjODE2MGEzMDZlNTZlYTZhOTAzMGQxYmUxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDi+JkUdctdSUgKQ6uZkLPaHddsj+GWsupimoRjzHnvBtDO
SeDyoSGFoilYDLLDarCgJV/dSw0MS9musGbuUdx7ZJOhZAMjKGTumdV2wXF04rra
mkkC/S1qXDaqqzu/eBUYSABRfY9pgQ1RG+iQ3OHGVrxI2P9Nb9WAWuFtYRciqoe4
+cbYytHA2Qt177mr+wAGU759kKPHibC4zt/GdB9gPY+VsaXl7nBqhQw1GXbQrnSa
orUZybGFgAoaAOUQLaZceKNq3pAjPAE0aI/1nh1NqLG/nlbTbUcD9nncQnmEfM/r
p9d1hg8+rBLIki2gdBPOAgY3kmvcZnsI/90/ec9JAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURsPPkOYQkw9OrGKqk5CAc42WcM4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RhMjAxOGFjLWI4NjYtNDg2Yy1iNDI4LWY5NGU2MTg2YjBkYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBALPFegwDQYJKoZIhvcNAQELBQADggEBAJZWAUgpl2lTwqzbabPNG+6qBIne
TEVB4W1lpTMxA9exGU6komO+8q5gKE4xulFhBFQgEc77XEDDKN/hM7J0jcqoa/0y
bEPECuuaWKGu/1TKzcTDjMAl9kjNQe5E+QZhumR3aUeoLfKSzppC7Z8H7es05ad7
CGV1wKlqu9BwZro5EWYZw1rX+Cgf12uh37BKijuAo3WmzWXAAk7DW8/xBaEp6z3K
2Z1tlyzNrdS7QR5Z33ZaQVDDpIO6p7k4ym6Wp6Wk+AmcvA+fJxd8VPYETZzlH8hI
GEl6Sa+Pg0VAdNQKf7NqAt7fyBPLwd/KEJTT6aEj2wGh92kg/c6eRa10FnE=
-----END CERTIFICATE-----