Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dbc8700e-e39c-46ed-b212-3e8897a5b36d.roa
File:                     dbc8700e-e39c-46ed-b212-3e8897a5b36d.roa (raw, json)
Hash identifier:          bZl1pgLAevT/zIJadt4hy//lHW618yIjdPqYWe2jLQs=
Subject key identifier:   F8:55:EF:86:26:C9:B3:56:61:A9:64:33:6B:0B:90:99:C3:3B:CD:36
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       55A5E39524B7F4843278D53256BED3F59A0F9FE6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dbc8700e-e39c-46ed-b212-3e8897a5b36d.roa
Signing time:             Wed 01 Oct 2025 00:03:09 +0000
ROA not before:           Wed 01 Oct 2025 00:03:09 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        207.223.80.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:a5:e3:95:24:b7:f4:84:32:78:d5:32:56:be:d3:f5:9a:0f:9f:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:03:09 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=91fe72c90110219507dbfe16ab76414a1a9e2706274f45f5be220bc91d34b9f5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:56:21:e5:c0:53:4c:6e:cf:0d:c5:75:8f:b3:
                    93:0c:31:21:08:c8:94:a5:b1:f8:da:d9:24:48:76:
                    5f:3b:f8:a6:7f:3c:be:62:d2:3b:56:30:08:54:d8:
                    18:20:dc:44:ad:b6:17:c9:69:fa:cf:61:14:e6:bd:
                    c0:d5:1b:4c:57:2c:31:0a:d5:28:b3:fc:4d:5e:83:
                    e5:0b:ae:c6:a1:89:73:a9:93:d1:df:3d:e6:06:22:
                    c0:52:62:59:35:85:17:28:41:4a:c7:01:04:d2:22:
                    68:a6:50:26:96:c1:12:f6:5d:cb:91:20:8b:ef:d1:
                    b2:10:90:28:10:85:fc:93:f6:0a:ee:65:f6:68:83:
                    4c:b3:76:ac:b6:16:3c:08:51:f6:47:6b:43:a5:6d:
                    79:cd:23:6b:09:2e:51:9e:8a:86:cb:3f:1e:5b:42:
                    2e:25:c8:9a:92:13:74:f1:e8:13:68:cb:5c:c3:23:
                    77:30:c0:d7:ca:74:de:0b:7b:13:f5:c1:2b:42:c2:
                    91:c0:bf:c7:bb:96:2f:3e:4a:7b:14:54:6b:52:3a:
                    3e:e9:f8:a1:18:3f:0c:2c:c6:23:2a:9c:3d:16:fd:
                    2b:6d:f8:6f:e8:09:c8:0f:12:b3:2c:1c:14:b4:22:
                    b8:ad:14:ed:a2:ee:6d:ed:fe:35:09:98:61:f3:6b:
                    29:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:55:EF:86:26:C9:B3:56:61:A9:64:33:6B:0B:90:99:C3:3B:CD:36
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dbc8700e-e39c-46ed-b212-3e8897a5b36d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.223.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         bc:a1:7b:d8:b2:30:43:a0:bb:d2:54:a2:b7:f8:17:d1:c3:f9:
         2c:10:ec:97:05:62:19:4f:9a:2e:7d:5d:cf:b7:66:b1:4d:c7:
         5c:7d:e7:43:71:51:2e:fb:31:3a:73:20:af:4c:36:9e:ad:de:
         30:47:6e:16:07:e6:78:06:e2:0e:eb:a7:32:c7:dc:14:e5:9a:
         19:12:8d:e1:bf:37:f3:7f:d9:dc:75:38:9b:65:00:8b:5e:48:
         42:b4:78:11:0f:37:c9:95:c1:07:c5:06:fc:ed:3a:4f:dd:2c:
         3d:60:d0:1d:85:21:a7:f0:ff:35:cb:46:e4:c1:8a:06:a2:40:
         6d:38:8c:5a:10:ca:f5:3c:96:41:e4:d7:db:14:f0:5d:da:ca:
         56:c9:9c:2a:34:f8:de:35:6d:84:2a:3e:3f:91:23:83:d5:b9:
         93:01:bf:b3:85:6b:c9:13:ac:63:92:90:74:04:bd:e5:9c:67:
         41:3b:8a:16:47:d5:74:99:b9:17:3b:f9:eb:20:37:85:03:71:
         2f:19:2f:89:de:a1:9a:06:d8:37:4d:20:fc:c7:50:cf:c5:b8:
         77:d0:95:19:ea:81:81:98:6d:1e:33:09:11:4b:e6:aa:02:d3:
         ed:34:3a:d2:66:c6:06:7c:30:27:e2:19:3d:61:b9:f9:45:0e:
         18:f9:95:0a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVaXjlSS39IQyeNUyVr7T9ZoPn+YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDAwMzA5WhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MWZlNzJjOTAxMTAyMTk1MDdkYmZlMTZhYjc2NDE0YTFh
OWUyNzA2Mjc0ZjQ1ZjViZTIyMGJjOTFkMzRiOWY1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+ViHlwFNMbs8NxXWPs5MMMSEIyJSlsfja2SRIdl87+KZ/
PL5i0jtWMAhU2Bgg3EStthfJafrPYRTmvcDVG0xXLDEK1Siz/E1eg+ULrsahiXOp
k9HfPeYGIsBSYlk1hRcoQUrHAQTSImimUCaWwRL2XcuRIIvv0bIQkCgQhfyT9gru
ZfZog0yzdqy2FjwIUfZHa0OlbXnNI2sJLlGeiobLPx5bQi4lyJqSE3Tx6BNoy1zD
I3cwwNfKdN4LexP1wStCwpHAv8e7li8+SnsUVGtSOj7p+KEYPwwsxiMqnD0W/Stt
+G/oCcgPErMsHBS0IritFO2i7m3t/jUJmGHzaylbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+FXvhibJs1ZhqWQzawuQmcM7zTYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RiYzg3MDBlLWUzOWMtNDZlZC1iMjEyLTNlODg5N2E1YjM2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATP31AwDQYJKoZIhvcNAQELBQADggEBALyhe9iyMEOgu9JUorf4F9HD+SwQ
7JcFYhlPmi59Xc+3ZrFNx1x950NxUS77MTpzIK9MNp6t3jBHbhYH5ngG4g7rpzLH
3BTlmhkSjeG/N/N/2dx1OJtlAIteSEK0eBEPN8mVwQfFBvztOk/dLD1g0B2FIafw
/zXLRuTBigaiQG04jFoQyvU8lkHk19sU8F3aylbJnCo0+N41bYQqPj+RI4PVuZMB
v7OFa8kTrGOSkHQEveWcZ0E7ihZH1XSZuRc7+esgN4UDcS8ZL4neoZoG2DdNIPzH
UM/FuHfQlRnqgYGYbR4zCRFL5qoC0+00OtJmxgZ8MCfiGT1huflFDhj5lQo=
-----END CERTIFICATE-----