Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dfa2fd02-5f23-4780-a0fc-7db70709ecad.roa
File:                     dfa2fd02-5f23-4780-a0fc-7db70709ecad.roa (raw, json)
Hash identifier:          9D2XL3qUvTuzdmFtKmKupDt1nV4YmiQtEk/W7wbpAD0=
Subject key identifier:   D7:40:3D:56:83:3F:A1:3D:E1:72:1D:64:96:27:98:59:E1:32:B2:86
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       14D09E93D31B00EEDCF361FEA0D6EBB68BB8A1A0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dfa2fd02-5f23-4780-a0fc-7db70709ecad.roa
Signing time:             Sat 11 Oct 2025 00:39:58 +0000
ROA not before:           Sat 11 Oct 2025 00:39:58 +0000
ROA not after:            Sat 15 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        209.196.156.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:d0:9e:93:d3:1b:00:ee:dc:f3:61:fe:a0:d6:eb:b6:8b:b8:a1:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 11 00:39:58 2025 GMT
            Not After : Nov 15 23:59:59 2025 GMT
        Subject: serialNumber=ee9b46bd754f8dbdc99adf89f497aa4aa85f877c9adbf5e09a6f4c3fd1ed04bc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:fa:60:7d:11:db:bc:31:53:bb:f6:b7:72:09:
                    d7:5e:63:b3:77:26:8d:4a:66:3f:a1:57:4e:ef:55:
                    1d:25:3c:d9:10:e3:85:84:de:39:d0:53:71:a2:a8:
                    ad:43:54:21:36:53:df:93:c3:9b:19:47:c9:18:c2:
                    15:39:9c:3a:1c:0f:74:f2:21:95:fd:81:00:55:5e:
                    bf:d7:a9:12:52:ff:f8:99:c5:c1:5f:6a:b5:17:95:
                    b2:5e:a9:ab:31:a1:ab:88:eb:6c:44:ca:8d:55:8b:
                    c0:b1:e3:6b:fd:f7:0e:0f:6f:9a:3e:89:a2:d3:85:
                    18:fe:ed:ab:d6:82:ad:5f:3c:83:00:56:73:a7:43:
                    f8:4d:9e:12:91:84:e8:bd:27:be:be:db:cd:48:9d:
                    a7:87:30:15:20:7b:21:59:fb:0d:39:0e:b9:c9:c0:
                    83:82:5e:a2:c1:69:48:c8:87:a5:e1:3d:c4:94:bf:
                    d2:4c:f4:89:a7:11:38:9f:c5:fa:42:2d:58:54:e5:
                    6c:2e:26:a3:6a:70:9c:85:2e:ca:8c:3f:e7:51:87:
                    c5:fe:eb:02:3d:f4:e9:88:cb:04:41:f3:1b:3a:b8:
                    a8:c3:be:b5:3b:1b:86:82:92:ac:ca:bb:0b:3b:3a:
                    e3:cd:98:09:04:12:8a:d8:f7:73:17:43:05:63:43:
                    d1:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:40:3D:56:83:3F:A1:3D:E1:72:1D:64:96:27:98:59:E1:32:B2:86
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dfa2fd02-5f23-4780-a0fc-7db70709ecad.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.196.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:2c:d3:42:cb:e5:d3:bd:b6:a9:b1:89:a4:04:a3:b8:92:09:
         c7:4c:5d:26:0c:af:d2:1c:95:b1:e2:b4:df:02:21:ea:07:19:
         40:cc:0a:52:97:59:04:9f:27:b5:e9:40:28:52:2c:8f:b3:2a:
         58:61:1b:42:4f:e8:2d:4f:1a:52:2d:93:fe:db:38:ab:bf:a6:
         89:68:bd:5d:5d:de:9d:f3:d8:c6:f8:ae:4a:4d:7a:5a:cf:9f:
         88:7f:ab:2c:b1:53:c0:60:87:e8:dd:2a:5f:dc:73:ee:23:c5:
         48:ca:f3:a7:2a:bb:cf:55:e2:70:02:9e:32:37:de:32:17:ce:
         88:54:63:c2:30:aa:96:dc:fc:7f:16:c1:fd:dd:0b:ea:3e:ce:
         cc:b9:04:7d:72:0a:a8:e2:e9:66:1d:96:04:05:06:e2:ee:0d:
         e7:f9:87:f9:4a:32:11:d5:e4:80:8c:c0:f7:84:e6:ea:ed:04:
         aa:9a:85:78:1e:69:cd:c7:14:39:3a:8b:59:b1:54:3f:e8:06:
         fd:20:c4:d7:b2:2e:c4:99:93:6a:61:b2:bf:6a:f7:ae:4b:e7:
         88:36:95:af:38:78:d9:16:1f:5e:dc:0b:db:8b:b0:e1:2a:b9:
         7d:af:a4:a6:04:f6:6d:05:e7:d3:4e:1d:3b:9b:23:f0:ae:24:
         db:02:53:75
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFNCek9MbAO7c82H+oNbrtou4oaAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDExMDAzOTU4WhcNMjUxMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZTliNDZiZDc1NGY4ZGJkYzk5YWRmODlmNDk3YWE0YWE4
NWY4NzdjOWFkYmY1ZTA5YTZmNGMzZmQxZWQwNGJjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCw+mB9Edu8MVO79rdyCddeY7N3Jo1KZj+hV07vVR0lPNkQ
44WE3jnQU3GiqK1DVCE2U9+Tw5sZR8kYwhU5nDocD3TyIZX9gQBVXr/XqRJS//iZ
xcFfarUXlbJeqasxoauI62xEyo1Vi8Cx42v99w4Pb5o+iaLThRj+7avWgq1fPIMA
VnOnQ/hNnhKRhOi9J76+281InaeHMBUgeyFZ+w05DrnJwIOCXqLBaUjIh6XhPcSU
v9JM9ImnETifxfpCLVhU5WwuJqNqcJyFLsqMP+dRh8X+6wI99OmIywRB8xs6uKjD
vrU7G4aCkqzKuws7OuPNmAkEEorY93MXQwVjQ9FJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU10A9VoM/oT3hch1klieYWeEysoYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RmYTJmZDAyLTVmMjMtNDc4MC1hMGZjLTdkYjcwNzA5ZWNhZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBALRxJwwDQYJKoZIhvcNAQELBQADggEBABYs00LL5dO9tqmxiaQEo7iSCcdM
XSYMr9IclbHitN8CIeoHGUDMClKXWQSfJ7XpQChSLI+zKlhhG0JP6C1PGlItk/7b
OKu/polovV1d3p3z2Mb4rkpNelrPn4h/qyyxU8Bgh+jdKl/cc+4jxUjK86cqu89V
4nACnjI33jIXzohUY8Iwqpbc/H8Wwf3dC+o+zsy5BH1yCqji6WYdlgQFBuLuDef5
h/lKMhHV5ICMwPeE5urtBKqahXgeac3HFDk6i1mxVD/oBv0gxNeyLsSZk2phsr9q
965L54g2la84eNkWH17cC9uLsOEquX2vpKYE9m0F59NOHTubI/CuJNsCU3U=
-----END CERTIFICATE-----