Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e1f85432-f5d6-46bf-839b-ed4e9037cb30.roa
File:                     e1f85432-f5d6-46bf-839b-ed4e9037cb30.roa (raw, json)
Hash identifier:          Rh7tU6eTH2m8SCqrxzkriMDuKqI+vQVU/Lgs7V5Nxro=
Subject key identifier:   71:6B:59:9F:15:C6:AD:0B:5F:9F:F7:0F:96:5F:94:0D:C1:64:2E:DE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       73B83128455154A3C0D66476AC127E2AB199865E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e1f85432-f5d6-46bf-839b-ed4e9037cb30.roa
Signing time:             Sat 11 Oct 2025 00:41:56 +0000
ROA not before:           Sat 11 Oct 2025 00:41:56 +0000
ROA not after:            Sat 15 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.190.148.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:b8:31:28:45:51:54:a3:c0:d6:64:76:ac:12:7e:2a:b1:99:86:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 11 00:41:56 2025 GMT
            Not After : Nov 15 23:59:59 2025 GMT
        Subject: serialNumber=6a172d5cfd508e3e87e7247cabbb89027c17af0f63c13a31471f9f02cf4b630a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c9:fa:19:89:29:dd:81:c9:67:89:ed:c0:10:
                    86:f3:dc:c9:c0:83:3c:bc:9d:09:ef:5c:9b:c4:58:
                    68:44:41:47:5d:b2:2c:b5:fc:f3:23:f4:7b:fa:a8:
                    48:6c:ad:ef:b5:94:e5:b5:18:97:27:86:a2:eb:a9:
                    15:c6:f1:1e:b7:7a:cc:ef:ce:56:4b:48:14:c8:bd:
                    50:e1:4a:4a:16:ba:7a:3c:48:31:1e:79:be:f9:85:
                    74:7e:61:99:33:0a:e8:ce:9d:c1:6b:25:70:c2:37:
                    91:b5:d6:52:ef:1c:3c:65:42:08:51:1e:78:cf:f9:
                    e4:dc:90:b0:83:ea:9b:9d:7c:cc:4f:63:9f:18:e2:
                    d7:f8:7e:6e:59:a6:59:e5:79:bc:2d:61:3c:ba:cc:
                    ed:01:a0:ee:15:95:72:49:92:5c:5a:d0:4f:3c:b7:
                    ea:a9:53:f2:74:49:d8:a6:19:54:34:29:30:df:ed:
                    11:60:57:17:2b:ef:bb:f8:fa:14:f6:e2:31:86:c7:
                    32:a7:0a:27:db:43:a7:d7:f0:76:a8:e3:7a:5c:8f:
                    24:8c:30:cc:37:c5:4e:c6:7a:8b:77:36:6a:e5:08:
                    8c:fb:91:1e:12:13:a4:53:5d:34:93:ae:2f:1d:39:
                    4f:0d:e4:58:3e:2b:3a:fb:2c:04:34:04:ea:19:b2:
                    db:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:6B:59:9F:15:C6:AD:0B:5F:9F:F7:0F:96:5F:94:0D:C1:64:2E:DE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e1f85432-f5d6-46bf-839b-ed4e9037cb30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.190.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:15:50:cf:5d:e2:93:a4:2a:9f:e9:b7:b8:7f:11:06:2c:28:
         33:fc:8c:cc:8b:06:c0:2d:d5:d7:e1:d9:f4:61:d3:56:e0:b6:
         f2:7a:a2:a3:76:7d:42:98:f8:5b:20:38:98:dd:a0:a2:28:b5:
         01:5c:22:87:7c:2e:98:0f:1e:29:f9:95:dc:92:db:7f:55:da:
         1b:47:a0:55:32:b0:cc:98:b6:41:4b:cb:6d:d4:98:4a:a7:14:
         15:ea:d3:69:63:fd:ff:f8:c2:10:17:91:9f:e4:7e:dd:c2:76:
         dd:4b:f3:c6:5e:74:06:86:c7:e0:70:ea:cc:7f:3d:2e:cb:b0:
         17:72:9b:36:5b:77:19:12:2c:a2:87:2a:0d:48:83:5d:9a:fb:
         f4:22:9d:09:56:77:99:28:b9:1c:51:89:44:75:20:d0:8f:fd:
         e4:0e:a2:e0:70:28:a4:65:93:c5:36:d0:7a:50:37:9f:a2:db:
         58:20:a1:21:7b:21:d8:50:e3:a4:b7:c3:9c:f1:b6:de:68:9d:
         0b:a0:a6:19:7c:b7:a5:c5:ee:05:e3:c0:2f:cd:f2:ec:fb:1a:
         93:d5:e7:a4:24:af:5d:03:89:7a:53:0a:eb:52:d9:14:11:96:
         cb:49:58:b3:e7:46:60:ff:e1:72:37:f4:68:de:96:c0:d1:1f:
         23:c2:bb:d1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUc7gxKEVRVKPA1mR2rBJ+KrGZhl4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDExMDA0MTU2WhcNMjUxMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A2YTE3MmQ1Y2ZkNTA4ZTNlODdlNzI0N2NhYmJiODkwMjdj
MTdhZjBmNjNjMTNhMzE0NzFmOWYwMmNmNGI2MzBhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9yfoZiSndgclnie3AEIbz3MnAgzy8nQnvXJvEWGhEQUdd
siy1/PMj9Hv6qEhsre+1lOW1GJcnhqLrqRXG8R63eszvzlZLSBTIvVDhSkoWuno8
SDEeeb75hXR+YZkzCujOncFrJXDCN5G11lLvHDxlQghRHnjP+eTckLCD6pudfMxP
Y58Y4tf4fm5ZplnlebwtYTy6zO0BoO4VlXJJklxa0E88t+qpU/J0SdimGVQ0KTDf
7RFgVxcr77v4+hT24jGGxzKnCifbQ6fX8Hao43pcjySMMMw3xU7Geot3NmrlCIz7
kR4SE6RTXTSTri8dOU8N5Fg+Kzr7LAQ0BOoZstsjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcWtZnxXGrQtfn/cPll+UDcFkLt4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UxZjg1NDMyLWY1ZDYtNDZiZi04MzliLWVkNGU5MDM3Y2IzMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABAvpQwDQYJKoZIhvcNAQELBQADggEBAHEVUM9d4pOkKp/pt7h/EQYsKDP8
jMyLBsAt1dfh2fRh01bgtvJ6oqN2fUKY+FsgOJjdoKIotQFcIod8LpgPHin5ldyS
239V2htHoFUysMyYtkFLy23UmEqnFBXq02lj/f/4whAXkZ/kft3Cdt1L88ZedAaG
x+Bw6sx/PS7LsBdymzZbdxkSLKKHKg1Ig12a+/QinQlWd5kouRxRiUR1INCP/eQO
ouBwKKRlk8U20HpQN5+i21ggoSF7IdhQ46S3w5zxtt5onQugphl8t6XF7gXjwC/N
8uz7GpPV56Qkr10DiXpTCutS2RQRlstJWLPnRmD/4XI39GjelsDRHyPCu9E=
-----END CERTIFICATE-----