Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2a09846-443b-40e8-960d-92a8061d00c7.roa
File:                     e2a09846-443b-40e8-960d-92a8061d00c7.roa (raw, json)
Hash identifier:          M/ZCD13wl0M/7o8A7ZH/Dsn2t9lQ5WSWxHtyxwGN6Hw=
Subject key identifier:   4C:8C:48:10:DE:DA:2D:64:FC:A5:9D:30:EC:ED:5D:E1:51:B2:A7:F1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       05ACF591452ACC0EF725C4DC4EFE5FF46F6E4262
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2a09846-443b-40e8-960d-92a8061d00c7.roa
Signing time:             Wed 01 Oct 2025 00:41:54 +0000
ROA not before:           Wed 01 Oct 2025 00:41:54 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.66.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:ac:f5:91:45:2a:cc:0e:f7:25:c4:dc:4e:fe:5f:f4:6f:6e:42:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:41:54 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=e53d9d5e23593e160d0a5e49621712e3aa81f7a861829c6e28a76ea8c865f6b6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:ef:88:2d:49:41:fd:d8:c9:b7:00:32:ef:c8:
                    b8:8f:48:73:09:e2:aa:e5:8e:e2:10:f4:2b:99:2c:
                    06:2c:4b:9a:00:c6:33:ed:ff:70:24:b9:ff:15:05:
                    bd:84:3b:8e:af:bd:77:54:a3:1b:18:4f:4f:4c:e7:
                    5f:19:e3:7f:1a:ec:50:43:fc:ed:3c:1e:d6:40:b6:
                    1c:26:17:72:9a:29:cc:f1:57:f0:b2:64:3e:17:b2:
                    dd:a3:99:cd:03:e5:f0:86:83:62:7d:f5:f5:ff:96:
                    b4:61:79:5d:09:6d:8b:ab:ce:f7:c8:2a:2e:b2:8b:
                    60:b3:43:c0:23:61:f6:74:e8:52:ce:fb:ac:ee:4c:
                    37:29:7b:8d:c9:7e:40:6e:fa:27:e1:99:d8:f4:df:
                    42:33:62:af:c8:8a:f9:d8:2b:70:33:51:13:67:2f:
                    f0:d4:92:e1:86:3b:60:27:e3:2d:7f:c9:8a:9e:bd:
                    24:1b:6a:05:57:8e:2f:17:be:33:84:52:5d:b0:c3:
                    58:f0:0d:b2:c5:9e:4d:ca:ac:07:b6:91:57:57:70:
                    e6:2a:ef:7e:3d:4c:7e:f2:51:29:6c:db:00:b6:0a:
                    9a:64:9e:af:43:d5:f7:1d:2a:59:df:0e:be:73:99:
                    48:9b:64:d7:fe:f3:95:bb:39:7b:ef:75:f3:3d:ae:
                    0f:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:8C:48:10:DE:DA:2D:64:FC:A5:9D:30:EC:ED:5D:E1:51:B2:A7:F1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2a09846-443b-40e8-960d-92a8061d00c7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:e5:7c:6b:4a:59:18:33:65:a9:2f:d7:3f:d8:7c:2a:bf:32:
         10:c7:36:38:23:1d:13:68:84:c2:0f:8b:33:40:1e:c1:fb:8b:
         ee:33:7c:39:b8:5c:90:1b:3f:9c:91:f1:e7:78:b7:67:b4:39:
         3b:5d:a5:3e:a1:e9:83:1f:84:3f:9b:6a:7e:ee:32:0d:59:88:
         d4:59:ec:b9:21:f1:7a:85:6e:a5:ee:ee:d2:81:59:e5:9a:6c:
         73:76:1a:26:a0:45:55:a3:62:38:a8:a9:c9:64:f4:fb:a4:2f:
         5a:dc:7a:96:56:94:56:38:93:cd:e4:5d:91:b2:b0:82:b9:85:
         f3:95:8d:e4:9a:91:eb:ab:cf:78:91:03:d3:88:21:5c:5d:67:
         8b:41:15:34:89:6a:91:11:9e:ca:93:47:f8:2c:0d:65:c8:62:
         4d:35:be:95:3b:e8:65:f6:ac:ac:96:66:1c:35:d9:da:8e:ea:
         76:1a:50:9b:c9:a4:f6:54:d8:91:a3:26:be:dc:ee:80:e6:89:
         f8:5d:06:28:5e:d1:8f:f5:46:4b:9f:ec:ad:0a:8c:63:3e:d6:
         2b:ae:60:e9:93:12:69:d3:dd:50:96:cb:80:93:53:34:77:1b:
         fa:52:43:d6:00:52:21:37:34:9b:c8:c9:95:16:d3:ee:fe:3b:
         57:92:2d:7f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBaz1kUUqzA73JcTcTv5f9G9uQmIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDA0MTU0WhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNTNkOWQ1ZTIzNTkzZTE2MGQwYTVlNDk2MjE3MTJlM2Fh
ODFmN2E4NjE4MjljNmUyOGE3NmVhOGM4NjVmNmI2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDm74gtSUH92Mm3ADLvyLiPSHMJ4qrljuIQ9CuZLAYsS5oA
xjPt/3Akuf8VBb2EO46vvXdUoxsYT09M518Z438a7FBD/O08HtZAthwmF3KaKczx
V/CyZD4Xst2jmc0D5fCGg2J99fX/lrRheV0JbYurzvfIKi6yi2CzQ8AjYfZ06FLO
+6zuTDcpe43JfkBu+ifhmdj030IzYq/IivnYK3AzURNnL/DUkuGGO2An4y1/yYqe
vSQbagVXji8XvjOEUl2ww1jwDbLFnk3KrAe2kVdXcOYq7349TH7yUSls2wC2Cppk
nq9D1fcdKlnfDr5zmUibZNf+85W7OXvvdfM9rg/vAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTIxIEN7aLWT8pZ0w7O1d4VGyp/EwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UyYTA5ODQ2LTQ0M2ItNDBlOC05NjBkLTkyYTgwNjFkMDBjNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/EIwDQYJKoZIhvcNAQELBQADggEBAILlfGtKWRgzZakv1z/YfCq/MhDH
NjgjHRNohMIPizNAHsH7i+4zfDm4XJAbP5yR8ed4t2e0OTtdpT6h6YMfhD+ban7u
Mg1ZiNRZ7Lkh8XqFbqXu7tKBWeWabHN2GiagRVWjYjioqclk9PukL1rcepZWlFY4
k83kXZGysIK5hfOVjeSakeurz3iRA9OIIVxdZ4tBFTSJapERnsqTR/gsDWXIYk01
vpU76GX2rKyWZhw12dqO6nYaUJvJpPZU2JGjJr7c7oDmifhdBihe0Y/1Rkuf7K0K
jGM+1iuuYOmTEmnT3VCWy4CTUzR3G/pSQ9YAUiE3NJvIyZUW0+7+O1eSLX8=
-----END CERTIFICATE-----