Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2efa47b-abae-4edd-bc60-e8042483c05d.roa
File:                     e2efa47b-abae-4edd-bc60-e8042483c05d.roa (raw, json)
Hash identifier:          pfgbOJehJgFGsTeRX9Ulf+V0u0CGQJaJwaU/CblZOVA=
Subject key identifier:   BC:21:27:0C:FD:8D:98:90:F6:AB:69:1F:1A:B9:B4:C0:41:D8:0F:46
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2BEC201FF553DB2EAC576B4E26625084D9C29470
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2efa47b-abae-4edd-bc60-e8042483c05d.roa
Signing time:             Sat 27 Sep 2025 00:42:19 +0000
ROA not before:           Sat 27 Sep 2025 00:42:19 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        96.0.100.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:ec:20:1f:f5:53:db:2e:ac:57:6b:4e:26:62:50:84:d9:c2:94:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 27 00:42:19 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=56c0c5ed6d406c1f969920ac287eb91d1165b9e38ffb6aae7d3e592ccac3e3e7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:27:b2:85:ac:f3:47:81:5e:c1:e8:12:39:2a:
                    98:f0:01:a2:98:1e:7d:0c:44:37:cc:e7:be:b9:81:
                    33:54:41:1a:5f:46:e3:17:0d:1b:d8:f0:fa:9c:70:
                    dc:29:c5:b6:36:42:f9:09:88:99:11:bd:8f:21:4b:
                    df:84:75:d6:cd:7b:81:bd:b0:d0:bd:1f:22:9e:ca:
                    d4:19:fc:a8:1c:f1:96:2c:50:a1:0b:c9:32:d0:39:
                    f8:29:77:60:cd:6d:f6:7c:ed:55:dc:9d:99:8d:43:
                    20:93:26:7b:64:fe:4b:ce:71:ef:84:33:b2:eb:26:
                    5b:e4:8d:4d:a0:75:40:b6:46:c8:d1:ee:80:36:ea:
                    61:34:3c:de:3c:02:ac:9f:d9:0b:5f:24:5e:86:6f:
                    e3:94:ee:17:3d:1c:1b:64:03:92:56:73:c0:4d:e9:
                    0a:8a:b9:f8:bf:71:2d:27:6b:c7:9c:26:f3:b1:c9:
                    06:ad:42:49:e3:ee:5d:78:cb:84:0a:8a:e9:1c:3d:
                    b7:52:16:c8:5b:03:29:28:40:d9:fc:24:b4:af:a0:
                    a0:6d:b0:72:60:3a:7b:ce:53:07:eb:14:fb:c8:89:
                    db:2b:69:a3:3e:9e:96:7b:38:7e:ad:1e:a7:97:82:
                    15:d2:92:05:83:aa:ab:03:51:a2:27:49:ee:1b:16:
                    f1:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:21:27:0C:FD:8D:98:90:F6:AB:69:1F:1A:B9:B4:C0:41:D8:0F:46
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2efa47b-abae-4edd-bc60-e8042483c05d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.0.100.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5f:f1:60:4f:a0:b1:ae:2a:d6:4f:07:91:8d:86:8e:76:3e:96:
         52:9e:35:c0:e9:3b:57:d9:a0:16:30:3b:93:43:c5:26:fe:ac:
         cb:6b:73:28:07:19:c7:42:cc:9a:3d:a1:a5:30:dc:5a:3a:b4:
         d7:97:cf:90:fe:da:99:bd:6f:2f:80:29:45:b7:77:a4:4c:85:
         31:2f:15:24:ef:67:0e:9f:de:df:5f:28:af:8d:81:c2:bb:f4:
         85:0d:40:6c:cf:e5:79:1d:19:18:73:c0:a8:0a:1d:71:91:a3:
         cc:53:b2:b3:e8:af:a2:3e:05:9d:05:3e:3e:76:62:43:ca:c5:
         bf:df:3e:99:a0:64:aa:8c:9a:cc:b3:59:44:1e:e6:71:92:48:
         34:11:1a:af:ca:95:d5:d2:d1:78:8b:61:d2:1f:c0:16:ca:9e:
         39:a5:1d:9b:c7:ca:1f:e9:db:42:61:8d:68:52:fa:74:5c:3b:
         12:4d:a6:7e:54:31:bf:83:a4:c7:fa:ce:f0:5b:b4:27:ee:d5:
         c0:f3:10:f4:90:c0:80:cb:c6:19:07:b9:18:fc:4a:3d:1d:bc:
         9c:4a:2f:d7:cd:9c:8a:0f:c1:d6:a0:7e:44:b0:a3:4d:bb:b7:
         ec:1d:89:3b:13:41:85:99:4d:d9:e0:ed:4b:5a:33:72:78:1a:
         ac:4b:4e:fa
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUK+wgH/VT2y6sV2tOJmJQhNnClHAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI3MDA0MjE5WhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NmMwYzVlZDZkNDA2YzFmOTY5OTIwYWMyODdlYjkxZDEx
NjViOWUzOGZmYjZhYWU3ZDNlNTkyY2NhYzNlM2U3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjJ7KFrPNHgV7B6BI5KpjwAaKYHn0MRDfM5765gTNUQRpf
RuMXDRvY8PqccNwpxbY2QvkJiJkRvY8hS9+EddbNe4G9sNC9HyKeytQZ/Kgc8ZYs
UKELyTLQOfgpd2DNbfZ87VXcnZmNQyCTJntk/kvOce+EM7LrJlvkjU2gdUC2RsjR
7oA26mE0PN48Aqyf2QtfJF6Gb+OU7hc9HBtkA5JWc8BN6QqKufi/cS0na8ecJvOx
yQatQknj7l14y4QKiukcPbdSFshbAykoQNn8JLSvoKBtsHJgOnvOUwfrFPvIidsr
aaM+npZ7OH6tHqeXghXSkgWDqqsDUaInSe4bFvFLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvCEnDP2NmJD2q2kfGrm0wEHYD0YwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UyZWZhNDdiLWFiYWUtNGVkZC1iYzYwLWU4MDQyNDgzYzA1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFgAGQwDQYJKoZIhvcNAQELBQADggEBAF/xYE+gsa4q1k8HkY2GjnY+llKe
NcDpO1fZoBYwO5NDxSb+rMtrcygHGcdCzJo9oaUw3Fo6tNeXz5D+2pm9by+AKUW3
d6RMhTEvFSTvZw6f3t9fKK+NgcK79IUNQGzP5XkdGRhzwKgKHXGRo8xTsrPor6I+
BZ0FPj52YkPKxb/fPpmgZKqMmsyzWUQe5nGSSDQRGq/KldXS0XiLYdIfwBbKnjml
HZvHyh/p20JhjWhS+nRcOxJNpn5UMb+DpMf6zvBbtCfu1cDzEPSQwIDLxhkHuRj8
Sj0dvJxKL9fNnIoPwdagfkSwo027t+wdiTsTQYWZTdng7UtaM3J4GqxLTvo=
-----END CERTIFICATE-----