Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e32e9d70-77da-4d7f-838c-cace7dac9464.roa
File:                     e32e9d70-77da-4d7f-838c-cace7dac9464.roa (raw, json)
Hash identifier:          hkNU578pJK2st6Tl7xJvvbrgarx5K8c41t1mUSh3dlc=
Subject key identifier:   61:08:6B:E9:22:DE:2A:9E:AC:CA:AA:DB:04:1B:E9:12:AD:18:F1:4E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3263574883777702DE5877824DAA81E79411729E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e32e9d70-77da-4d7f-838c-cace7dac9464.roa
Signing time:             Wed 01 Oct 2025 00:11:57 +0000
ROA not before:           Wed 01 Oct 2025 00:11:57 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.231.96.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:63:57:48:83:77:77:02:de:58:77:82:4d:aa:81:e7:94:11:72:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:11:57 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=55a7bb109aca7b9e830aa171a01f23a8764bc4beec99810261a853c7d56a761d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:25:35:93:64:e1:fb:07:df:53:93:61:55:e5:
                    1a:0f:a7:df:d6:5b:39:33:25:50:d2:0c:47:f0:d7:
                    30:ab:7a:bb:d1:8c:fa:0e:55:16:c6:88:e6:46:fb:
                    2b:a4:13:81:9b:71:be:94:57:00:d2:0b:b6:0a:2a:
                    01:99:63:dd:12:d3:b6:ea:4d:43:58:b4:23:f0:21:
                    50:e2:5f:5d:30:c5:d7:c1:bb:17:57:69:c7:25:0e:
                    59:41:93:1a:c4:a3:4e:02:6d:4f:b6:3f:6f:ce:9b:
                    d5:13:32:f6:00:c8:ea:97:5d:4f:11:0f:c7:8c:05:
                    42:7c:2f:de:fb:09:ef:1c:ba:da:b9:5e:d2:15:d9:
                    87:85:71:56:8f:7a:ab:ac:1a:0d:f3:9a:5a:72:c5:
                    c6:55:39:a7:9c:04:84:a7:8a:3b:2a:58:a8:6c:ad:
                    97:d8:37:0c:f7:39:6a:73:5c:bb:0b:89:00:7e:68:
                    9e:2a:9a:e0:7a:46:1c:8f:75:51:dd:9c:4e:5d:b1:
                    e9:d8:55:16:4f:09:7f:0c:a1:64:e3:c1:16:a1:30:
                    e2:3e:a4:fc:b3:5d:45:48:55:23:20:f6:fb:9d:80:
                    92:1a:1e:95:51:be:c6:5d:eb:a6:6e:ca:ea:6e:da:
                    85:12:82:52:31:ff:05:00:45:e1:76:18:de:72:04:
                    18:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:08:6B:E9:22:DE:2A:9E:AC:CA:AA:DB:04:1B:E9:12:AD:18:F1:4E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e32e9d70-77da-4d7f-838c-cace7dac9464.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.231.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         b4:7d:bd:29:f9:b0:d8:48:83:04:69:52:79:14:ec:a3:c9:98:
         71:ea:1d:98:5d:ba:51:ce:46:9b:20:68:22:61:cf:f0:ef:2f:
         47:03:7e:c7:95:0c:98:93:c0:e0:55:00:41:c5:ca:48:f4:3c:
         93:02:62:c0:6c:d6:93:8b:3a:19:7f:8b:e7:3e:63:04:18:e5:
         74:f5:03:ae:21:21:00:14:c1:cf:1e:82:ef:79:82:4a:90:32:
         6f:7f:1b:24:61:4c:3b:65:5c:dd:0a:6d:fc:ec:77:dd:d9:c2:
         c0:ba:10:5f:75:69:54:9f:c8:25:bb:6e:25:81:0c:79:87:92:
         a9:c0:97:a6:2f:47:44:e6:39:37:87:6c:a7:12:de:3c:50:a8:
         0a:e2:17:f0:1b:95:a1:60:0b:52:b7:7c:7e:4a:b0:cc:f6:80:
         45:86:66:0c:85:54:00:cc:4f:19:39:44:7e:1b:81:10:19:d7:
         fc:37:2f:f8:6e:f7:ed:43:47:7a:39:aa:41:96:41:3a:65:9e:
         68:f9:60:4b:fc:75:11:3d:04:e6:4c:ae:66:a0:53:92:0e:1b:
         d2:ab:17:00:23:96:28:bd:da:e1:cc:da:5f:aa:d4:c9:38:1d:
         9d:ed:74:19:7b:35:0d:72:ad:f3:10:bf:3f:ec:f0:1f:85:50:
         3a:a1:09:51
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMmNXSIN3dwLeWHeCTaqB55QRcp4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDAxMTU3WhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NWE3YmIxMDlhY2E3YjllODMwYWExNzFhMDFmMjNhODc2
NGJjNGJlZWM5OTgxMDI2MWE4NTNjN2Q1NmE3NjFkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZJTWTZOH7B99Tk2FV5RoPp9/WWzkzJVDSDEfw1zCrervR
jPoOVRbGiOZG+yukE4Gbcb6UVwDSC7YKKgGZY90S07bqTUNYtCPwIVDiX10wxdfB
uxdXacclDllBkxrEo04CbU+2P2/Om9UTMvYAyOqXXU8RD8eMBUJ8L977Ce8cutq5
XtIV2YeFcVaPequsGg3zmlpyxcZVOaecBISnijsqWKhsrZfYNwz3OWpzXLsLiQB+
aJ4qmuB6RhyPdVHdnE5dsenYVRZPCX8MoWTjwRahMOI+pPyzXUVIVSMg9vudgJIa
HpVRvsZd66Zuyupu2oUSglIx/wUAReF2GN5yBBjFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYQhr6SLeKp6syqrbBBvpEq0Y8U4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UzMmU5ZDcwLTc3ZGEtNGQ3Zi04MzhjLWNhY2U3ZGFjOTQ2NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXY52AwDQYJKoZIhvcNAQELBQADggEBALR9vSn5sNhIgwRpUnkU7KPJmHHq
HZhdulHORpsgaCJhz/DvL0cDfseVDJiTwOBVAEHFykj0PJMCYsBs1pOLOhl/i+c+
YwQY5XT1A64hIQAUwc8egu95gkqQMm9/GyRhTDtlXN0Kbfzsd93ZwsC6EF91aVSf
yCW7biWBDHmHkqnAl6YvR0TmOTeHbKcS3jxQqAriF/AblaFgC1K3fH5KsMz2gEWG
ZgyFVADMTxk5RH4bgRAZ1/w3L/hu9+1DR3o5qkGWQTplnmj5YEv8dRE9BOZMrmag
U5IOG9KrFwAjlii92uHM2l+q1Mk4HZ3tdBl7NQ1yrfMQvz/s8B+FUDqhCVE=
-----END CERTIFICATE-----