Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e7b930c3-987f-43e4-8f4b-436fe0c64032.roa
File:                     e7b930c3-987f-43e4-8f4b-436fe0c64032.roa (raw, json)
Hash identifier:          H2eY6Ki+ku8PhaoYKpKARJqxZwoU8eTim6DJtd2Es+U=
Subject key identifier:   15:FE:D2:22:2D:01:CA:DB:D9:31:DF:98:FE:32:43:CB:6D:E3:2F:D3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       202C683579D7578B71C108F53F6B2162A73BBF3C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e7b930c3-987f-43e4-8f4b-436fe0c64032.roa
Signing time:             Tue 14 Oct 2025 17:39:20 +0000
ROA not before:           Tue 14 Oct 2025 17:39:20 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        70.132.52.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:2c:68:35:79:d7:57:8b:71:c1:08:f5:3f:6b:21:62:a7:3b:bf:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 17:39:20 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=824256caec16899972e59d709eb6f141e14b8afd353c713b0044dfa86a7bb9b6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:9f:3d:39:79:24:c3:22:52:8a:81:3f:fc:f5:
                    c9:87:9a:51:61:59:39:a8:21:92:76:31:0e:58:9d:
                    83:2a:1c:2d:57:4b:00:d9:bd:4f:10:d6:43:42:47:
                    e3:56:ae:39:a6:21:24:a2:f6:d4:1b:7d:af:b2:9a:
                    36:b1:8d:ce:06:54:c2:15:c9:ec:27:0f:14:fa:a7:
                    69:54:94:84:52:1a:73:d3:cb:8d:a8:6d:8a:04:74:
                    92:d8:26:6d:93:9d:99:e9:d7:a4:2f:76:f6:49:e5:
                    02:ec:38:53:8c:da:f8:88:c9:6d:b1:d2:96:79:0a:
                    55:12:d3:22:fd:77:53:7e:ae:bb:60:ff:2e:c0:47:
                    a7:85:bf:23:4f:c7:07:17:de:04:4d:27:56:67:09:
                    a1:b7:b4:6d:e6:e6:86:ec:19:78:8d:a7:a5:b5:e9:
                    a7:5f:ca:4c:3f:0b:77:e3:82:bd:3b:44:79:94:dd:
                    93:9b:92:f9:89:fa:e7:e7:b5:f6:20:fc:e9:4a:de:
                    a8:89:fd:d5:7d:1c:94:ac:ba:f5:b1:e9:cb:34:f3:
                    49:fb:18:11:5e:a5:76:98:c4:53:92:10:b3:16:d7:
                    46:27:72:ca:50:91:58:92:43:6e:80:a0:9d:6d:b0:
                    f7:37:8d:a6:5c:3d:c5:08:27:3b:e1:51:05:26:07:
                    0e:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:FE:D2:22:2D:01:CA:DB:D9:31:DF:98:FE:32:43:CB:6D:E3:2F:D3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e7b930c3-987f-43e4-8f4b-436fe0c64032.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  70.132.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:49:bb:d4:43:b2:af:bb:fe:ae:17:26:64:4f:7b:23:66:47:
         b0:e1:03:9d:e1:e0:85:69:b9:d8:55:b9:e6:ad:ad:39:98:f8:
         cf:fe:0a:bb:10:af:b6:8e:75:55:fc:35:f3:e5:c1:09:e6:3d:
         d2:37:1f:72:9a:9b:0d:86:6a:19:c3:d0:c8:06:ac:cd:5f:66:
         b8:bb:69:9e:fd:db:09:f9:80:ba:61:e1:89:c8:a3:fd:10:77:
         41:34:18:1e:3b:51:b8:95:da:ce:0c:ec:95:01:dc:00:2a:ce:
         d5:21:6a:66:da:bf:41:cb:5e:89:3a:2d:d6:fc:1b:99:19:b3:
         1b:ba:78:45:e1:db:e1:7a:ff:5a:8c:8c:fa:d1:37:a9:6b:73:
         32:94:e9:73:7d:dd:06:87:6a:af:d3:9b:59:07:7a:70:7c:ad:
         06:5b:44:cb:21:cd:5b:8b:45:f9:08:b3:14:97:ec:d5:23:73:
         1b:3a:08:55:a9:a1:04:67:dc:9d:a5:25:e8:c4:e6:fa:f3:36:
         9f:f4:ab:a0:f8:84:1f:26:f4:6a:7f:52:b5:d9:08:48:c8:3a:
         01:32:7e:cd:2c:38:4a:77:3f:11:7d:23:bb:a2:79:1e:85:54:
         a8:f5:cc:1b:e5:b2:e4:84:7a:46:9f:f1:44:39:7e:73:6d:c3:
         f0:72:87:b9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUICxoNXnXV4txwQj1P2shYqc7vzwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTczOTIwWhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MjQyNTZjYWVjMTY4OTk5NzJlNTlkNzA5ZWI2ZjE0MWUx
NGI4YWZkMzUzYzcxM2IwMDQ0ZGZhODZhN2JiOWI2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSnz05eSTDIlKKgT/89cmHmlFhWTmoIZJ2MQ5YnYMqHC1X
SwDZvU8Q1kNCR+NWrjmmISSi9tQbfa+ymjaxjc4GVMIVyewnDxT6p2lUlIRSGnPT
y42obYoEdJLYJm2TnZnp16QvdvZJ5QLsOFOM2viIyW2x0pZ5ClUS0yL9d1N+rrtg
/y7AR6eFvyNPxwcX3gRNJ1ZnCaG3tG3m5obsGXiNp6W16adfykw/C3fjgr07RHmU
3ZObkvmJ+ufntfYg/OlK3qiJ/dV9HJSsuvWx6cs080n7GBFepXaYxFOSELMW10Yn
cspQkViSQ26AoJ1tsPc3jaZcPcUIJzvhUQUmBw6NAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFf7SIi0BytvZMd+Y/jJDy23jL9MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U3YjkzMGMzLTk4N2YtNDNlNC04ZjRiLTQzNmZlMGM2NDAzMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJGhDQwDQYJKoZIhvcNAQELBQADggEBAIVJu9RDsq+7/q4XJmRPeyNmR7Dh
A53h4IVpudhVueatrTmY+M/+CrsQr7aOdVX8NfPlwQnmPdI3H3Kamw2GahnD0MgG
rM1fZri7aZ792wn5gLph4YnIo/0Qd0E0GB47UbiV2s4M7JUB3AAqztUhambav0HL
Xok6Ldb8G5kZsxu6eEXh2+F6/1qMjPrRN6lrczKU6XN93QaHaq/Tm1kHenB8rQZb
RMshzVuLRfkIsxSX7NUjcxs6CFWpoQRn3J2lJejE5vrzNp/0q6D4hB8m9Gp/UrXZ
CEjIOgEyfs0sOEp3PxF9I7uieR6FVKj1zBvlsuSEekaf8UQ5fnNtw/Byh7k=
-----END CERTIFICATE-----