Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e85e2573-73cc-4d70-be6b-4b61dd0f34b7.roa
File:                     e85e2573-73cc-4d70-be6b-4b61dd0f34b7.roa (raw, json)
Hash identifier:          2wYvqYhJXFHKacqsB5Quxhh51U3qrR34KmrD2kE+6Gg=
Subject key identifier:   FD:AA:00:3B:E8:6B:ED:0B:15:1F:F5:40:CA:5C:DE:D0:EA:F3:F5:8A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       536F3002BE1DCA980E73F8B9EB5171D2D43E850D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e85e2573-73cc-4d70-be6b-4b61dd0f34b7.roa
Signing time:             Fri 03 Oct 2025 00:42:12 +0000
ROA not before:           Fri 03 Oct 2025 00:42:12 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        68.217.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:6f:30:02:be:1d:ca:98:0e:73:f8:b9:eb:51:71:d2:d4:3e:85:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:42:12 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=2a201dd67aeb70f31c190fd0e03408dea8952abaa1421f55ca14856ac478ab31, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a8:5c:cd:bc:c3:5d:95:63:8d:3c:90:63:e5:
                    2e:db:6e:48:22:56:89:c1:29:51:73:6b:67:4a:29:
                    0a:32:07:e2:32:c2:85:e4:40:36:dc:3e:f6:0c:af:
                    d2:5e:cd:5c:f4:99:9b:1f:26:fc:d3:02:5f:f4:67:
                    7c:e5:63:3b:02:7b:9e:0d:77:bf:9a:88:b9:a1:04:
                    f6:2e:e0:75:11:3d:19:a2:c6:59:8b:eb:8e:75:53:
                    4b:f5:92:1c:bb:03:33:5e:04:ee:80:93:78:12:f9:
                    e9:57:18:10:e9:73:4f:5f:93:fb:e0:43:4c:4f:3c:
                    61:0b:31:ee:b7:b9:e4:58:00:28:e3:a0:82:2b:f8:
                    7e:e4:3c:da:b1:88:1b:62:a3:ac:d9:2c:33:7a:58:
                    d7:f4:c8:5d:75:c8:e8:d1:d2:b0:f7:15:f0:1d:48:
                    0c:1d:e3:ef:9d:b1:dd:57:24:bb:40:cb:35:f6:64:
                    e1:26:77:f6:d0:3a:d7:b9:de:b8:80:79:92:17:6b:
                    2b:ae:f2:39:69:01:32:ae:19:08:f8:bb:54:b0:9c:
                    51:44:ed:ba:e0:0b:c8:3b:70:11:47:74:7f:38:14:
                    9b:4c:63:8a:53:b9:dd:46:e8:74:0b:4d:f0:c4:24:
                    88:b3:6e:b8:70:3a:cd:2b:2c:e8:ab:5d:73:7c:d9:
                    5c:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:AA:00:3B:E8:6B:ED:0B:15:1F:F5:40:CA:5C:DE:D0:EA:F3:F5:8A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e85e2573-73cc-4d70-be6b-4b61dd0f34b7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  68.217.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4c:37:57:63:67:65:8a:02:90:05:f5:55:fa:ed:fb:77:68:b4:
         b4:52:ff:7f:e6:2c:0d:73:77:d6:31:ec:83:e8:39:2a:0c:00:
         6e:b0:e4:27:f7:40:73:79:10:9d:0b:24:28:72:15:61:99:14:
         cc:0b:31:08:ec:be:23:e1:9a:b7:cc:47:d2:e8:fb:10:f0:85:
         ac:11:93:e9:d1:ff:bf:55:f3:b4:50:e9:48:64:93:ab:f4:c5:
         02:83:04:1f:e6:21:3a:ad:76:27:75:88:b4:bc:ba:1d:c7:a4:
         e6:19:34:3d:96:41:82:37:f6:c9:06:1a:b2:23:0e:34:bd:db:
         57:d1:60:cb:2b:7f:45:e1:ac:ac:f2:75:b2:70:bd:a1:9d:59:
         1c:b2:0b:b5:a6:08:a2:b0:00:15:e1:79:63:fe:7a:8a:c1:8f:
         55:7f:64:ef:fa:8e:c4:82:37:82:e4:3e:f2:1f:51:f8:cb:94:
         5c:c4:00:60:54:11:61:9f:37:27:49:18:1a:9c:c4:51:66:34:
         03:21:c7:70:57:b0:c8:fa:84:07:03:ca:5f:4c:b8:30:94:03:
         ce:2d:45:da:72:93:f0:2b:03:40:3d:e9:49:ee:d5:69:19:b8:
         2e:90:44:7c:de:87:12:50:a1:63:76:64:62:f8:8c:b9:f0:1d:
         ca:e7:c7:82
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUU28wAr4dypgOc/i561Fx0tQ+hQ0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDA0MjEyWhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyYTIwMWRkNjdhZWI3MGYzMWMxOTBmZDBlMDM0MDhkZWE4
OTUyYWJhYTE0MjFmNTVjYTE0ODU2YWM0NzhhYjMxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuqFzNvMNdlWONPJBj5S7bbkgiVonBKVFza2dKKQoyB+Iy
woXkQDbcPvYMr9JezVz0mZsfJvzTAl/0Z3zlYzsCe54Nd7+aiLmhBPYu4HURPRmi
xlmL6451U0v1khy7AzNeBO6Ak3gS+elXGBDpc09fk/vgQ0xPPGELMe63ueRYACjj
oIIr+H7kPNqxiBtio6zZLDN6WNf0yF11yOjR0rD3FfAdSAwd4++dsd1XJLtAyzX2
ZOEmd/bQOte53riAeZIXayuu8jlpATKuGQj4u1SwnFFE7brgC8g7cBFHdH84FJtM
Y4pTud1G6HQLTfDEJIizbrhwOs0rLOirXXN82VxdAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU/aoAO+hr7QsVH/VAylze0Orz9YowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U4NWUyNTczLTczY2MtNGQ3MC1iZTZiLTRiNjFkZDBmMzRiNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBE2TANBgkqhkiG9w0BAQsFAAOCAQEATDdXY2dligKQBfVV+u37d2i0tFL/
f+YsDXN31jHsg+g5KgwAbrDkJ/dAc3kQnQskKHIVYZkUzAsxCOy+I+Gat8xH0uj7
EPCFrBGT6dH/v1XztFDpSGSTq/TFAoMEH+YhOq12J3WItLy6Hcek5hk0PZZBgjf2
yQYasiMONL3bV9Fgyyt/ReGsrPJ1snC9oZ1ZHLILtaYIorAAFeF5Y/56isGPVX9k
7/qOxII3guQ+8h9R+MuUXMQAYFQRYZ83J0kYGpzEUWY0AyHHcFewyPqEBwPKX0y4
MJQDzi1F2nKT8CsDQD3pSe7VaRm4LpBEfN6HElChY3ZkYviMufAdyufHgg==
-----END CERTIFICATE-----