Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/edec40ce-e23b-441d-8f40-345692a2b965.roa
File:                     edec40ce-e23b-441d-8f40-345692a2b965.roa (raw, json)
Hash identifier:          Fgf/8y6ValmXiFD2ZyeesvgJga9vq6cdMh/P7ztKQXQ=
Subject key identifier:   AE:F7:86:DA:10:8B:72:D9:AD:B8:FA:2B:5B:48:DE:51:E4:B2:03:57
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       39CD9934BC986D2C586BA95E6DE206EE6C756438
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/edec40ce-e23b-441d-8f40-345692a2b965.roa
Signing time:             Sun 19 Oct 2025 00:31:13 +0000
ROA not before:           Sun 19 Oct 2025 00:31:13 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        75.101.164.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:cd:99:34:bc:98:6d:2c:58:6b:a9:5e:6d:e2:06:ee:6c:75:64:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 00:31:13 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=c485baed170fa2f7d11cc965e593ea7553c2d33e9ab155e13b9f462496317432, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:69:58:1b:22:49:d1:29:57:11:03:cc:ad:a1:
                    b1:db:73:9f:04:97:b6:9a:1e:aa:ae:0e:cc:57:a4:
                    27:7e:c2:2a:62:8b:29:1d:3b:b4:8d:89:dc:07:81:
                    1d:7f:93:df:d8:c6:ad:06:51:ad:5b:f9:97:2d:6f:
                    01:65:21:0f:90:bc:74:c0:d7:c5:60:04:ac:f0:3a:
                    e0:2d:bf:1f:4a:c9:2b:7e:f4:82:be:8d:dd:9f:7a:
                    31:85:bd:7a:7f:3b:7a:77:32:3d:7b:e0:44:dd:d2:
                    b0:a4:2d:c7:8b:7b:a1:9b:83:e9:01:e8:13:f7:27:
                    8a:57:79:05:be:07:e7:3e:ae:62:f3:c2:66:dd:e9:
                    1d:dd:8b:87:01:a2:1d:ea:99:ab:55:39:be:2e:3f:
                    be:ac:38:a9:37:7c:93:48:68:3b:83:d7:fa:ab:0f:
                    6a:ce:75:79:1a:a4:d8:13:1a:58:37:40:9c:f8:e7:
                    15:08:55:89:e6:d1:5d:3f:e3:1a:3f:4c:5b:b4:7e:
                    75:bb:dd:02:a7:66:f6:2b:e0:86:5a:57:e5:1f:b6:
                    8c:9f:f0:61:3c:ed:36:43:82:80:fa:1c:66:25:94:
                    9e:94:95:29:01:71:11:07:1a:20:83:ca:b0:74:53:
                    f5:d6:5c:c7:c0:18:84:25:02:39:b3:e0:42:a5:72:
                    6f:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:F7:86:DA:10:8B:72:D9:AD:B8:FA:2B:5B:48:DE:51:E4:B2:03:57
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/edec40ce-e23b-441d-8f40-345692a2b965.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  75.101.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d3:88:f1:cf:4a:90:1b:69:b0:46:e1:9d:50:70:aa:b6:5c:47:
         20:35:7a:70:82:48:2d:9d:9f:e2:f4:57:9c:30:38:22:5d:9a:
         27:e1:f9:30:68:36:c4:54:4d:e7:d1:4a:67:a2:12:7d:38:2a:
         e0:d2:b0:ca:39:b7:66:8b:08:67:bb:92:0e:40:eb:1c:58:77:
         8d:68:9f:d4:25:8a:2f:f9:97:6d:f0:62:89:46:30:5c:37:3c:
         b7:be:75:36:16:24:e4:85:4c:96:ea:9c:ad:28:c6:5e:df:a4:
         07:50:49:c7:db:fe:96:73:b5:77:06:ef:06:80:6b:1e:fe:f1:
         b6:83:f0:fd:79:f5:e1:c6:05:4a:d1:c7:b1:1b:02:e5:93:fa:
         e7:2f:c3:98:1a:4a:f8:93:10:97:9b:bb:28:f4:91:84:d9:54:
         a1:c3:e4:cb:49:d9:47:d3:9a:df:bf:05:18:9c:2e:92:34:7c:
         be:2c:5d:b5:91:cb:1a:95:1c:ed:63:37:ef:51:a8:9e:52:4a:
         fb:0e:93:f2:56:19:65:e6:c5:25:a4:03:fc:cb:dc:a8:3a:73:
         db:18:40:fc:43:bc:fe:63:55:f7:b1:aa:a2:ce:7d:8c:66:93:
         56:66:03:57:15:67:0e:13:ca:d2:6f:f5:a5:a5:f5:ea:44:1a:
         93:17:91:cf
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOc2ZNLyYbSxYa6lebeIG7mx1ZDgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDAzMTEzWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNDg1YmFlZDE3MGZhMmY3ZDExY2M5NjVlNTkzZWE3NTUz
YzJkMzNlOWFiMTU1ZTEzYjlmNDYyNDk2MzE3NDMyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCaaVgbIknRKVcRA8ytobHbc58El7aaHqquDsxXpCd+wipi
iykdO7SNidwHgR1/k9/Yxq0GUa1b+ZctbwFlIQ+QvHTA18VgBKzwOuAtvx9KySt+
9IK+jd2fejGFvXp/O3p3Mj174ETd0rCkLceLe6Gbg+kB6BP3J4pXeQW+B+c+rmLz
wmbd6R3di4cBoh3qmatVOb4uP76sOKk3fJNIaDuD1/qrD2rOdXkapNgTGlg3QJz4
5xUIVYnm0V0/4xo/TFu0fnW73QKnZvYr4IZaV+Uftoyf8GE87TZDgoD6HGYllJ6U
lSkBcREHGiCDyrB0U/XWXMfAGIQlAjmz4EKlcm/5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrveG2hCLctmtuPorW0jeUeSyA1cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VkZWM0MGNlLWUyM2ItNDQxZC04ZjQwLTM0NTY5MmEyYjk2NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJLZaQwDQYJKoZIhvcNAQELBQADggEBANOI8c9KkBtpsEbhnVBwqrZcRyA1
enCCSC2dn+L0V5wwOCJdmifh+TBoNsRUTefRSmeiEn04KuDSsMo5t2aLCGe7kg5A
6xxYd41on9Qlii/5l23wYolGMFw3PLe+dTYWJOSFTJbqnK0oxl7fpAdQScfb/pZz
tXcG7waAax7+8baD8P159eHGBUrRx7EbAuWT+ucvw5gaSviTEJebuyj0kYTZVKHD
5MtJ2UfTmt+/BRicLpI0fL4sXbWRyxqVHO1jN+9RqJ5SSvsOk/JWGWXmxSWkA/zL
3Kg6c9sYQPxDvP5jVfexqqLOfYxmk1ZmA1cVZw4TytJv9aWl9epEGpMXkc8=
-----END CERTIFICATE-----