Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f27b7999-d38a-4b9b-9aff-302f3d69984e.roa
File:                     f27b7999-d38a-4b9b-9aff-302f3d69984e.roa (raw, json)
Hash identifier:          EQTpn5RhIAOEZU2xRjxPV5rGDOmGlNOxXG9Z0gta2FQ=
Subject key identifier:   93:11:B1:00:2E:3C:C4:88:74:13:CD:0A:8C:7F:48:4F:E5:50:05:3F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       55156BCB84486F8D9E5BE37995C8837018F133C9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f27b7999-d38a-4b9b-9aff-302f3d69984e.roa
Signing time:             Fri 17 Oct 2025 20:21:10 +0000
ROA not before:           Fri 17 Oct 2025 20:21:10 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        204.236.132.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:15:6b:cb:84:48:6f:8d:9e:5b:e3:79:95:c8:83:70:18:f1:33:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 17 20:21:10 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=8bdc943241db9866a70ea491de7623ff23110e44202d12d3e2c7142226413b3e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:5c:90:b4:50:cf:31:3a:03:79:dc:30:13:c2:
                    59:34:0d:bf:36:33:fb:4d:92:d6:81:99:5f:30:03:
                    ec:77:a8:63:0f:6a:59:e7:ad:9b:b8:45:d7:93:83:
                    8a:df:56:bd:04:f0:5b:5b:46:ef:dc:eb:aa:f0:e6:
                    53:e9:56:7c:08:3d:34:37:79:db:ab:ab:30:01:fb:
                    42:fc:35:c6:78:95:d7:6d:c7:a0:f1:b9:6d:dd:9b:
                    f4:60:31:a0:db:6e:fc:3e:80:76:fb:51:39:08:ae:
                    2c:d9:94:43:1a:e4:d7:fb:e6:68:40:68:4c:f0:72:
                    84:13:7c:1f:10:3e:62:8e:16:c1:ce:94:40:8b:b2:
                    ea:3a:9c:9c:4d:46:7b:1f:97:56:31:e4:04:60:4e:
                    76:89:ca:81:fd:d6:f9:c4:38:89:ac:b4:2a:34:ea:
                    d4:15:a7:47:c3:1b:b7:fb:11:58:c6:11:01:52:3e:
                    fb:d6:1d:4d:5d:71:a6:09:97:64:23:09:6a:dd:ed:
                    91:06:90:43:2c:01:18:38:28:6c:13:7d:fc:94:d9:
                    76:6a:28:89:72:b1:6b:b4:dd:f5:03:26:6d:53:c7:
                    18:a2:a5:71:f3:c8:3d:12:93:9d:70:41:60:cf:51:
                    0d:9b:6b:73:89:16:ff:6f:87:3e:e7:bf:a4:ee:c2:
                    3e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:11:B1:00:2E:3C:C4:88:74:13:CD:0A:8C:7F:48:4F:E5:50:05:3F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f27b7999-d38a-4b9b-9aff-302f3d69984e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.236.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:c9:cb:46:33:f8:36:aa:42:d3:57:01:10:10:94:06:6a:22:
         36:45:63:bd:af:f5:2d:ae:7d:eb:50:ef:23:fb:62:dd:ea:68:
         9f:e3:22:16:59:a6:88:d3:d6:56:35:7d:81:62:b5:55:fd:c9:
         8a:11:4d:2f:32:08:db:3f:9b:f0:40:63:26:d0:7b:ab:4d:cc:
         f6:5f:56:3b:fe:e1:81:6a:9f:3e:5b:5c:4d:86:5f:98:93:4a:
         94:05:b8:60:f6:44:48:50:93:f6:df:d7:a5:ff:ae:28:d9:69:
         47:5d:3e:15:6f:91:0d:6e:89:a1:a2:72:95:c5:db:c1:05:02:
         73:96:75:bb:fb:6f:61:1f:9a:7a:39:ea:c7:3e:a1:0d:ce:d1:
         a5:b8:48:b3:5a:d2:4b:64:d0:b4:7b:07:7a:ff:d9:bd:10:7c:
         8d:3d:69:9f:d6:53:06:f6:7c:cb:12:d7:52:23:67:47:15:03:
         29:df:56:8b:06:b6:fb:43:0a:fb:70:a1:63:91:70:48:63:f1:
         3b:4f:07:22:9a:06:bb:af:3c:ab:ce:66:b8:d7:58:0e:43:45:
         8c:db:42:94:fb:71:6c:c2:16:1f:95:50:fb:d5:da:52:6c:37:
         50:ea:15:be:23:ac:84:fb:be:b0:ae:7f:24:cc:1b:e7:e6:ca:
         42:07:cb:10
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVRVry4RIb42eW+N5lciDcBjxM8kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE3MjAyMTEwWhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4YmRjOTQzMjQxZGI5ODY2YTcwZWE0OTFkZTc2MjNmZjIz
MTEwZTQ0MjAyZDEyZDNlMmM3MTQyMjI2NDEzYjNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDdXJC0UM8xOgN53DATwlk0Db82M/tNktaBmV8wA+x3qGMP
alnnrZu4RdeTg4rfVr0E8FtbRu/c66rw5lPpVnwIPTQ3edurqzAB+0L8NcZ4lddt
x6DxuW3dm/RgMaDbbvw+gHb7UTkIrizZlEMa5Nf75mhAaEzwcoQTfB8QPmKOFsHO
lECLsuo6nJxNRnsfl1Yx5ARgTnaJyoH91vnEOImstCo06tQVp0fDG7f7EVjGEQFS
PvvWHU1dcaYJl2QjCWrd7ZEGkEMsARg4KGwTffyU2XZqKIlysWu03fUDJm1Txxii
pXHzyD0Sk51wQWDPUQ2ba3OJFv9vhz7nv6Tuwj6dAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkxGxAC48xIh0E80KjH9IT+VQBT8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YyN2I3OTk5LWQzOGEtNGI5Yi05YWZmLTMwMmYzZDY5OTg0ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBALM7IQwDQYJKoZIhvcNAQELBQADggEBABvJy0Yz+DaqQtNXARAQlAZqIjZF
Y72v9S2ufetQ7yP7Yt3qaJ/jIhZZpojT1lY1fYFitVX9yYoRTS8yCNs/m/BAYybQ
e6tNzPZfVjv+4YFqnz5bXE2GX5iTSpQFuGD2REhQk/bf16X/rijZaUddPhVvkQ1u
iaGicpXF28EFAnOWdbv7b2Efmno56sc+oQ3O0aW4SLNa0ktk0LR7B3r/2b0QfI09
aZ/WUwb2fMsS11IjZ0cVAynfVosGtvtDCvtwoWORcEhj8TtPByKaBruvPKvOZrjX
WA5DRYzbQpT7cWzCFh+VUPvV2lJsN1DqFb4jrIT7vrCufyTMG+fmykIHyxA=
-----END CERTIFICATE-----