Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f62398b5-018d-426c-b1b1-e2159c71f6c3.roa
File:                     f62398b5-018d-426c-b1b1-e2159c71f6c3.roa (raw, json)
Hash identifier:          9h962uywiBIBMcRxkr4f4nnuh5VusyRCiO+kmlwqJzU=
Subject key identifier:   EE:2B:79:3B:4B:BC:8F:BF:2A:28:2C:46:50:CF:24:DC:95:30:55:BF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5A1281A6E12BC6FFC2FBBAAD80ACDA5B8634108F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f62398b5-018d-426c-b1b1-e2159c71f6c3.roa
Signing time:             Sat 18 Oct 2025 04:40:53 +0000
ROA not before:           Sat 18 Oct 2025 04:40:53 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.9.136.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:12:81:a6:e1:2b:c6:ff:c2:fb:ba:ad:80:ac:da:5b:86:34:10:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 04:40:53 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=d72585a29291d8b0767ae38b5f532fb1c1da26d6e6a1f283843fc8cff0c7fe34, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:fa:19:4b:bd:6f:9a:09:94:ec:dc:9f:8d:3e:
                    07:72:25:d4:9d:8a:a0:2f:f2:75:43:7a:ee:34:d1:
                    9c:e3:cf:e6:db:67:e9:e8:be:92:6a:54:a3:cc:41:
                    86:a7:28:c5:81:64:a7:35:b1:5a:62:d2:74:54:2a:
                    9d:b7:2b:45:06:0c:47:0e:9f:1a:b7:a9:8f:3b:df:
                    55:63:c1:8b:58:8a:5c:1b:f7:03:50:d3:23:52:82:
                    17:9a:f8:fd:44:16:0c:5b:24:7b:60:d4:d2:27:47:
                    60:bf:bd:f0:a2:2f:52:09:01:80:85:b5:dd:e4:f0:
                    a5:07:93:ba:ad:e5:e8:0a:09:6d:2b:f2:46:8a:a6:
                    0a:9f:39:57:86:99:68:40:90:cc:c9:5d:98:45:ad:
                    e9:ac:50:f4:8f:69:04:8f:04:cd:71:ab:65:26:a6:
                    37:3d:f5:a9:5f:86:80:24:5f:94:52:f1:86:8b:4e:
                    4d:f7:ed:46:b7:0a:b6:86:86:35:9f:f7:1b:b0:d7:
                    2e:7c:2c:fd:00:e7:2b:60:fd:f1:0a:97:bc:24:ed:
                    48:87:b3:70:7b:6f:a9:e3:d4:87:cb:88:52:fc:e5:
                    d6:e0:8d:7e:3c:2e:33:85:c7:34:83:47:19:f6:b8:
                    1f:52:e8:fa:ca:c0:13:b4:a9:a6:c7:da:07:ec:99:
                    65:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:2B:79:3B:4B:BC:8F:BF:2A:28:2C:46:50:CF:24:DC:95:30:55:BF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f62398b5-018d-426c-b1b1-e2159c71f6c3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.9.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9b:92:74:3f:5e:ff:c7:8a:8b:61:5a:cc:41:35:b7:33:44:39:
         7a:58:95:e4:5e:e6:ce:40:01:c7:a9:7f:02:4b:e7:fb:70:88:
         e9:2b:c7:ff:5a:23:92:dc:fb:1d:6f:13:8b:6c:90:1c:63:ef:
         09:97:72:6a:55:c2:39:41:de:97:f2:ae:bc:35:7a:b4:b3:62:
         c6:fc:45:bd:4f:69:73:2e:d0:5b:e8:74:90:99:cb:80:fc:4c:
         55:89:8c:f3:3b:90:be:2e:38:bf:5b:9d:ed:e1:1d:7a:74:3c:
         1d:98:56:8b:ad:19:f7:72:a7:ef:4f:cc:61:42:64:ad:80:53:
         22:49:4f:66:ec:d5:2e:25:05:25:ad:64:72:ec:97:29:20:68:
         5a:46:cd:54:5f:68:d0:55:6a:ce:e7:19:c5:5e:20:1b:e1:b7:
         41:35:ef:9f:c2:a2:e9:68:02:b8:1a:a5:f7:e4:80:25:fb:4e:
         9b:0e:f1:4c:77:1e:fd:0e:30:43:37:1c:a6:f6:67:82:4d:1b:
         54:5d:3c:ed:ed:06:f6:72:9a:67:35:e9:ce:30:67:40:26:e0:
         d2:e3:8f:2f:cc:bf:0d:46:75:82:6c:25:ab:39:a4:7b:d4:a6:
         5f:2a:e6:25:4c:d3:59:8e:3a:77:05:a6:e0:df:5d:45:0f:9c:
         4f:63:b8:fd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWhKBpuErxv/C+7qtgKzaW4Y0EI8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDQ0MDUzWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNzI1ODVhMjkyOTFkOGIwNzY3YWUzOGI1ZjUzMmZiMWMx
ZGEyNmQ2ZTZhMWYyODM4NDNmYzhjZmYwYzdmZTM0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCU+hlLvW+aCZTs3J+NPgdyJdSdiqAv8nVDeu400Zzjz+bb
Z+novpJqVKPMQYanKMWBZKc1sVpi0nRUKp23K0UGDEcOnxq3qY8731VjwYtYilwb
9wNQ0yNSghea+P1EFgxbJHtg1NInR2C/vfCiL1IJAYCFtd3k8KUHk7qt5egKCW0r
8kaKpgqfOVeGmWhAkMzJXZhFremsUPSPaQSPBM1xq2Umpjc99alfhoAkX5RS8YaL
Tk337Ua3CraGhjWf9xuw1y58LP0A5ytg/fEKl7wk7UiHs3B7b6nj1IfLiFL85dbg
jX48LjOFxzSDRxn2uB9S6PrKwBO0qabH2gfsmWWDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7it5O0u8j78qKCxGUM8k3JUwVb8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y2MjM5OGI1LTAxOGQtNDI2Yy1iMWIxLWUyMTU5YzcxZjZjMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANBCYgwDQYJKoZIhvcNAQELBQADggEBAJuSdD9e/8eKi2FazEE1tzNEOXpY
leRe5s5AAcepfwJL5/twiOkrx/9aI5Lc+x1vE4tskBxj7wmXcmpVwjlB3pfyrrw1
erSzYsb8Rb1PaXMu0FvodJCZy4D8TFWJjPM7kL4uOL9bne3hHXp0PB2YVoutGfdy
p+9PzGFCZK2AUyJJT2bs1S4lBSWtZHLslykgaFpGzVRfaNBVas7nGcVeIBvht0E1
75/CouloArgapffkgCX7TpsO8Ux3Hv0OMEM3HKb2Z4JNG1RdPO3tBvZymmc16c4w
Z0Am4NLjjy/Mvw1GdYJsJas5pHvUpl8q5iVM01mOOncFpuDfXUUPnE9juP0=
-----END CERTIFICATE-----