Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f74ead99-6790-4721-955a-632492193a35.roa
File:                     f74ead99-6790-4721-955a-632492193a35.roa (raw, json)
Hash identifier:          rL8VdJs430HuTNjVp4CqATTTIpRdN4njHXfsjhGxUDQ=
Subject key identifier:   0D:A2:7A:33:01:0F:ED:E8:C6:09:B5:44:6C:81:AE:42:45:BC:67:FD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1EBA39E9F951C8542BC4D5B10C72BA716BA69BFF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f74ead99-6790-4721-955a-632492193a35.roa
Signing time:             Fri 03 Oct 2025 00:03:05 +0000
ROA not before:           Fri 03 Oct 2025 00:03:05 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        206.131.0.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:ba:39:e9:f9:51:c8:54:2b:c4:d5:b1:0c:72:ba:71:6b:a6:9b:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:03:05 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=1b4cbbce40cf8fce0d7b1e99b2c76972a466d8b90c299b827db781c04ac023d2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:e3:b5:46:68:02:5f:6f:2e:32:d3:6b:44:2a:
                    cc:67:12:ac:44:5c:65:a1:09:67:0f:8f:4d:90:0a:
                    68:10:4c:dc:34:d1:18:eb:8b:2a:9e:3c:3a:f7:39:
                    3d:74:96:8f:40:52:87:81:1c:e6:1a:6f:b3:a5:a7:
                    2e:d6:59:be:06:d6:b2:a9:80:e3:40:53:55:3a:ec:
                    28:26:6f:48:58:74:48:b7:e1:32:7e:eb:0f:01:11:
                    da:c5:ef:0b:b1:00:78:7a:06:53:7e:46:d0:c1:4a:
                    48:9c:11:28:51:fd:7f:2f:a1:73:0c:27:b7:f4:b9:
                    1b:53:9c:1d:1a:d2:82:aa:bb:3f:c5:95:0f:66:ff:
                    79:47:56:cd:dc:bd:4a:a7:91:e0:fc:73:bd:9f:f7:
                    80:62:4e:ff:aa:25:7f:95:8a:aa:77:3e:dd:68:2d:
                    ad:20:01:e3:2a:9c:3e:79:c3:e1:3a:27:a6:62:95:
                    b3:62:1a:41:31:b4:20:c5:be:c2:11:0d:70:91:1a:
                    67:84:99:38:0a:11:36:96:ac:d5:94:6a:be:f9:09:
                    2b:1c:5e:35:f2:56:18:a9:e4:1f:10:82:43:2f:b3:
                    a1:fc:49:19:3c:1d:39:5f:5e:2d:46:2e:e3:8e:0c:
                    b5:2f:b5:eb:9b:c8:8a:78:85:5c:4c:e2:83:93:fa:
                    1f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:A2:7A:33:01:0F:ED:E8:C6:09:B5:44:6C:81:AE:42:45:BC:67:FD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f74ead99-6790-4721-955a-632492193a35.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  206.131.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         0f:b4:26:b4:ae:87:c1:71:0f:2a:55:93:13:f3:7f:fa:3a:8a:
         39:7c:ea:cd:38:81:f0:49:17:38:68:92:e0:76:30:32:88:10:
         b9:ae:84:59:6f:56:5f:c7:22:8f:f2:e8:c9:78:bf:0b:b1:a7:
         92:26:cf:4c:b0:53:eb:fb:ff:1e:68:78:51:dd:92:52:0f:ff:
         81:38:2d:0b:3e:85:a3:03:e6:56:f5:2e:aa:33:7e:e5:e9:4f:
         c0:f3:19:5b:f5:b6:a6:5d:42:8e:85:04:a2:72:17:6b:9e:d1:
         53:4f:44:1b:e2:0a:b6:2b:9d:fa:02:c4:7e:b8:d5:2f:a3:17:
         3b:65:22:ee:f5:e2:0c:74:7d:d7:3f:db:09:96:90:83:86:e8:
         b3:cc:81:be:be:ba:3f:ce:8d:4b:53:b3:c0:45:93:b4:a3:71:
         60:17:db:e4:61:fb:7c:a5:20:19:ae:28:fe:04:a5:56:1a:ef:
         f5:8d:40:24:5d:c6:05:af:c7:32:83:b4:9c:86:a5:6f:2b:95:
         23:05:3f:2f:1c:02:75:ec:c3:b9:c7:2b:0b:d9:92:b7:84:5c:
         68:56:92:8b:e3:d7:35:fd:fe:ec:e6:47:71:4f:5a:b3:fa:9f:
         1c:6e:d8:d3:82:36:f7:50:23:2b:5f:19:79:ad:77:3d:9a:8a:
         e6:b3:09:14
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHro56flRyFQrxNWxDHK6cWumm/8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDAwMzA1WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYjRjYmJjZTQwY2Y4ZmNlMGQ3YjFlOTliMmM3Njk3MmE0
NjZkOGI5MGMyOTliODI3ZGI3ODFjMDRhYzAyM2QyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDV47VGaAJfby4y02tEKsxnEqxEXGWhCWcPj02QCmgQTNw0
0RjriyqePDr3OT10lo9AUoeBHOYab7Olpy7WWb4G1rKpgONAU1U67Cgmb0hYdEi3
4TJ+6w8BEdrF7wuxAHh6BlN+RtDBSkicEShR/X8voXMMJ7f0uRtTnB0a0oKquz/F
lQ9m/3lHVs3cvUqnkeD8c72f94BiTv+qJX+Viqp3Pt1oLa0gAeMqnD55w+E6J6Zi
lbNiGkExtCDFvsIRDXCRGmeEmTgKETaWrNWUar75CSscXjXyVhip5B8QgkMvs6H8
SRk8HTlfXi1GLuOODLUvteubyIp4hVxM4oOT+h8JAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDaJ6MwEP7ejGCbVEbIGuQkW8Z/0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y3NGVhZDk5LTY3OTAtNDcyMS05NTVhLTYzMjQ5MjE5M2EzNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAfOgwAwDQYJKoZIhvcNAQELBQADggEBAA+0JrSuh8FxDypVkxPzf/o6ijl8
6s04gfBJFzhokuB2MDKIELmuhFlvVl/HIo/y6Ml4vwuxp5Imz0ywU+v7/x5oeFHd
klIP/4E4LQs+haMD5lb1LqozfuXpT8DzGVv1tqZdQo6FBKJyF2ue0VNPRBviCrYr
nfoCxH641S+jFztlIu714gx0fdc/2wmWkIOG6LPMgb6+uj/OjUtTs8BFk7SjcWAX
2+Rh+3ylIBmuKP4EpVYa7/WNQCRdxgWvxzKDtJyGpW8rlSMFPy8cAnXsw7nHKwvZ
kreEXGhWkovj1zX9/uzmR3FPWrP6nxxu2NOCNvdQIytfGXmtdz2aiuazCRQ=
-----END CERTIFICATE-----