Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f8199865-7f35-4980-b711-3a4d02ddaab2.roa
File:                     f8199865-7f35-4980-b711-3a4d02ddaab2.roa (raw, json)
Hash identifier:          y6wbjWMeWuUwXfVXGbVbqZK6sitIdVZKojUk5ILfav4=
Subject key identifier:   90:7F:9D:6C:C1:10:BD:B7:CD:06:C8:EE:84:95:22:9C:D4:08:48:48
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       63F5BA2B3269D5C63E39082D2BD791A0A3924495
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f8199865-7f35-4980-b711-3a4d02ddaab2.roa
Signing time:             Fri 03 Oct 2025 00:02:23 +0000
ROA not before:           Fri 03 Oct 2025 00:02:23 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        198.185.0.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:f5:ba:2b:32:69:d5:c6:3e:39:08:2d:2b:d7:91:a0:a3:92:44:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:02:23 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=9cce81e85dfebe455fd136851b201f5cc4b67ffdb14aa2dd551de7a2a4f1170c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:bc:a0:6d:36:48:55:13:50:db:07:bd:01:8e:
                    ed:98:da:52:e9:99:26:7e:1a:49:c1:05:44:5e:03:
                    9a:88:19:2e:40:c7:28:5d:31:0b:30:41:43:4c:01:
                    44:4e:68:81:f3:c2:b6:a4:0c:77:18:11:5e:92:49:
                    ba:7e:5b:64:83:da:d6:f1:10:1e:32:23:c5:b2:f6:
                    82:03:a9:94:0b:40:23:d7:0c:05:99:df:18:c2:00:
                    cd:82:60:89:81:5c:6b:84:61:f1:a3:15:91:ea:e5:
                    21:6c:af:fa:48:ee:c1:af:9e:ed:28:2f:e6:3f:04:
                    97:b8:56:6d:8c:2b:ec:d4:82:50:e1:46:67:c2:9c:
                    3e:fd:bf:ba:3e:eb:06:b8:94:99:2a:dd:d6:53:0f:
                    8d:27:3c:7b:81:42:5c:48:d2:0a:02:ef:d3:1c:75:
                    f3:a3:7c:ad:17:6a:08:46:b9:c0:ed:11:1f:82:79:
                    82:7a:4d:f6:56:72:e5:4e:f6:50:e5:2c:1b:e1:6b:
                    b3:64:e1:16:41:58:81:3d:0b:d1:6e:de:4e:1b:2b:
                    0f:cd:70:52:b7:7e:ef:f8:78:81:8e:f1:13:08:2b:
                    e7:f7:9d:f8:cf:6e:7a:e3:2f:5a:a2:89:60:d9:c9:
                    f3:98:cc:21:ff:c0:73:93:d8:8e:1a:32:76:72:87:
                    44:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:7F:9D:6C:C1:10:BD:B7:CD:06:C8:EE:84:95:22:9C:D4:08:48:48
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f8199865-7f35-4980-b711-3a4d02ddaab2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.185.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:fd:6e:7c:ae:81:11:13:2d:9b:d7:c4:af:a4:b0:57:c0:50:
         2e:46:9d:f3:26:a9:fe:8c:8a:70:ae:bf:69:04:77:29:82:21:
         de:25:94:7f:36:0f:43:5b:ad:9c:bd:a8:22:29:40:51:7a:94:
         d9:a3:f3:ea:d7:03:44:dc:74:d3:00:9d:df:a0:3b:45:39:01:
         8f:99:74:04:e1:28:b6:4b:7e:6f:6a:d2:fc:cb:8b:ca:63:a8:
         f3:60:93:53:39:73:75:e6:7b:f6:4d:a4:dc:19:a4:6b:09:b6:
         f5:93:03:3c:7a:be:76:cd:eb:7c:db:88:43:e6:00:05:71:9b:
         08:2e:7b:30:65:ab:bb:c2:a2:23:0e:a4:47:70:14:17:69:43:
         7c:44:25:37:9c:64:a4:9d:f5:04:06:8d:5c:43:01:01:6b:af:
         3b:fc:0e:ae:e4:3a:31:e5:b1:4e:0b:cc:9f:3a:4c:0a:9b:06:
         e2:c7:c2:34:27:44:51:14:30:f8:c5:ff:5c:91:e8:4a:d1:f9:
         c9:5f:46:e8:26:3f:1b:31:e3:52:83:fc:2f:59:16:4c:06:33:
         3f:bd:2b:80:7b:74:f5:8b:89:45:73:d6:32:14:fe:f0:96:d6:
         8b:6e:46:3a:cc:0c:c2:9e:2f:4d:93:e8:b8:47:6c:f8:52:00:
         72:a6:53:d1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY/W6KzJp1cY+OQgtK9eRoKOSRJUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDAwMjIzWhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5Y2NlODFlODVkZmViZTQ1NWZkMTM2ODUxYjIwMWY1Y2M0
YjY3ZmZkYjE0YWEyZGQ1NTFkZTdhMmE0ZjExNzBjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDnvKBtNkhVE1DbB70Bju2Y2lLpmSZ+GknBBUReA5qIGS5A
xyhdMQswQUNMAUROaIHzwrakDHcYEV6SSbp+W2SD2tbxEB4yI8Wy9oIDqZQLQCPX
DAWZ3xjCAM2CYImBXGuEYfGjFZHq5SFsr/pI7sGvnu0oL+Y/BJe4Vm2MK+zUglDh
RmfCnD79v7o+6wa4lJkq3dZTD40nPHuBQlxI0goC79McdfOjfK0XaghGucDtER+C
eYJ6TfZWcuVO9lDlLBvha7Nk4RZBWIE9C9Fu3k4bKw/NcFK3fu/4eIGO8RMIK+f3
nfjPbnrjL1qiiWDZyfOYzCH/wHOT2I4aMnZyh0RdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkH+dbMEQvbfNBsjuhJUinNQISEgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y4MTk5ODY1LTdmMzUtNDk4MC1iNzExLTNhNGQwMmRkYWFiMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBALGuQAwDQYJKoZIhvcNAQELBQADggEBACv9bnyugRETLZvXxK+ksFfAUC5G
nfMmqf6MinCuv2kEdymCId4llH82D0NbrZy9qCIpQFF6lNmj8+rXA0TcdNMAnd+g
O0U5AY+ZdAThKLZLfm9q0vzLi8pjqPNgk1M5c3Xme/ZNpNwZpGsJtvWTAzx6vnbN
63zbiEPmAAVxmwguezBlq7vCoiMOpEdwFBdpQ3xEJTecZKSd9QQGjVxDAQFrrzv8
Dq7kOjHlsU4LzJ86TAqbBuLHwjQnRFEUMPjF/1yR6ErR+clfRugmPxsx41KD/C9Z
FkwGMz+9K4B7dPWLiUVz1jIU/vCW1otuRjrMDMKeL02T6LhHbPhSAHKmU9E=
-----END CERTIFICATE-----