Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ff87e530-4ce1-4f6d-a3bd-16282ceb3920.roa
File:                     ff87e530-4ce1-4f6d-a3bd-16282ceb3920.roa (raw, json)
Hash identifier:          +UQ3tV0wm179CO2DujzY7Z/OEcAp906//50QQRvoGHc=
Subject key identifier:   74:02:50:E4:8B:27:62:82:E4:ED:32:86:40:5F:5A:E1:E7:F4:87:6F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2F9B440C34C7A94A9EDE4930C2619D1954D46AB6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ff87e530-4ce1-4f6d-a3bd-16282ceb3920.roa
Signing time:             Sat 27 Sep 2025 00:13:05 +0000
ROA not before:           Sat 27 Sep 2025 00:13:05 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        32.172.0.0/14 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:9b:44:0c:34:c7:a9:4a:9e:de:49:30:c2:61:9d:19:54:d4:6a:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 27 00:13:05 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=94d21089a18e91a7611378d310b05126b737ca174a4763cceee097cb85f18292, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:d6:c7:22:ca:c6:6a:9a:ce:59:46:de:3f:e5:
                    07:93:cc:92:d0:e1:bd:84:1c:0c:e6:f1:28:b4:9b:
                    e2:96:2e:8b:8a:50:80:12:8d:d0:c1:1c:da:3c:f9:
                    ed:c2:cb:d6:ad:82:b8:cb:4e:fc:aa:62:64:f9:4d:
                    09:99:72:5e:a0:8b:9c:b7:ad:44:6e:0e:9d:b9:8a:
                    b6:a6:45:5f:78:d3:90:0f:0c:be:49:9f:a0:82:00:
                    c1:cd:f1:ec:98:0c:25:fc:ce:cf:f9:bc:f1:17:dd:
                    9a:85:d0:9d:55:ec:3e:61:ed:9d:89:0f:b1:af:2d:
                    f5:e0:c8:44:af:29:d5:a3:2c:6c:0f:9a:fc:95:11:
                    10:7f:dd:40:63:fc:f1:b5:9b:81:68:5b:3d:82:ff:
                    e7:96:58:ba:86:dc:7a:cf:03:94:57:ca:5d:76:cc:
                    3b:59:35:96:10:57:01:90:14:3e:93:b3:80:18:57:
                    7c:91:1f:3f:19:22:a5:d7:38:cb:10:7c:3b:20:bb:
                    31:a2:64:d2:30:be:93:fa:b1:ca:7b:bc:26:71:a2:
                    de:ca:c4:ba:24:fd:26:8e:c6:b6:7f:61:34:c5:19:
                    bb:55:a1:ae:40:26:47:65:d7:98:82:d9:e5:0b:e3:
                    5e:29:c9:79:63:2b:35:e5:d7:90:b2:39:87:58:8c:
                    38:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:02:50:E4:8B:27:62:82:E4:ED:32:86:40:5F:5A:E1:E7:F4:87:6F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ff87e530-4ce1-4f6d-a3bd-16282ceb3920.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  32.172.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         a0:ef:e4:bd:98:b2:c7:fd:d6:6a:9c:15:41:1d:cf:5f:08:ff:
         18:b1:2d:1b:46:67:09:8c:cd:99:c0:2f:a2:1e:d6:ff:bc:02:
         8d:4c:11:91:fb:a6:96:fc:cd:21:0b:84:84:e6:a6:27:c4:da:
         d3:39:1d:0e:46:0b:b7:b2:ae:68:f2:14:d2:c0:a1:a5:01:45:
         64:da:38:9b:03:06:36:53:80:17:69:f0:4e:e7:44:43:f2:38:
         7b:2f:37:7c:de:b1:e2:96:8c:94:ca:69:3d:fe:8a:2f:80:40:
         49:cf:b8:5c:c7:1c:e7:f3:bd:35:35:e2:53:ab:6e:f3:ca:e1:
         31:6e:45:63:e7:8a:8c:6d:42:01:c6:bd:d4:11:bc:71:dd:12:
         89:2b:5e:28:da:73:6c:b5:a8:f0:24:ec:23:9d:b3:51:a6:6b:
         0f:c7:57:1c:7a:40:08:31:ca:1f:57:b0:34:a5:81:12:b9:3a:
         c3:32:6d:60:9e:d8:fc:bd:e9:1c:c5:ff:d6:e1:e3:7b:46:de:
         6c:08:83:72:47:f0:d1:4f:d2:4c:fb:39:02:89:32:e4:a0:72:
         30:2a:38:d0:75:9b:f3:63:5f:2e:48:8c:c8:4c:3c:91:d7:59:
         4e:26:f9:33:41:ad:82:13:4a:04:0a:dd:c8:f2:1e:d3:6e:ae:
         a7:db:33:44
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUL5tEDDTHqUqe3kkwwmGdGVTUarYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI3MDAxMzA1WhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NGQyMTA4OWExOGU5MWE3NjExMzc4ZDMxMGIwNTEyNmI3
MzdjYTE3NGE0NzYzY2NlZWUwOTdjYjg1ZjE4MjkyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDm1sciysZqms5ZRt4/5QeTzJLQ4b2EHAzm8Si0m+KWLouK
UIASjdDBHNo8+e3Cy9atgrjLTvyqYmT5TQmZcl6gi5y3rURuDp25iramRV9405AP
DL5Jn6CCAMHN8eyYDCX8zs/5vPEX3ZqF0J1V7D5h7Z2JD7GvLfXgyESvKdWjLGwP
mvyVERB/3UBj/PG1m4FoWz2C/+eWWLqG3HrPA5RXyl12zDtZNZYQVwGQFD6Ts4AY
V3yRHz8ZIqXXOMsQfDsguzGiZNIwvpP6scp7vCZxot7KxLok/SaOxrZ/YTTFGbtV
oa5AJkdl15iC2eUL414pyXljKzXl15CyOYdYjDh/AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUdAJQ5IsnYoLk7TKGQF9a4ef0h28wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZmODdlNTMwLTRjZTEtNGY2ZC1hM2JkLTE2MjgyY2ViMzkyMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwIgrDANBgkqhkiG9w0BAQsFAAOCAQEAoO/kvZiyx/3WapwVQR3PXwj/GLEt
G0ZnCYzNmcAvoh7W/7wCjUwRkfumlvzNIQuEhOamJ8Ta0zkdDkYLt7KuaPIU0sCh
pQFFZNo4mwMGNlOAF2nwTudEQ/I4ey83fN6x4paMlMppPf6KL4BASc+4XMcc5/O9
NTXiU6tu88rhMW5FY+eKjG1CAca91BG8cd0SiSteKNpzbLWo8CTsI52zUaZrD8dX
HHpACDHKH1ewNKWBErk6wzJtYJ7Y/L3pHMX/1uHje0bebAiDckfw0U/STPs5Aoky
5KByMCo40HWb82NfLkiMyEw8kddZTib5M0GtghNKBArdyPIe026up9szRA==
-----END CERTIFICATE-----