Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ffd7718a-d687-49fb-bdcc-c33449661d32.roa
File:                     ffd7718a-d687-49fb-bdcc-c33449661d32.roa (raw, json)
Hash identifier:          pCAr1hca8oVBHjoIZZ+U2SPOdeYRW7ZbTIc8fd/XTK4=
Subject key identifier:   9C:11:9D:33:FB:D3:78:7A:E4:9A:3D:C7:1C:51:E5:C4:CE:FE:97:CD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       52351D95C0276C609CDD234C18F1A0B8055A0EBF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ffd7718a-d687-49fb-bdcc-c33449661d32.roa
Signing time:             Fri 03 Oct 2025 00:40:55 +0000
ROA not before:           Fri 03 Oct 2025 00:40:55 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.79.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:35:1d:95:c0:27:6c:60:9c:dd:23:4c:18:f1:a0:b8:05:5a:0e:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:40:55 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=92aa884bda3930a5663ff6732d9037149ee6e1af9a7c36bdfc2456191dd91f28, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:7f:9d:31:04:38:3b:f8:43:24:e6:ce:b9:d1:
                    75:1e:b9:11:ca:b9:f1:a7:c4:3c:c7:8a:27:3a:b2:
                    42:f2:70:1c:8e:3f:1c:4e:8c:43:71:53:bd:25:27:
                    dd:47:e0:07:b2:8e:fc:78:98:30:0e:0f:12:d6:50:
                    c6:55:6e:31:22:ca:0a:c6:ab:78:d5:80:72:a7:04:
                    51:08:63:c0:a1:92:b7:cd:6a:6d:47:b3:3a:b9:92:
                    5f:d0:11:34:1a:df:d0:4f:d3:04:1a:ac:5d:f6:8f:
                    70:71:16:94:b9:9b:bb:8a:aa:a0:73:44:dc:c1:b4:
                    5f:20:05:b9:44:0f:bc:c0:1a:08:2f:c8:57:dd:d6:
                    51:b1:80:29:9c:2d:d7:e8:67:ad:5b:06:4a:6c:44:
                    e8:64:c2:93:b1:73:f2:33:b9:fb:97:9b:07:a3:a1:
                    2c:07:72:13:21:08:e2:fa:b9:60:36:ac:0c:c4:c6:
                    96:69:7a:71:48:98:b8:18:09:7c:99:5d:da:81:12:
                    33:99:3d:c8:d6:9c:f4:0f:22:98:07:64:6b:20:4d:
                    b3:fb:48:ad:67:fa:38:51:1b:2b:ba:0f:d7:28:e5:
                    22:bb:1a:1d:cf:8e:81:4f:f2:9e:72:61:e5:d9:bb:
                    f3:b9:1e:86:c5:53:e9:cf:5c:9d:81:32:be:af:99:
                    9b:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:11:9D:33:FB:D3:78:7A:E4:9A:3D:C7:1C:51:E5:C4:CE:FE:97:CD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ffd7718a-d687-49fb-bdcc-c33449661d32.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:28:f0:7f:2c:98:d4:e4:fb:82:e1:74:01:4d:39:88:07:60:
         78:ae:ff:8e:f2:20:b5:79:89:0a:75:c1:79:f4:1b:ab:ba:fa:
         77:91:18:71:2a:68:19:7e:48:f5:35:f8:c4:c5:36:9a:94:41:
         34:14:94:a1:c9:78:6f:42:c1:16:01:01:ba:72:9e:58:1a:78:
         db:19:4f:6e:5a:9e:f6:b6:7b:80:e3:90:f3:8f:0c:8b:2a:c3:
         68:ff:1d:2b:33:f2:74:d2:0d:62:14:82:75:f0:fe:6f:fd:4a:
         7a:7f:03:09:6f:46:0a:ba:f1:d5:82:00:73:95:47:c3:a8:54:
         57:4b:e2:56:d2:73:3c:72:cc:e4:3a:f2:fa:12:99:e0:13:28:
         0d:fa:7b:0c:26:12:c6:91:e5:11:0b:e1:dc:05:94:eb:b0:23:
         76:58:f3:b7:bd:9c:8e:ff:eb:d4:e2:f1:cc:e0:ff:a9:0b:21:
         17:42:49:2c:a8:82:c3:53:a8:12:43:16:54:78:c5:c4:bc:3f:
         67:65:8d:96:cd:97:9b:3e:a5:5e:39:98:f2:e1:77:1f:d0:1c:
         84:b7:df:f8:46:f6:4a:60:bd:b4:71:23:15:4a:cf:b6:92:cb:
         53:6f:ad:07:ad:21:5d:44:82:84:4f:a4:63:83:71:f6:c5:a0:
         96:87:66:32
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUjUdlcAnbGCc3SNMGPGguAVaDr8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDA0MDU1WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MmFhODg0YmRhMzkzMGE1NjYzZmY2NzMyZDkwMzcxNDll
ZTZlMWFmOWE3YzM2YmRmYzI0NTYxOTFkZDkxZjI4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3f50xBDg7+EMk5s650XUeuRHKufGnxDzHiic6skLycByO
PxxOjENxU70lJ91H4Aeyjvx4mDAODxLWUMZVbjEiygrGq3jVgHKnBFEIY8ChkrfN
am1Hszq5kl/QETQa39BP0wQarF32j3BxFpS5m7uKqqBzRNzBtF8gBblED7zAGggv
yFfd1lGxgCmcLdfoZ61bBkpsROhkwpOxc/IzufuXmwejoSwHchMhCOL6uWA2rAzE
xpZpenFImLgYCXyZXdqBEjOZPcjWnPQPIpgHZGsgTbP7SK1n+jhRGyu6D9co5SK7
Gh3PjoFP8p5yYeXZu/O5HobFU+nPXJ2BMr6vmZsfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnBGdM/vTeHrkmj3HHFHlxM7+l80wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZmZDc3MThhLWQ2ODctNDlmYi1iZGNjLWMzMzQ0OTY2MWQzMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/E8wDQYJKoZIhvcNAQELBQADggEBAKAo8H8smNTk+4LhdAFNOYgHYHiu
/47yILV5iQp1wXn0G6u6+neRGHEqaBl+SPU1+MTFNpqUQTQUlKHJeG9CwRYBAbpy
nlgaeNsZT25anva2e4DjkPOPDIsqw2j/HSsz8nTSDWIUgnXw/m/9Snp/AwlvRgq6
8dWCAHOVR8OoVFdL4lbSczxyzOQ68voSmeATKA36ewwmEsaR5REL4dwFlOuwI3ZY
87e9nI7/69Ti8czg/6kLIRdCSSyogsNTqBJDFlR4xcS8P2dljZbNl5s+pV45mPLh
dx/QHIS33/hG9kpgvbRxIxVKz7aSy1NvrQetIV1EgoRPpGODcfbFoJaHZjI=
-----END CERTIFICATE-----