Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03003920-cbea-43f1-870c-84e084be150a.roa
File:                     03003920-cbea-43f1-870c-84e084be150a.roa (raw, json)
Hash identifier:          8lmGEBHur1qafg13BsGQsIABf/AWcWlRsxPV6jNxWLI=
Subject key identifier:   89:96:E3:9F:50:27:80:3A:7E:02:7A:FE:07:58:EE:00:68:39:0B:88
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       59BBE636B540123179E9A4AFCB1D2074B64999FF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03003920-cbea-43f1-870c-84e084be150a.roa
Signing time:             Wed 22 Oct 2025 00:01:47 +0000
ROA not before:           Wed 22 Oct 2025 00:01:47 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.101.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:bb:e6:36:b5:40:12:31:79:e9:a4:af:cb:1d:20:74:b6:49:99:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:01:47 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=686f4b760098e176283173e9fbfe262fb1c11be4199b0ece746f5fc793044957, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:76:80:55:0c:26:86:a6:27:42:d9:ef:56:52:
                    cc:36:b1:1f:5c:fe:df:2f:65:87:b1:a7:3a:45:93:
                    9a:b9:63:2e:f4:66:4e:fc:a4:7a:4d:96:dc:5c:e5:
                    c5:29:dc:80:36:9e:29:3e:eb:af:a1:fd:03:57:a7:
                    c2:e2:b5:dd:31:bb:e5:6c:c0:d9:fc:9d:2c:0c:97:
                    a0:6b:c3:09:ac:d5:ea:2e:a6:89:d1:a7:4f:04:cb:
                    8e:1c:ca:7d:f4:6a:72:80:1e:71:7f:2c:3e:95:dd:
                    0b:7d:c0:a9:05:b6:e2:8e:27:54:50:36:9a:ea:25:
                    17:9a:01:57:82:27:0f:d9:7b:46:43:52:81:96:91:
                    73:dd:8d:48:68:3c:b4:74:47:04:e1:22:43:fd:13:
                    2b:3d:ad:8f:b5:aa:29:8a:dd:d7:c1:43:3c:59:ec:
                    45:e2:10:7f:f1:1b:9f:08:2d:8d:4a:49:ab:51:4f:
                    75:61:f9:6d:2a:cc:8d:e4:ed:39:bb:1e:f7:25:85:
                    5e:5c:bd:c5:36:cb:5e:fe:2c:23:52:95:25:6f:d2:
                    4b:28:c2:4e:54:86:17:d8:45:3b:68:cd:8a:f2:25:
                    b0:88:4f:42:02:37:ea:d3:f1:93:0a:b2:63:99:44:
                    3c:37:a8:08:64:b7:05:da:97:49:05:5f:4e:6f:56:
                    52:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:96:E3:9F:50:27:80:3A:7E:02:7A:FE:07:58:EE:00:68:39:0B:88
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03003920-cbea-43f1-870c-84e084be150a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:c9:fb:07:52:99:ad:4e:f8:be:8c:7c:43:08:6c:b8:84:27:
         e5:24:fc:09:0c:71:8e:13:5f:f3:f7:7d:92:36:ac:97:36:28:
         55:1b:93:c3:e1:52:e5:2c:41:37:b8:03:15:6e:9c:0d:52:49:
         12:3a:86:e0:36:a0:e9:d2:d3:2d:8a:90:84:80:2b:01:c6:e1:
         61:87:99:86:73:9a:56:59:38:cd:5a:d8:dd:0d:53:ad:d7:a3:
         cc:b0:10:83:c9:2b:c0:a3:6c:38:52:c9:b4:73:7c:40:ed:07:
         d4:37:04:d4:90:3b:a4:54:77:22:f2:44:32:44:1c:f7:91:a7:
         58:88:bb:e0:c1:ee:25:4d:36:d1:20:1b:fb:19:03:07:18:38:
         0b:9c:37:7d:87:58:16:06:f5:b2:f3:38:79:ef:4a:81:a3:47:
         18:d9:62:10:96:e9:25:6e:65:c1:c5:9f:80:45:a3:db:d3:f0:
         f5:2b:ef:78:66:df:06:36:c8:ce:49:9c:e3:a6:2d:ea:87:6f:
         7d:d9:1f:e1:b1:ef:01:b1:e3:47:63:80:d5:48:e8:8e:f8:35:
         91:7a:85:cb:cb:a2:f0:3c:39:ab:01:ae:19:f7:3f:cd:d8:df:
         48:08:15:84:9d:fc:fb:76:e6:9f:76:e7:b6:e8:fe:75:3e:ae:
         43:f5:a2:b2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWbvmNrVAEjF56aSvyx0gdLZJmf8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAwMTQ3WhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ODZmNGI3NjAwOThlMTc2MjgzMTczZTlmYmZlMjYyZmIx
YzExYmU0MTk5YjBlY2U3NDZmNWZjNzkzMDQ0OTU3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbdoBVDCaGpidC2e9WUsw2sR9c/t8vZYexpzpFk5q5Yy70
Zk78pHpNltxc5cUp3IA2nik+66+h/QNXp8Litd0xu+VswNn8nSwMl6Brwwms1eou
ponRp08Ey44cyn30anKAHnF/LD6V3Qt9wKkFtuKOJ1RQNprqJReaAVeCJw/Ze0ZD
UoGWkXPdjUhoPLR0RwThIkP9Eys9rY+1qimK3dfBQzxZ7EXiEH/xG58ILY1KSatR
T3Vh+W0qzI3k7Tm7HvclhV5cvcU2y17+LCNSlSVv0ksowk5UhhfYRTtozYryJbCI
T0ICN+rT8ZMKsmOZRDw3qAhktwXal0kFX05vVlIRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiZbjn1AngDp+Anr+B1juAGg5C4gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAzMDAzOTIwLWNiZWEtNDNmMS04NzBjLTg0ZTA4NGJlMTUwYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/GUwDQYJKoZIhvcNAQELBQADggEBABnJ+wdSma1O+L6MfEMIbLiEJ+Uk
/AkMcY4TX/P3fZI2rJc2KFUbk8PhUuUsQTe4AxVunA1SSRI6huA2oOnS0y2KkISA
KwHG4WGHmYZzmlZZOM1a2N0NU63Xo8ywEIPJK8CjbDhSybRzfEDtB9Q3BNSQO6RU
dyLyRDJEHPeRp1iIu+DB7iVNNtEgG/sZAwcYOAucN32HWBYG9bLzOHnvSoGjRxjZ
YhCW6SVuZcHFn4BFo9vT8PUr73hm3wY2yM5JnOOmLeqHb33ZH+Gx7wGx40djgNVI
6I74NZF6hcvLovA8OasBrhn3P83Y30gIFYSd/Pt25p9257bo/nU+rkP1orI=
-----END CERTIFICATE-----