Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/07008d8d-f039-461c-be80-d42cb304abe4.roa
File:                     07008d8d-f039-461c-be80-d42cb304abe4.roa (raw, json)
Hash identifier:          TJkTKZ8a894KBpeQETmaTwHA9T0GhnKHw1DpNVIrNVA=
Subject key identifier:   54:74:B8:A0:77:AE:8A:AA:24:D1:D6:38:0C:AD:07:4D:2D:F6:C7:61
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6BF1C1BCDFF98740263435222300925ED1A18A81
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/07008d8d-f039-461c-be80-d42cb304abe4.roa
Signing time:             Sun 26 Oct 2025 00:00:04 +0000
ROA not before:           Sun 26 Oct 2025 00:00:04 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.20.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:f1:c1:bc:df:f9:87:40:26:34:35:22:23:00:92:5e:d1:a1:8a:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 00:00:04 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=722e1d6a263f0778e24ec396d18c93091f8f454f8acf20b7234be236d77c4f52, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:87:f4:a8:5f:81:de:cb:2b:b7:ba:be:4e:92:
                    7d:cc:ba:fa:86:70:d6:70:b8:81:12:a9:20:5f:19:
                    ab:17:da:09:28:02:e0:12:49:ad:07:b7:71:66:9e:
                    9f:f9:4b:5d:8b:d2:79:f3:16:a0:a0:2a:af:04:22:
                    e5:1e:cd:ca:c9:16:7c:5d:fe:13:6e:9c:9a:3e:e5:
                    6c:b0:40:f9:4b:97:8c:77:c2:21:c2:97:0c:e3:e7:
                    b8:e0:b7:e3:b5:ed:2e:f0:9d:2f:25:a0:98:ee:a7:
                    51:4c:34:ae:a6:25:c8:fd:4e:b8:e2:de:74:cb:45:
                    3e:15:c3:89:1a:c7:34:dc:b7:02:0a:5c:9e:25:0e:
                    b4:10:49:7d:99:46:67:7e:d6:42:63:68:6e:f7:50:
                    12:23:ea:a5:df:a3:3d:b1:3b:66:71:a4:18:9f:0f:
                    d5:2a:21:2e:05:59:28:fc:8f:0c:83:e2:cb:08:08:
                    d0:4e:2b:97:d6:52:af:41:9d:74:68:ab:a1:aa:11:
                    81:3a:a3:48:44:3e:22:26:10:7c:25:19:98:f7:70:
                    8b:bb:cd:2d:47:ce:b3:a1:d3:34:de:9b:a7:20:0b:
                    75:7a:20:99:97:63:08:8c:95:4e:55:e9:83:2f:9a:
                    53:c2:60:eb:95:44:9d:f2:6e:c9:19:eb:ed:21:24:
                    20:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:74:B8:A0:77:AE:8A:AA:24:D1:D6:38:0C:AD:07:4D:2D:F6:C7:61
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/07008d8d-f039-461c-be80-d42cb304abe4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.20.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         36:3b:48:92:34:51:c7:b4:97:33:48:15:87:84:b9:78:9a:1d:
         b7:74:3b:56:77:f4:84:ea:08:84:cd:50:88:9e:00:bb:01:f7:
         bf:ed:ed:a9:e8:d7:01:f8:ef:8d:19:7a:19:e3:d8:df:8e:6f:
         0d:a0:c6:9b:9c:e3:3c:7d:54:70:4d:21:06:8b:c1:45:57:85:
         d5:22:4e:68:04:30:81:e6:48:37:4c:3d:b1:61:8f:53:f2:cc:
         a0:16:c7:6e:e8:92:55:1b:f5:92:8b:79:ec:ab:89:01:72:2f:
         5b:e6:3c:ed:83:63:cc:3e:4d:fe:f3:e9:5e:57:32:08:36:ec:
         d6:80:c2:b6:c7:10:5f:79:df:b8:f3:d3:89:b4:57:29:05:78:
         f5:92:b1:2c:e4:64:18:bf:b0:f2:4c:2d:c9:0d:00:ff:3f:d7:
         36:14:2f:9e:d9:60:8c:dc:12:c2:78:5b:fd:90:0c:0c:eb:61:
         c3:1e:c5:b4:81:12:f2:39:89:0f:b3:66:7f:8b:9b:fa:ba:5a:
         3a:06:99:70:2c:3b:73:b4:c1:ce:82:8e:2d:24:73:11:d3:9f:
         8d:09:1a:f5:ed:94:1c:22:91:af:6a:42:a5:40:a2:d7:d2:97:
         41:10:8d:5b:32:00:64:c2:50:14:1e:36:ba:e4:44:7f:52:32:
         9d:d0:46:4f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUa/HBvN/5h0AmNDUiIwCSXtGhioEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDAwMDA0WhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3MjJlMWQ2YTI2M2YwNzc4ZTI0ZWMzOTZkMThjOTMwOTFm
OGY0NTRmOGFjZjIwYjcyMzRiZTIzNmQ3N2M0ZjUyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCah/SoX4Heyyu3ur5Okn3MuvqGcNZwuIESqSBfGasX2gko
AuASSa0Ht3Fmnp/5S12L0nnzFqCgKq8EIuUezcrJFnxd/hNunJo+5WywQPlLl4x3
wiHClwzj57jgt+O17S7wnS8loJjup1FMNK6mJcj9Trji3nTLRT4Vw4kaxzTctwIK
XJ4lDrQQSX2ZRmd+1kJjaG73UBIj6qXfoz2xO2ZxpBifD9UqIS4FWSj8jwyD4ssI
CNBOK5fWUq9BnXRoq6GqEYE6o0hEPiImEHwlGZj3cIu7zS1HzrOh0zTem6cgC3V6
IJmXYwiMlU5V6YMvmlPCYOuVRJ3ybskZ6+0hJCAFAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUVHS4oHeuiqok0dY4DK0HTS32x2EwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA3MDA4ZDhkLWYwMzktNDYxYy1iZTgwLWQ0MmNiMzA0YWJlNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwE2FDANBgkqhkiG9w0BAQsFAAOCAQEANjtIkjRRx7SXM0gVh4S5eJodt3Q7
Vnf0hOoIhM1QiJ4AuwH3v+3tqejXAfjvjRl6GePY345vDaDGm5zjPH1UcE0hBovB
RVeF1SJOaAQwgeZIN0w9sWGPU/LMoBbHbuiSVRv1kot57KuJAXIvW+Y87YNjzD5N
/vPpXlcyCDbs1oDCtscQX3nfuPPTibRXKQV49ZKxLORkGL+w8kwtyQ0A/z/XNhQv
ntlgjNwSwnhb/ZAMDOthwx7FtIES8jmJD7Nmf4ub+rpaOgaZcCw7c7TBzoKOLSRz
EdOfjQka9e2UHCKRr2pCpUCi19KXQRCNWzIAZMJQFB42uuREf1IyndBGTw==
-----END CERTIFICATE-----