Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0a00bc02-51a6-4b0c-9420-80ae7a95e322.roa
File:                     0a00bc02-51a6-4b0c-9420-80ae7a95e322.roa (raw, json)
Hash identifier:          gzsF850DQH6/m7R3AoUtKSqCKfYqytu6b6osYEA8rM4=
Subject key identifier:   18:12:C8:57:59:E4:CE:76:FE:5F:1B:20:49:96:36:7E:4D:BC:87:7A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2315F25605999EEAA045B513F6705141FE55CBB9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0a00bc02-51a6-4b0c-9420-80ae7a95e322.roa
Signing time:             Wed 29 Oct 2025 00:50:13 +0000
ROA not before:           Wed 29 Oct 2025 00:50:13 +0000
ROA not after:            Wed 03 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.125.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:15:f2:56:05:99:9e:ea:a0:45:b5:13:f6:70:51:41:fe:55:cb:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 29 00:50:13 2025 GMT
            Not After : Dec  3 23:59:59 2025 GMT
        Subject: serialNumber=a22afdaf0d82ff848b5fc61c28533b9bed740f1215c9f69fd4d6c497304c4b78, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b6:d3:5a:bb:4c:bd:88:be:79:77:3a:0c:5b:
                    de:8c:08:57:bc:67:70:47:d4:14:9b:0f:11:70:6c:
                    54:62:44:c9:ab:62:53:25:3d:d2:6d:87:50:13:46:
                    af:72:0b:e5:5a:fd:cb:67:e5:80:6b:5a:fd:50:9d:
                    23:79:98:fa:3a:d5:b4:fc:7c:10:93:39:07:87:e2:
                    9c:72:d2:e3:6e:60:43:57:de:4d:da:d7:f0:1a:8e:
                    d4:24:b1:35:ae:0c:79:01:56:45:de:97:4f:79:8e:
                    10:52:2a:d5:c6:f4:86:1e:f4:37:a2:32:27:cf:eb:
                    06:80:8f:18:33:f2:5b:e1:e6:6e:76:9d:9e:f1:ae:
                    d0:02:38:f3:bd:97:41:f3:6e:20:f0:f6:ba:fb:13:
                    5a:c3:3a:b8:a4:cb:65:3b:b1:26:11:4b:3c:3e:16:
                    8a:1e:5c:6a:1b:cd:cb:51:a6:15:17:a9:33:2c:d3:
                    72:01:63:57:3a:3e:1a:03:79:a8:fe:31:67:49:27:
                    9d:32:3e:68:8b:2d:4c:6c:83:36:4e:6f:f2:34:19:
                    bd:a0:0c:c6:fe:2f:29:20:4e:f7:31:4c:51:f2:d5:
                    df:ff:72:71:20:16:58:a7:67:e3:29:08:e2:d1:4c:
                    7e:cb:ef:a1:a8:85:e7:3f:f8:7a:5c:13:7d:e2:b7:
                    f0:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:12:C8:57:59:E4:CE:76:FE:5F:1B:20:49:96:36:7E:4D:BC:87:7A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0a00bc02-51a6-4b0c-9420-80ae7a95e322.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:2c:61:34:ed:2a:f1:ca:3b:5a:52:d7:1b:b1:3a:2b:cb:81:
         db:36:c0:44:d7:b0:54:7a:9b:8e:57:ae:2b:0d:90:e3:26:88:
         50:83:e9:0c:68:93:2f:89:57:0a:2a:01:a1:0a:bc:a5:40:77:
         95:f6:e8:26:a3:de:bb:d0:87:47:fd:35:5a:db:2b:c8:7c:b6:
         4a:a7:6d:af:39:f1:52:4a:34:64:96:ef:d6:be:05:e5:e1:65:
         f8:eb:0b:77:4c:e6:9f:18:2f:d3:b9:10:df:17:1e:0d:de:83:
         34:52:70:67:76:7b:36:c7:a0:46:05:7a:ae:1c:ee:42:fe:f8:
         aa:3c:91:e2:2e:ca:60:f4:ed:85:5c:ba:2d:9e:39:46:39:7c:
         7b:49:08:2b:45:11:e0:79:bb:ec:f8:c3:d5:a1:df:d7:88:41:
         91:ef:fc:78:8f:46:47:29:c8:98:62:d9:49:ee:05:89:e8:74:
         f2:d1:98:c0:96:6f:c8:4d:da:38:a5:c6:d8:3a:c7:72:45:10:
         57:fa:d8:08:3f:62:ee:ef:ac:11:e8:fb:a2:a2:0c:9f:f1:47:
         df:83:b3:66:7b:b4:dc:a1:25:2f:26:20:10:a5:58:9c:f1:df:
         2e:57:d5:94:b3:be:fb:ee:9d:ca:c4:d5:6e:52:0f:f4:84:7b:
         41:0d:51:2d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIxXyVgWZnuqgRbUT9nBRQf5Vy7kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI5MDA1MDEzWhcNMjUxMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMjJhZmRhZjBkODJmZjg0OGI1ZmM2MWMyODUzM2I5YmVk
NzQwZjEyMTVjOWY2OWZkNGQ2YzQ5NzMwNGM0Yjc4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcttNau0y9iL55dzoMW96MCFe8Z3BH1BSbDxFwbFRiRMmr
YlMlPdJth1ATRq9yC+Va/ctn5YBrWv1QnSN5mPo61bT8fBCTOQeH4pxy0uNuYENX
3k3a1/AajtQksTWuDHkBVkXel095jhBSKtXG9IYe9DeiMifP6waAjxgz8lvh5m52
nZ7xrtACOPO9l0HzbiDw9rr7E1rDOriky2U7sSYRSzw+FooeXGobzctRphUXqTMs
03IBY1c6PhoDeaj+MWdJJ50yPmiLLUxsgzZOb/I0Gb2gDMb+LykgTvcxTFHy1d//
cnEgFlinZ+MpCOLRTH7L76Gohec/+HpcE33it/CjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGBLIV1nkznb+XxsgSZY2fk28h3owHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBhMDBiYzAyLTUxYTYtNGIwYy05NDIwLTgwYWU3YTk1ZTMyMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/H0wDQYJKoZIhvcNAQELBQADggEBAEAsYTTtKvHKO1pS1xuxOivLgds2
wETXsFR6m45XrisNkOMmiFCD6Qxoky+JVwoqAaEKvKVAd5X26Caj3rvQh0f9NVrb
K8h8tkqnba858VJKNGSW79a+BeXhZfjrC3dM5p8YL9O5EN8XHg3egzRScGd2ezbH
oEYFeq4c7kL++Ko8keIuymD07YVcui2eOUY5fHtJCCtFEeB5u+z4w9Wh39eIQZHv
/HiPRkcpyJhi2UnuBYnodPLRmMCWb8hN2jilxtg6x3JFEFf62Ag/Yu7vrBHo+6Ki
DJ/xR9+Ds2Z7tNyhJS8mIBClWJzx3y5X1ZSzvvvuncrE1W5SD/SEe0ENUS0=
-----END CERTIFICATE-----