Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/26191af3-5d36-4e52-a2b7-00dda51fdbff.roa
File:                     26191af3-5d36-4e52-a2b7-00dda51fdbff.roa (raw, json)
Hash identifier:          gPAJnd9TDhnY8Tpf9MsaoMwoJ+/L9j+G+vuTjmYvPTE=
Subject key identifier:   03:34:F8:96:B7:CE:0C:3C:A1:72:96:A6:2F:42:0E:E2:E8:28:85:CF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       35EA5714F0FBAFA8839284229B40455D937BB4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/26191af3-5d36-4e52-a2b7-00dda51fdbff.roa
Signing time:             Wed 22 Oct 2025 00:20:06 +0000
ROA not before:           Wed 22 Oct 2025 00:20:06 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     6167
IP address blocks:        162.208.122.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:ea:57:14:f0:fb:af:a8:83:92:84:22:9b:40:45:5d:93:7b:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:20:06 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=c445004d82e9f86d4099fd2c12586a42179bd26f57a99038a43dca44327bb4e6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:07:08:09:4c:3d:b0:0d:e2:b2:ee:31:b5:3d:
                    b2:ef:c4:f7:f0:9e:61:c2:a3:6b:13:22:2e:2a:2c:
                    3d:90:c8:14:e3:fa:01:21:05:97:69:a5:4f:0c:1b:
                    09:1f:7f:e8:9a:cf:ac:6d:d6:d8:0a:70:26:41:fe:
                    9a:60:59:bb:22:20:c3:c0:ce:d8:7d:e2:ef:60:43:
                    4d:1d:c2:f5:ae:3a:5b:b9:86:6e:3b:0a:a8:24:df:
                    5f:9b:e1:c7:9d:f9:25:e6:29:c0:0c:31:2e:c6:b6:
                    fa:15:6e:4e:3c:0a:9c:e7:37:7a:8a:6e:53:bc:06:
                    6b:47:b3:e1:96:2a:46:9d:c4:92:91:39:8d:1c:05:
                    08:e6:53:c7:5a:b1:d6:2c:05:c6:a6:4b:82:fc:83:
                    c5:18:f7:e6:ed:c7:33:49:38:c2:ab:dc:3d:30:bb:
                    17:10:ac:a6:45:52:4c:8c:40:53:06:eb:26:b9:b1:
                    be:11:fb:59:24:30:fc:2f:29:21:37:0c:cc:e3:cb:
                    8c:28:f0:3b:cf:e0:1b:91:24:fc:58:7b:30:af:de:
                    6e:f7:7a:3b:06:94:8e:c7:fe:01:a9:29:1e:95:4e:
                    99:41:d4:a9:85:74:71:4d:9c:64:67:79:ab:67:38:
                    d0:6e:d3:a3:5c:e0:29:fa:37:f0:2f:f4:ae:68:9c:
                    5a:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:34:F8:96:B7:CE:0C:3C:A1:72:96:A6:2F:42:0E:E2:E8:28:85:CF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/26191af3-5d36-4e52-a2b7-00dda51fdbff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.208.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:08:e4:ca:dd:4b:53:96:78:4c:51:1b:74:25:88:09:ab:75:
         82:37:2f:10:81:ce:da:7e:3e:be:a6:fd:99:6c:52:78:1a:8d:
         cf:49:97:1f:71:8e:14:a2:44:8a:7c:a5:0b:8d:7e:7e:88:08:
         0b:ea:f6:18:3d:cf:43:6d:f1:9b:09:f2:5f:33:d8:23:90:cc:
         a0:26:2b:b6:70:f8:6f:01:5a:d0:9f:71:28:0f:7f:6e:f3:a4:
         44:e7:d7:fd:53:11:38:2a:3e:9e:c2:86:fc:9c:43:04:61:8e:
         47:8f:5a:3c:5a:a2:cc:a2:5c:cc:f3:7b:36:5f:11:7a:fd:4e:
         59:a5:6a:ad:aa:f0:bc:18:b6:22:a2:5b:91:72:69:56:98:37:
         68:b8:ce:20:35:45:33:43:2f:2a:ea:a4:f2:94:e3:41:6f:f7:
         40:26:cf:3a:f1:b5:f8:74:ad:06:e7:d1:b7:26:e6:73:89:d7:
         65:20:d8:fe:de:7f:a4:08:0a:d0:ef:cd:57:14:03:aa:1c:6c:
         20:f9:eb:9a:bc:e6:1e:45:53:8e:98:12:3c:a5:fd:1d:64:ad:
         cc:36:df:52:02:12:b5:82:d7:9d:22:a7:07:ea:2d:10:e5:2c:
         53:ef:44:58:79:9f:c0:f8:bd:ec:be:2a:c7:70:fc:00:1a:4d:
         cf:28:c3:59
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITNepXFPD7r6iDkoQim0BFXZN7tDANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzI2ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAxOGQ0MmJlMzU4ZWIz
NzEwN2RiZThjYjcxZDBhNzAeFw0yNTEwMjIwMDIwMDZaFw0yNTExMjYyMzU5NTla
MHoxSTBHBgNVBAUTQGM0NDUwMDRkODJlOWY4NmQ0MDk5ZmQyYzEyNTg2YTQyMTc5
YmQyNmY1N2E5OTAzOGE0M2RjYTQ0MzI3YmI0ZTYxLTArBgNVBAMTJGIyNWM5NzBm
LWQ4MTMtNDQ1Yy1iZmUyLTYyNjY4NTE4Yzg3ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALsHCAlMPbAN4rLuMbU9su/E9/CeYcKjaxMiLiosPZDIFOP6
ASEFl2mlTwwbCR9/6JrPrG3W2ApwJkH+mmBZuyIgw8DO2H3i72BDTR3C9a46W7mG
bjsKqCTfX5vhx535JeYpwAwxLsa2+hVuTjwKnOc3eopuU7wGa0ez4ZYqRp3EkpE5
jRwFCOZTx1qx1iwFxqZLgvyDxRj35u3HM0k4wqvcPTC7FxCspkVSTIxAUwbrJrmx
vhH7WSQw/C8pITcMzOPLjCjwO8/gG5Ek/Fh7MK/ebvd6OwaUjsf+AakpHpVOmUHU
qYV0cU2cZGd5q2c40G7To1zgKfo38C/0rmicWvsCAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBQDNPiWt84MPKFylqYvQg7i6CiFzzAfBgNVHSMEGDAWgBQQXdeNVXhAq0Nd
vRUhII8p+kk/rjAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzFiYTMwMmI4LThk
YWItNDkxZC1iOWVkLWQ3YzkyZDAzMGQ4Mi82ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAx
OGQ0MmJlMzU4ZWIzNzEwN2RiZThjYjcxZDBhNy5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8yMGFhMzI5Yi1mYzUyLTRjNjEtYmY1My0wOTcy
NWMwNDI5NDIvMjYxOTFhZjMtNWQzNi00ZTUyLWEyYjctMDBkZGE1MWZkYmZmLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMt
MDk3MjVjMDQyOTQyL19xeDNSSjhCalVLLU5ZNnpjUWZiNk10eDBLYy5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAKLQejANBgkqhkiG9w0BAQsFAAOCAQEARwjkyt1LU5Z4TFEbdCWICat1gjcv
EIHO2n4+vqb9mWxSeBqNz0mXH3GOFKJEinylC41+fogIC+r2GD3PQ23xmwnyXzPY
I5DMoCYrtnD4bwFa0J9xKA9/bvOkROfX/VMROCo+nsKG/JxDBGGOR49aPFqizKJc
zPN7Nl8Rev1OWaVqrarwvBi2IqJbkXJpVpg3aLjOIDVFM0MvKuqk8pTjQW/3QCbP
OvG1+HStBufRtybmc4nXZSDY/t5/pAgK0O/NVxQDqhxsIPnrmrzmHkVTjpgSPKX9
HWStzDbfUgIStYLXnSKnB+otEOUsU+9EWHmfwPi97L4qx3D8ABpNzyjDWQ==
-----END CERTIFICATE-----