Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ba48806-c985-4d6d-bd00-180947f864e0.roa
File:                     2ba48806-c985-4d6d-bd00-180947f864e0.roa (raw, json)
Hash identifier:          mERaepfMrYR2MsTKkWwqmOI8Fn/7o9HqAFhL/uvm8po=
Subject key identifier:   02:6F:72:A3:B4:63:35:55:8D:51:19:EF:18:13:52:39:30:41:F1:20
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       61783AB7356821CAF96532299C1009B39A5A2115
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ba48806-c985-4d6d-bd00-180947f864e0.roa
Signing time:             Wed 05 Nov 2025 00:40:07 +0000
ROA not before:           Wed 05 Nov 2025 00:40:07 +0000
ROA not after:            Wed 10 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.190.92.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:78:3a:b7:35:68:21:ca:f9:65:32:29:9c:10:09:b3:9a:5a:21:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  5 00:40:07 2025 GMT
            Not After : Dec 10 23:59:59 2025 GMT
        Subject: serialNumber=efd4b6c38febe29470d3bf3a28b45a6d49b1552ecfa1ded82e6b5f9e8a36bdec, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:75:05:37:98:eb:c8:bc:cb:11:f6:65:63:fa:
                    a8:0b:9b:c3:1c:32:f6:86:c2:60:b1:15:ea:c2:5f:
                    20:50:84:30:dd:3a:76:dc:75:30:9e:a7:af:50:49:
                    cf:e6:fa:39:6a:41:30:6a:e0:d4:eb:3c:fb:e8:92:
                    19:ac:14:5c:53:dc:9e:77:7f:4d:d7:52:e9:62:0f:
                    e1:aa:85:a0:d8:48:f5:dc:09:ca:15:9b:28:ca:2e:
                    73:2c:cd:43:81:95:fb:59:06:8d:0b:7d:1c:22:0d:
                    5a:91:a5:2e:76:b4:19:03:58:63:bf:b2:d6:65:2b:
                    30:ef:0a:a7:74:96:f3:06:e2:10:62:81:6b:f1:04:
                    d4:b0:b1:88:71:73:7f:9a:47:fc:cc:23:99:b0:60:
                    9c:f4:ca:d0:4c:08:61:01:6d:25:13:1f:9d:c2:bf:
                    b9:d6:99:b4:eb:8d:5e:8d:14:a0:64:4c:36:f3:b1:
                    dd:c5:b1:9c:ae:43:e2:14:92:5f:54:95:cd:8d:cd:
                    9f:c9:81:ec:c0:7d:46:7b:1c:be:78:03:b9:cb:6a:
                    20:1d:4c:f0:b8:8a:cc:8f:e8:fe:d5:ca:9c:23:f4:
                    68:8b:ea:8d:66:8c:4c:f2:9d:68:7a:b8:1e:45:a9:
                    60:94:d5:bd:48:6d:58:3a:9f:e1:7b:b9:a5:7e:22:
                    a0:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:6F:72:A3:B4:63:35:55:8D:51:19:EF:18:13:52:39:30:41:F1:20
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ba48806-c985-4d6d-bd00-180947f864e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.190.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:8e:07:18:10:40:8e:db:3f:ef:34:44:d5:3b:6c:3b:73:70:
         ff:50:20:3b:96:c9:b0:6f:f1:60:23:dd:a5:b3:5b:48:4e:c3:
         ab:52:3d:e0:5a:c2:4b:54:dd:ee:71:18:e3:0d:50:27:d6:d1:
         34:0b:7c:00:de:e8:05:8c:eb:37:f0:1f:0f:e0:da:d9:d7:26:
         43:13:04:06:69:e3:86:cf:2d:09:25:a0:7e:24:2d:71:49:61:
         5e:13:02:af:62:1b:1d:24:e0:90:13:1d:88:59:39:67:84:ce:
         63:99:cc:31:f2:7f:40:b4:de:14:76:48:25:60:aa:b1:18:a2:
         ad:29:9c:b0:48:71:11:3d:38:b2:f8:d4:5e:b3:dc:0c:9f:fc:
         d7:c1:c2:27:c8:35:f6:30:e0:11:69:a9:f6:df:f6:e9:71:f5:
         14:e4:ef:d2:7c:95:6d:f3:a5:63:d6:b6:9b:a4:1a:8b:29:4f:
         61:bc:6b:50:ec:be:40:b3:b3:31:be:7b:d6:09:ee:aa:4a:95:
         27:2d:7d:8a:fc:e8:bf:d2:03:bd:23:99:ae:17:6c:a8:71:83:
         e3:f6:6c:10:84:0c:91:e7:74:3e:7b:5c:e9:f4:e8:2d:d4:27:
         de:02:1f:24:eb:d5:5c:12:89:5a:0f:d1:4e:37:f2:63:dc:95:
         28:3d:cc:12
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYXg6tzVoIcr5ZTIpnBAJs5paIRUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA1MDA0MDA3WhcNMjUxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZmQ0YjZjMzhmZWJlMjk0NzBkM2JmM2EyOGI0NWE2ZDQ5
YjE1NTJlY2ZhMWRlZDgyZTZiNWY5ZThhMzZiZGVjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSdQU3mOvIvMsR9mVj+qgLm8McMvaGwmCxFerCXyBQhDDd
OnbcdTCep69QSc/m+jlqQTBq4NTrPPvokhmsFFxT3J53f03XUuliD+GqhaDYSPXc
CcoVmyjKLnMszUOBlftZBo0LfRwiDVqRpS52tBkDWGO/stZlKzDvCqd0lvMG4hBi
gWvxBNSwsYhxc3+aR/zMI5mwYJz0ytBMCGEBbSUTH53Cv7nWmbTrjV6NFKBkTDbz
sd3FsZyuQ+IUkl9Ulc2NzZ/JgezAfUZ7HL54A7nLaiAdTPC4isyP6P7Vypwj9GiL
6o1mjEzynWh6uB5FqWCU1b1IbVg6n+F7uaV+IqCFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAm9yo7RjNVWNURnvGBNSOTBB8SAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJiYTQ4ODA2LWM5ODUtNGQ2ZC1iZDAwLTE4MDk0N2Y4NjRlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJAvlwwDQYJKoZIhvcNAQELBQADggEBAACOBxgQQI7bP+80RNU7bDtzcP9Q
IDuWybBv8WAj3aWzW0hOw6tSPeBawktU3e5xGOMNUCfW0TQLfADe6AWM6zfwHw/g
2tnXJkMTBAZp44bPLQkloH4kLXFJYV4TAq9iGx0k4JATHYhZOWeEzmOZzDHyf0C0
3hR2SCVgqrEYoq0pnLBIcRE9OLL41F6z3Ayf/NfBwifINfYw4BFpqfbf9ulx9RTk
79J8lW3zpWPWtpukGospT2G8a1DsvkCzszG+e9YJ7qpKlSctfYr86L/SA70jma4X
bKhxg+P2bBCEDJHndD57XOn06C3UJ94CHyTr1VwSiVoP0U438mPclSg9zBI=
-----END CERTIFICATE-----