Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3c1cfdde-5505-4973-8a61-33c56b97592b.roa
File:                     3c1cfdde-5505-4973-8a61-33c56b97592b.roa (raw, json)
Hash identifier:          kar/dJNCaVdfYAi+M33HLHkqrPH3XfFSN4qUhHITVx0=
Subject key identifier:   F7:5B:39:69:82:4D:24:12:A9:53:52:CD:F3:24:92:CB:8A:52:27:87
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       74FC3FEADE38BE3B77A254C9D996113A3688DE72
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3c1cfdde-5505-4973-8a61-33c56b97592b.roa
Signing time:             Sun 26 Oct 2025 00:30:56 +0000
ROA not before:           Sun 26 Oct 2025 00:30:56 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        71.141.128.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:fc:3f:ea:de:38:be:3b:77:a2:54:c9:d9:96:11:3a:36:88:de:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 00:30:56 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=14de5d5bb786d18d6fa4b2c6aa1268431f273263ecb50dc6e549348f5afee10f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b3:99:d0:71:85:99:91:ad:67:90:4e:5c:40:
                    76:05:62:d0:5d:68:a5:c2:9c:2e:e9:1b:b2:ab:84:
                    ab:2f:0d:00:43:34:4e:8f:44:a5:ce:10:36:0d:70:
                    b1:25:c0:41:d6:98:f2:d1:67:e3:14:b3:a3:67:1d:
                    ee:bc:e9:44:9d:48:4d:94:16:fe:ea:49:9c:68:54:
                    8d:e9:18:fd:e2:2b:18:67:bc:8a:60:fc:80:86:15:
                    dc:1f:02:29:74:49:ea:36:29:9b:2a:91:2e:0f:8c:
                    55:b1:e0:3f:c9:2d:08:3e:0d:d7:65:19:2c:0c:35:
                    8c:bb:ac:a6:e3:d8:46:d7:93:7a:be:58:00:e7:77:
                    fc:00:86:e3:5f:8a:13:55:50:43:49:cd:a0:b4:d0:
                    e6:32:a1:c6:45:3d:03:c3:73:81:75:36:24:74:97:
                    47:53:95:03:f4:24:c2:f5:da:22:75:be:ac:7d:94:
                    49:c6:ed:78:0c:a3:d4:0c:df:1a:ea:66:30:95:de:
                    10:8c:83:38:33:ff:9e:3f:5f:ba:41:aa:d8:d5:21:
                    53:29:65:d6:84:cc:78:b7:a4:7f:42:a7:a4:69:db:
                    aa:d2:5e:86:ab:7a:cc:29:a3:9f:db:80:09:1c:3f:
                    da:80:98:02:04:06:1f:77:35:f0:4e:ad:32:a1:05:
                    d9:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:5B:39:69:82:4D:24:12:A9:53:52:CD:F3:24:92:CB:8A:52:27:87
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3c1cfdde-5505-4973-8a61-33c56b97592b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  71.141.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         75:44:24:70:18:cd:71:75:4d:f6:96:4b:c0:0b:45:b8:3e:12:
         80:d9:a0:6e:6e:a6:a1:68:e1:52:42:3f:73:03:c0:83:38:94:
         f5:29:f6:9a:fd:60:1a:27:d6:3a:13:34:03:37:cd:0e:0f:f9:
         e7:42:dd:47:d5:8e:a5:fb:a8:e1:2e:c7:44:9c:73:0a:8c:8b:
         0d:30:5b:4d:e0:77:3d:9a:90:27:3e:06:a6:f3:f6:35:41:1f:
         8c:01:c5:e7:30:65:59:73:6e:9d:0f:7a:8f:d8:db:49:d7:9e:
         0f:57:66:1b:ea:6c:62:d6:d5:89:79:ad:15:86:31:a0:30:ee:
         be:eb:ba:dc:95:83:60:fb:bc:49:f9:f6:d1:f4:5e:d2:e3:33:
         be:29:37:28:d7:0f:ba:e5:23:ea:c7:b6:6f:31:44:d1:90:3b:
         59:0b:2a:2b:30:ce:9b:11:30:1d:f2:99:9c:57:93:06:17:69:
         27:10:43:85:79:d8:44:d2:b6:d0:ba:60:57:1f:bc:3e:e2:89:
         fb:b4:e3:2b:c9:dc:40:da:f9:f9:63:a7:c2:3d:ec:6c:51:04:
         84:7f:97:08:1e:18:be:2a:fe:b5:b2:b8:b3:fb:43:99:9d:9b:
         6a:fa:71:2b:1c:c0:6d:91:b7:b8:8b:11:9f:c4:f5:f9:fd:e9:
         f2:bd:7d:d0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdPw/6t44vjt3olTJ2ZYROjaI3nIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDAzMDU2WhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNGRlNWQ1YmI3ODZkMThkNmZhNGIyYzZhYTEyNjg0MzFm
MjczMjYzZWNiNTBkYzZlNTQ5MzQ4ZjVhZmVlMTBmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJs5nQcYWZka1nkE5cQHYFYtBdaKXCnC7pG7KrhKsvDQBD
NE6PRKXOEDYNcLElwEHWmPLRZ+MUs6NnHe686USdSE2UFv7qSZxoVI3pGP3iKxhn
vIpg/ICGFdwfAil0Seo2KZsqkS4PjFWx4D/JLQg+DddlGSwMNYy7rKbj2EbXk3q+
WADnd/wAhuNfihNVUENJzaC00OYyocZFPQPDc4F1NiR0l0dTlQP0JML12iJ1vqx9
lEnG7XgMo9QM3xrqZjCV3hCMgzgz/54/X7pBqtjVIVMpZdaEzHi3pH9Cp6Rp26rS
Xoareswpo5/bgAkcP9qAmAIEBh93NfBOrTKhBdmNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU91s5aYJNJBKpU1LN8ySSy4pSJ4cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNjMWNmZGRlLTU1MDUtNDk3My04YTYxLTMzYzU2Yjk3NTkyYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZHjYAwDQYJKoZIhvcNAQELBQADggEBAHVEJHAYzXF1TfaWS8ALRbg+EoDZ
oG5upqFo4VJCP3MDwIM4lPUp9pr9YBon1joTNAM3zQ4P+edC3UfVjqX7qOEux0Sc
cwqMiw0wW03gdz2akCc+Bqbz9jVBH4wBxecwZVlzbp0Peo/Y20nXng9XZhvqbGLW
1Yl5rRWGMaAw7r7rutyVg2D7vEn59tH0XtLjM74pNyjXD7rlI+rHtm8xRNGQO1kL
KiswzpsRMB3ymZxXkwYXaScQQ4V52ETSttC6YFcfvD7iifu04yvJ3EDa+fljp8I9
7GxRBIR/lwgeGL4q/rWyuLP7Q5mdm2r6cSscwG2Rt7iLEZ/E9fn96fK9fdA=
-----END CERTIFICATE-----