Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3ca20876-6696-4841-abac-796243686ab3.roa
File:                     3ca20876-6696-4841-abac-796243686ab3.roa (raw, json)
Hash identifier:          I+EFZFybI+r9Bg3bgaK6wNef+R4iUp+qioCOVW82vJI=
Subject key identifier:   06:21:8F:48:47:0B:01:F6:29:D9:4F:02:87:84:AE:E6:29:72:A9:AC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       23055C43768DA3B967CC263DFC46866ED6324D64
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3ca20876-6696-4841-abac-796243686ab3.roa
Signing time:             Sun 26 Oct 2025 01:00:35 +0000
ROA not before:           Sun 26 Oct 2025 01:00:35 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        208.64.224.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:05:5c:43:76:8d:a3:b9:67:cc:26:3d:fc:46:86:6e:d6:32:4d:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 01:00:35 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=359657bed0f55337295d7dec987436000ddb7e26c74391e13de703ad627e5027, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:93:ae:59:4b:78:04:68:19:bb:ed:f6:cd:63:
                    fa:9a:af:de:9b:3f:98:b2:3b:c2:22:ba:bf:15:a3:
                    9e:cb:9f:94:ad:97:2e:89:b3:c3:55:31:38:40:2c:
                    56:f6:1e:ab:30:7b:9c:d9:8f:15:f1:4f:4f:d6:84:
                    58:e4:ce:59:51:f3:94:40:25:39:f8:26:a5:45:cd:
                    3f:50:66:c7:97:be:c1:84:18:6c:d6:3a:3c:4a:93:
                    d3:03:b6:c1:1d:54:a1:2f:fc:14:05:1f:54:79:fd:
                    bc:67:9c:de:21:e8:e1:d2:24:45:8d:8a:77:40:c4:
                    01:3f:3a:35:fc:99:62:10:91:36:ba:60:65:01:18:
                    55:54:3e:2e:69:a0:3b:d1:39:7c:0a:60:fa:5e:6d:
                    29:39:09:26:31:2e:07:bf:21:41:04:86:f9:44:e5:
                    1e:18:b6:86:1b:75:cd:d2:f3:7a:91:db:4c:64:17:
                    4a:1e:31:6b:13:de:4a:69:4f:ee:27:4e:0c:1a:4d:
                    1f:a4:74:0d:be:f9:2f:9b:b2:f4:2d:36:b0:67:6b:
                    43:4f:0e:bf:f8:f7:90:28:86:03:b9:6f:54:58:ef:
                    97:a8:7c:58:67:b2:b3:34:86:92:fd:3e:81:f4:cf:
                    a7:36:a1:98:74:82:79:dc:26:82:37:cd:6a:5c:2e:
                    0b:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:21:8F:48:47:0B:01:F6:29:D9:4F:02:87:84:AE:E6:29:72:A9:AC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3ca20876-6696-4841-abac-796243686ab3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  208.64.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         aa:6c:f6:cb:64:15:44:d8:a8:9e:4b:02:09:4e:1f:4b:c0:5b:
         af:80:2e:d4:46:8a:c6:87:ee:fb:24:ac:cc:91:10:ac:46:08:
         c2:b1:31:50:db:9a:4d:56:84:06:a9:ed:c0:0b:88:bc:01:a8:
         bb:e4:93:0b:fe:81:d0:98:45:2a:c4:df:be:36:1d:64:36:8e:
         9f:6e:df:84:d6:ec:7a:31:ee:ba:99:2e:6d:24:fc:2a:a8:06:
         6e:c9:10:03:71:fe:0c:24:b5:40:d8:8a:48:2a:32:2e:56:b3:
         95:a5:76:05:34:7a:b6:0d:bc:c0:91:5f:ed:3f:7f:6d:37:85:
         a5:2e:51:ef:a1:a8:72:82:df:ad:93:29:f8:ad:52:2b:d1:7c:
         d1:55:d2:c2:bb:91:00:70:98:33:eb:7b:51:e4:07:97:19:b9:
         94:f0:83:4f:f1:b0:70:ee:6d:dc:b0:7e:62:1e:b7:9c:0b:34:
         e5:18:3c:87:3c:a1:ff:a2:bc:ed:41:f4:a7:05:97:6d:a4:39:
         14:bc:74:5a:50:b0:d6:e4:5a:67:8f:cd:f4:fb:99:6b:c3:92:
         63:88:32:79:a6:26:48:d7:ec:dd:40:04:da:5d:e0:44:08:1b:
         6a:c4:ea:fe:db:31:b3:5f:a9:13:60:a2:4d:e9:68:05:fe:4c:
         49:3b:9d:44
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIwVcQ3aNo7lnzCY9/EaGbtYyTWQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDEwMDM1WhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzNTk2NTdiZWQwZjU1MzM3Mjk1ZDdkZWM5ODc0MzYwMDBk
ZGI3ZTI2Yzc0MzkxZTEzZGU3MDNhZDYyN2U1MDI3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1k65ZS3gEaBm77fbNY/qar96bP5iyO8Iiur8Vo57Ln5St
ly6Js8NVMThALFb2Hqswe5zZjxXxT0/WhFjkzllR85RAJTn4JqVFzT9QZseXvsGE
GGzWOjxKk9MDtsEdVKEv/BQFH1R5/bxnnN4h6OHSJEWNindAxAE/OjX8mWIQkTa6
YGUBGFVUPi5poDvROXwKYPpebSk5CSYxLge/IUEEhvlE5R4YtoYbdc3S83qR20xk
F0oeMWsT3kppT+4nTgwaTR+kdA2++S+bsvQtNrBna0NPDr/495AohgO5b1RY75eo
fFhnsrM0hpL9PoH0z6c2oZh0gnncJoI3zWpcLgs3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUBiGPSEcLAfYp2U8Ch4Su5ilyqawwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNjYTIwODc2LTY2OTYtNDg0MS1hYmFjLTc5NjI0MzY4NmFiMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPQQOAwDQYJKoZIhvcNAQELBQADggEBAKps9stkFUTYqJ5LAglOH0vAW6+A
LtRGisaH7vskrMyREKxGCMKxMVDbmk1WhAap7cALiLwBqLvkkwv+gdCYRSrE3742
HWQ2jp9u34TW7Hox7rqZLm0k/CqoBm7JEANx/gwktUDYikgqMi5Ws5WldgU0erYN
vMCRX+0/f203haUuUe+hqHKC362TKfitUivRfNFV0sK7kQBwmDPre1HkB5cZuZTw
g0/xsHDubdywfmIet5wLNOUYPIc8of+ivO1B9KcFl22kORS8dFpQsNbkWmePzfT7
mWvDkmOIMnmmJkjX7N1ABNpd4EQIG2rE6v7bMbNfqRNgok3paAX+TEk7nUQ=
-----END CERTIFICATE-----