Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3e609d71-075f-40c9-b88a-5a62a3b788a9.roa
File:                     3e609d71-075f-40c9-b88a-5a62a3b788a9.roa (raw, json)
Hash identifier:          dvJGLF+/5h761VCud0Ianm97rGEO1FBsBLxSPOHf5yE=
Subject key identifier:   F5:84:2A:26:6C:E6:F1:28:A2:3F:FF:02:7D:D5:4A:8E:0C:96:0E:6A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0CA1833CF22E0A64F13EB4F19898E4EA0EBA8DCC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3e609d71-075f-40c9-b88a-5a62a3b788a9.roa
Signing time:             Fri 24 Oct 2025 00:10:06 +0000
ROA not before:           Fri 24 Oct 2025 00:10:06 +0000
ROA not after:            Fri 28 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        68.159.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:a1:83:3c:f2:2e:0a:64:f1:3e:b4:f1:98:98:e4:ea:0e:ba:8d:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 24 00:10:06 2025 GMT
            Not After : Nov 28 23:59:59 2025 GMT
        Subject: serialNumber=9dbc0f225a466ce4c5039a094cc95f10c4c98b0a55442a24423fea14577b76f9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:55:fd:74:c5:6c:bf:b1:63:fe:a9:8c:ce:52:
                    e6:8a:d1:a3:3e:d7:5c:0d:01:53:8f:f3:49:31:2d:
                    4e:a4:7c:6f:b2:75:17:db:77:bc:fc:00:1f:9f:9c:
                    a9:d7:34:04:cb:bc:63:52:68:ca:c0:a5:70:88:72:
                    a2:77:c5:d3:44:37:f3:7f:ae:7c:ca:c9:c3:24:6c:
                    39:94:8f:d1:ce:aa:a8:a1:20:b4:3f:18:b6:2f:ee:
                    3a:77:62:1c:f8:16:f1:37:e8:19:9f:63:e3:27:f3:
                    d3:c2:28:10:98:c0:f3:d8:29:19:6c:40:95:e5:7a:
                    87:45:00:41:f2:d9:72:9f:36:d3:8c:2a:76:9f:15:
                    c9:23:83:fb:44:50:20:b1:62:3f:ff:3d:0b:78:94:
                    2b:b1:de:2a:40:92:92:b9:7e:75:97:ac:a4:59:d4:
                    f1:cf:b1:f0:7f:77:45:78:54:78:2c:dd:13:83:3a:
                    98:37:8f:8b:14:94:3e:65:74:fa:51:87:03:29:16:
                    7f:7f:78:10:84:0f:44:b5:fe:c7:68:40:bb:88:01:
                    ce:51:9c:e4:19:47:8a:9e:f4:91:ec:cb:f1:b2:ee:
                    dd:50:e9:8a:8f:8e:18:54:4f:d8:b3:78:3b:1a:73:
                    79:11:bd:11:7a:06:df:e7:e6:9e:82:16:9b:bf:14:
                    fd:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:84:2A:26:6C:E6:F1:28:A2:3F:FF:02:7D:D5:4A:8E:0C:96:0E:6A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3e609d71-075f-40c9-b88a-5a62a3b788a9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  68.159.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         94:c3:7f:8e:58:14:cc:59:63:8c:a9:0f:03:7a:99:f2:89:37:
         69:ca:27:ab:81:9c:d3:79:3e:8d:79:ec:ae:05:cb:c6:8a:a9:
         9a:6b:9a:e8:b2:05:52:b2:79:ea:cb:d3:d0:f0:52:63:81:56:
         d1:2e:04:86:3c:3f:e4:19:d9:f6:2d:0b:d5:f5:3c:05:a0:30:
         db:b0:f8:cb:ac:31:64:93:7f:ee:51:d9:a9:92:a5:ed:18:b9:
         b2:18:cd:98:9f:cf:5f:dc:0a:c6:fe:d7:9a:2c:9e:c6:62:b0:
         4d:64:ff:03:60:73:c0:7a:2f:78:de:6e:0d:50:0a:77:12:c7:
         55:0f:79:b3:37:48:89:60:cd:9c:fd:e9:c4:07:2c:96:83:b3:
         17:12:89:df:45:12:e8:c2:87:4b:18:82:4c:36:1d:f4:a8:5c:
         b4:c3:35:f1:7d:2a:e4:8e:94:56:48:d4:40:a0:3b:22:19:4c:
         06:58:80:b5:4d:11:d8:7a:01:b6:4d:8f:63:27:b0:a2:0f:e6:
         94:80:e4:a7:16:99:63:a2:21:de:1c:78:14:44:8b:85:28:a0:
         9f:9e:ae:40:c4:e2:ca:9b:71:ef:b0:29:8f:f3:a6:09:64:c3:
         43:b3:fb:b5:a4:50:69:d6:4b:7e:03:c3:7e:6f:ba:7d:69:4b:
         dd:5b:c8:cb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUDKGDPPIuCmTxPrTxmJjk6g66jcwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI0MDAxMDA2WhcNMjUxMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZGJjMGYyMjVhNDY2Y2U0YzUwMzlhMDk0Y2M5NWYxMGM0
Yzk4YjBhNTU0NDJhMjQ0MjNmZWExNDU3N2I3NmY5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDVf10xWy/sWP+qYzOUuaK0aM+11wNAVOP80kxLU6kfG+y
dRfbd7z8AB+fnKnXNATLvGNSaMrApXCIcqJ3xdNEN/N/rnzKycMkbDmUj9HOqqih
ILQ/GLYv7jp3Yhz4FvE36BmfY+Mn89PCKBCYwPPYKRlsQJXleodFAEHy2XKfNtOM
KnafFckjg/tEUCCxYj//PQt4lCux3ipAkpK5fnWXrKRZ1PHPsfB/d0V4VHgs3ROD
Opg3j4sUlD5ldPpRhwMpFn9/eBCED0S1/sdoQLuIAc5RnOQZR4qe9JHsy/Gy7t1Q
6YqPjhhUT9izeDsac3kRvRF6Bt/n5p6CFpu/FP2VAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU9YQqJmzm8SiiP/8CfdVKjgyWDmowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNlNjA5ZDcxLTA3NWYtNDBjOS1iODhhLTVhNjJhM2I3ODhhOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBEnzANBgkqhkiG9w0BAQsFAAOCAQEAlMN/jlgUzFljjKkPA3qZ8ok3acon
q4Gc03k+jXnsrgXLxoqpmmua6LIFUrJ56svT0PBSY4FW0S4Ehjw/5BnZ9i0L1fU8
BaAw27D4y6wxZJN/7lHZqZKl7Ri5shjNmJ/PX9wKxv7XmiyexmKwTWT/A2BzwHov
eN5uDVAKdxLHVQ95szdIiWDNnP3pxAcsloOzFxKJ30US6MKHSxiCTDYd9KhctMM1
8X0q5I6UVkjUQKA7IhlMBliAtU0R2HoBtk2PYyewog/mlIDkpxaZY6Ih3hx4FESL
hSign56uQMTiyptx77Apj/OmCWTDQ7P7taRQadZLfgPDfm+6fWlL3VvIyw==
-----END CERTIFICATE-----