Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46758e19-83f6-44fe-b34a-46b023902f4e.roa
File:                     46758e19-83f6-44fe-b34a-46b023902f4e.roa (raw, json)
Hash identifier:          gi//w23SEbwVDa56BvcVU/UpDKxo96a2pO5wUaA6xgM=
Subject key identifier:   47:93:8E:1E:BB:EB:D3:FD:F1:8C:6F:0F:DB:36:F6:4A:99:77:4F:19
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1016B335E466619B3ACF132EC3DD3D3C147EDF9F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46758e19-83f6-44fe-b34a-46b023902f4e.roa
Signing time:             Sat 01 Nov 2025 00:10:09 +0000
ROA not before:           Sat 01 Nov 2025 00:10:09 +0000
ROA not after:            Sat 06 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        207.8.224.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:16:b3:35:e4:66:61:9b:3a:cf:13:2e:c3:dd:3d:3c:14:7e:df:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  1 00:10:09 2025 GMT
            Not After : Dec  6 23:59:59 2025 GMT
        Subject: serialNumber=a9d8b6d4222f158a63d218def0894d3a66bc7ea53f10d4e02e2a51ffb0e6ddb5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:e9:21:7e:b0:2b:a0:18:85:80:45:f0:24:fa:
                    d0:d1:fb:06:cd:41:f0:23:64:ec:97:6d:9e:9e:f2:
                    a6:87:94:c8:d0:93:5f:2c:c6:e7:3f:e8:c9:54:a9:
                    41:7c:6c:2b:57:ce:52:5f:92:92:2d:86:44:a8:49:
                    ed:c3:37:66:7e:c4:66:aa:7e:17:6d:a5:64:4d:c5:
                    a8:37:48:16:4e:fe:06:a6:c6:e0:87:bd:fb:9f:f3:
                    6b:40:9b:04:8c:4a:10:33:b9:1a:90:26:fb:0e:2c:
                    2e:69:df:52:10:a3:b7:14:bf:fb:6b:59:b7:e4:c2:
                    d6:84:6a:4b:07:78:c6:c6:dc:9a:07:ce:9e:cd:3c:
                    42:f6:44:3e:ba:dc:28:ad:19:8a:48:75:24:9c:a2:
                    35:80:0c:cd:d1:57:32:ab:14:63:a5:8f:fd:7f:9e:
                    fa:85:27:88:ab:48:66:9e:0d:14:5a:4a:eb:91:c6:
                    3c:85:e0:0e:14:d9:85:79:6f:97:4f:6b:0f:2e:7a:
                    ce:8c:fa:96:72:e4:b7:0c:fd:12:a3:5a:bb:93:d4:
                    78:c8:fa:fe:24:d0:6c:d4:86:82:42:54:16:b8:54:
                    5d:e2:a7:25:e2:66:12:a9:3a:a6:fb:ac:9b:45:28:
                    b2:20:77:bc:2f:6e:9c:91:56:56:b0:c2:84:25:32:
                    cb:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:93:8E:1E:BB:EB:D3:FD:F1:8C:6F:0F:DB:36:F6:4A:99:77:4F:19
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46758e19-83f6-44fe-b34a-46b023902f4e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.8.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8c:ca:2a:e7:5b:2b:13:ad:3b:d3:39:7e:1f:9c:8a:e2:be:da:
         ca:65:e3:a7:da:2e:dc:18:c9:dd:7b:b2:8a:fb:d4:91:61:b2:
         c9:34:36:14:31:55:ee:c9:2a:df:0a:49:fa:10:98:ae:6f:46:
         df:8c:0b:a6:0d:5f:fe:69:8d:44:fd:ca:43:04:d6:57:2c:12:
         7a:cd:2c:93:fa:7c:8d:5e:38:24:23:66:97:3e:d5:a9:c8:b3:
         fc:0a:5f:3d:b5:e8:bf:c1:e5:8c:18:6f:22:60:3f:7b:bf:f7:
         0d:90:0b:fd:a9:11:47:12:cf:eb:f0:5f:a8:d9:de:c0:05:f7:
         c0:d3:2c:a9:9e:04:29:13:ed:fa:7a:d2:ba:5c:9f:c4:e9:0d:
         aa:20:90:83:6d:84:43:5d:38:f2:a0:e3:a2:06:0e:21:02:6e:
         a9:e0:2f:af:e8:8d:f5:d2:06:22:60:cf:e8:89:54:a4:5f:6e:
         66:51:e7:ae:37:36:d4:ab:73:f9:c1:84:43:47:ce:d9:2e:85:
         78:75:81:4f:2a:06:a0:19:09:d2:b7:17:5e:c6:c7:e4:3f:f3:
         e5:3b:79:82:d8:22:f2:7a:e6:05:00:c0:0a:d6:d5:0a:5a:f1:
         38:ec:ee:eb:d4:77:be:ec:20:49:d3:93:de:a0:04:52:60:0a:
         5a:19:7a:00
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEBazNeRmYZs6zxMuw909PBR+358wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAxMDAxMDA5WhcNMjUxMjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BhOWQ4YjZkNDIyMmYxNThhNjNkMjE4ZGVmMDg5NGQzYTY2
YmM3ZWE1M2YxMGQ0ZTAyZTJhNTFmZmIwZTZkZGI1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCX6SF+sCugGIWARfAk+tDR+wbNQfAjZOyXbZ6e8qaHlMjQ
k18sxuc/6MlUqUF8bCtXzlJfkpIthkSoSe3DN2Z+xGaqfhdtpWRNxag3SBZO/gam
xuCHvfuf82tAmwSMShAzuRqQJvsOLC5p31IQo7cUv/trWbfkwtaEaksHeMbG3JoH
zp7NPEL2RD663CitGYpIdSScojWADM3RVzKrFGOlj/1/nvqFJ4irSGaeDRRaSuuR
xjyF4A4U2YV5b5dPaw8ues6M+pZy5LcM/RKjWruT1HjI+v4k0GzUhoJCVBa4VF3i
pyXiZhKpOqb7rJtFKLIgd7wvbpyRVlawwoQlMstjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUR5OOHrvr0/3xjG8P2zb2Spl3TxkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ2NzU4ZTE5LTgzZjYtNDRmZS1iMzRhLTQ2YjAyMzkwMmY0ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATPCOAwDQYJKoZIhvcNAQELBQADggEBAIzKKudbKxOtO9M5fh+ciuK+2spl
46faLtwYyd17sor71JFhssk0NhQxVe7JKt8KSfoQmK5vRt+MC6YNX/5pjUT9ykME
1lcsEnrNLJP6fI1eOCQjZpc+1anIs/wKXz216L/B5YwYbyJgP3u/9w2QC/2pEUcS
z+vwX6jZ3sAF98DTLKmeBCkT7fp60rpcn8TpDaogkINthENdOPKg46IGDiECbqng
L6/ojfXSBiJgz+iJVKRfbmZR5643NtSrc/nBhENHztkuhXh1gU8qBqAZCdK3F17G
x+Q/8+U7eYLYIvJ65gUAwArW1Qpa8Tjs7uvUd77sIEnTk96gBFJgCloZegA=
-----END CERTIFICATE-----