Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/49d51f42-2ffc-4217-9e32-f46cec71a85a.roa
File:                     49d51f42-2ffc-4217-9e32-f46cec71a85a.roa (raw, json)
Hash identifier:          LTyb5nL0u60ew6271rH1HelsUJqFvMDM+Vot7pYMla4=
Subject key identifier:   CB:0D:85:7D:31:AE:B5:C5:4B:ED:11:46:A5:EC:83:06:3A:F2:08:05
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5EF4F8D1DEDF6AB0A6180953F9B4712372BCE6BD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/49d51f42-2ffc-4217-9e32-f46cec71a85a.roa
Signing time:             Wed 22 Oct 2025 00:30:14 +0000
ROA not before:           Wed 22 Oct 2025 00:30:14 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.35.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:f4:f8:d1:de:df:6a:b0:a6:18:09:53:f9:b4:71:23:72:bc:e6:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:30:14 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=be16b69b8ac11ac9b32fd7a7885d0c40585def76fec261e6a406be3ac92a1d2b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:27:7b:1c:d6:41:dd:17:80:c0:e3:b6:78:63:
                    88:2a:33:60:5a:7b:9e:fc:17:a0:89:f2:eb:0c:25:
                    42:18:fe:6e:7e:07:7e:3b:1a:f2:8b:9a:07:d7:61:
                    27:f3:89:1f:0b:68:37:07:97:13:d0:04:77:34:48:
                    be:82:7f:a7:35:45:ce:6f:4e:eb:06:b0:e2:07:01:
                    fe:5c:1f:09:0e:54:55:04:82:bc:d1:5c:39:28:17:
                    6d:12:89:41:1a:ce:ce:a0:7f:25:9f:a0:2e:c4:aa:
                    62:fb:87:84:55:ea:c2:86:62:3b:ce:4b:c6:02:a2:
                    cb:c9:36:2d:57:a9:8e:4f:1c:b4:fc:32:2e:36:d8:
                    4b:19:74:14:c9:d4:c0:67:88:11:4a:3f:c2:15:4b:
                    70:b4:2e:63:60:99:ff:12:c6:d1:29:5a:25:92:d8:
                    40:31:83:e6:36:0a:6a:65:61:ed:a7:85:f2:82:bf:
                    84:e1:ee:df:e9:6e:7e:f0:f2:1c:f4:08:1f:49:6d:
                    5c:07:0a:a3:64:df:a3:aa:96:be:82:ac:ec:ea:b4:
                    b0:75:80:02:18:e1:eb:f7:de:ed:96:d6:6c:04:3e:
                    8f:d9:0c:2f:42:e9:44:d8:45:86:c0:f4:54:67:de:
                    07:44:dc:d7:9a:f1:a0:e0:fc:7b:ed:a3:8a:bf:3c:
                    b5:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:0D:85:7D:31:AE:B5:C5:4B:ED:11:46:A5:EC:83:06:3A:F2:08:05
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/49d51f42-2ffc-4217-9e32-f46cec71a85a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.35.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2e:ab:79:3d:e5:f1:88:1b:3e:9d:70:68:53:8e:48:4f:ec:c4:
         93:06:3b:b0:67:0b:f4:6b:55:95:ad:0f:d2:bd:9e:77:c1:00:
         0d:b4:f1:77:a8:05:29:cd:2f:c0:0c:2b:f8:90:a3:1c:f6:98:
         46:79:0a:76:f6:bc:19:5c:0f:c1:b6:e1:1d:32:d8:aa:21:b6:
         a8:d6:8b:2b:a3:93:f1:f0:c4:a7:5f:ad:50:4f:a5:27:f4:c1:
         79:49:52:24:7f:f5:2d:94:03:d6:bd:62:a9:16:89:af:83:81:
         c4:22:75:95:20:bb:31:9c:3e:02:1c:83:8a:f2:a0:d5:ba:2e:
         71:59:57:be:1a:b6:ab:17:ea:74:65:93:c6:00:bd:21:0c:2e:
         87:22:43:00:11:1a:dd:28:e1:60:b5:37:d8:d2:33:d1:87:57:
         ee:c0:8f:07:bd:ee:48:45:cc:8c:d6:ff:85:b9:a8:d9:06:48:
         2d:be:b7:75:70:0b:7e:60:90:2a:fd:7c:80:6b:eb:1f:24:5f:
         11:4d:c8:a0:ca:00:b5:ee:e1:ec:2c:be:be:3c:d4:b2:0f:6a:
         5d:23:d5:9d:8a:79:12:75:d8:36:9b:3e:8b:2c:6f:d3:09:2c:
         80:64:d4:cf:25:9d:db:18:f7:4b:22:df:24:05:d1:39:4f:79:
         6f:8a:3d:d9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUXvT40d7farCmGAlT+bRxI3K85r0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAzMDE0WhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZTE2YjY5YjhhYzExYWM5YjMyZmQ3YTc4ODVkMGM0MDU4
NWRlZjc2ZmVjMjYxZTZhNDA2YmUzYWM5MmExZDJiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxJ3sc1kHdF4DA47Z4Y4gqM2Bae578F6CJ8usMJUIY/m5+
B347GvKLmgfXYSfziR8LaDcHlxPQBHc0SL6Cf6c1Rc5vTusGsOIHAf5cHwkOVFUE
grzRXDkoF20SiUEazs6gfyWfoC7EqmL7h4RV6sKGYjvOS8YCosvJNi1XqY5PHLT8
Mi422EsZdBTJ1MBniBFKP8IVS3C0LmNgmf8SxtEpWiWS2EAxg+Y2CmplYe2nhfKC
v4Th7t/pbn7w8hz0CB9JbVwHCqNk36Oqlr6CrOzqtLB1gAIY4ev33u2W1mwEPo/Z
DC9C6UTYRYbA9FRn3gdE3Nea8aDg/Hvto4q/PLWZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUyw2FfTGutcVL7RFGpeyDBjryCAUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ5ZDUxZjQyLTJmZmMtNDIxNy05ZTMyLWY0NmNlYzcxYTg1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAjIzANBgkqhkiG9w0BAQsFAAOCAQEALqt5PeXxiBs+nXBoU45IT+zEkwY7
sGcL9GtVla0P0r2ed8EADbTxd6gFKc0vwAwr+JCjHPaYRnkKdva8GVwPwbbhHTLY
qiG2qNaLK6OT8fDEp1+tUE+lJ/TBeUlSJH/1LZQD1r1iqRaJr4OBxCJ1lSC7MZw+
AhyDivKg1boucVlXvhq2qxfqdGWTxgC9IQwuhyJDABEa3SjhYLU32NIz0YdX7sCP
B73uSEXMjNb/hbmo2QZILb63dXALfmCQKv18gGvrHyRfEU3IoMoAte7h7Cy+vjzU
sg9qXSPVnYp5EnXYNps+iyxv0wksgGTUzyWd2xj3SyLfJAXROU95b4o92Q==
-----END CERTIFICATE-----