Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4f5a2e02-8617-4677-a4c8-84780c2dc6e0.roa
File:                     4f5a2e02-8617-4677-a4c8-84780c2dc6e0.roa (raw, json)
Hash identifier:          N3FGzXoGp7TinujQcAmbqyIxGqKNTwNiha6tnpq7gMk=
Subject key identifier:   A2:31:16:63:01:5C:B3:68:A4:33:E1:4D:34:C9:3D:97:E1:12:B6:96
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       04AA532A4C51727BAC34CA48A4B3DB271AD4BA86
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4f5a2e02-8617-4677-a4c8-84780c2dc6e0.roa
Signing time:             Wed 29 Oct 2025 00:20:05 +0000
ROA not before:           Wed 29 Oct 2025 00:20:05 +0000
ROA not after:            Wed 03 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        204.33.176.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:aa:53:2a:4c:51:72:7b:ac:34:ca:48:a4:b3:db:27:1a:d4:ba:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 29 00:20:05 2025 GMT
            Not After : Dec  3 23:59:59 2025 GMT
        Subject: serialNumber=877342e344e6a2d01bb0a863fef9aaa92920e4b34d819e6bfa2606e36127acf2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:ef:d1:42:08:d4:a1:c9:60:0b:a5:cf:eb:9f:
                    34:8f:79:76:08:20:3e:dd:06:cf:f6:e7:f8:b7:0f:
                    60:9a:68:35:8c:1a:90:78:27:f9:7d:c4:71:37:70:
                    69:9b:71:d1:e4:2e:a9:e2:3e:c4:89:2c:8a:3e:5b:
                    9b:b4:3f:65:07:33:3d:6e:af:8c:5b:d0:7c:34:1f:
                    85:51:59:ca:4a:f7:b5:c5:f3:37:58:60:24:75:54:
                    9a:19:cd:be:3b:4a:a2:8d:4e:38:0d:1c:1d:14:c8:
                    73:ce:62:d6:56:26:4b:db:8b:f9:66:3b:81:55:e7:
                    76:88:c3:ed:bb:06:61:ba:20:51:18:65:02:89:a8:
                    47:54:ea:92:9b:10:94:7c:86:f7:16:9f:dd:49:62:
                    d6:74:c8:94:16:65:7b:c8:bd:e6:02:f4:fb:c8:b9:
                    e3:39:a3:e2:8b:11:1a:bd:e5:f3:6f:be:38:18:e8:
                    4e:4a:d8:ed:b0:56:4c:28:67:07:f6:7b:1c:64:5f:
                    1b:40:d0:47:4f:ae:b2:1f:07:9b:97:dd:7c:5f:63:
                    8f:58:f3:eb:27:5a:4e:2a:3d:bd:01:e3:d5:32:b8:
                    80:a4:32:9a:25:a7:8c:01:f0:f7:a0:dc:b5:0b:f8:
                    d3:81:a0:04:42:cc:e1:e7:29:55:cc:68:60:2f:76:
                    8a:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:31:16:63:01:5C:B3:68:A4:33:E1:4D:34:C9:3D:97:E1:12:B6:96
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4f5a2e02-8617-4677-a4c8-84780c2dc6e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.33.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         82:7d:77:4e:81:51:bb:72:e4:69:5a:08:5e:0d:8b:8d:2a:64:
         16:3e:6d:1f:7c:9b:56:c7:9a:b6:28:1c:97:9b:6c:c0:07:71:
         cd:67:ef:16:76:24:b6:fb:ec:b9:59:14:4c:fa:c1:c1:d2:4d:
         44:02:4e:7a:0a:5b:e0:0a:12:87:11:7e:12:ef:ff:6f:bf:96:
         b0:b4:11:b5:bc:c8:73:60:fe:4b:e9:dc:78:0b:e6:bb:73:c4:
         9c:b5:68:77:9b:c5:ec:06:df:3e:c2:d4:db:e0:3f:76:37:2a:
         e2:d5:f5:cf:b1:4f:6a:e0:c7:71:32:72:f8:a1:66:8c:8b:af:
         7c:ac:7b:37:75:7f:c5:19:a5:77:ef:46:51:43:2e:3e:06:13:
         8e:d5:20:c6:7b:43:82:70:f6:e8:a4:69:e3:b0:f6:49:57:82:
         82:fd:88:6c:ab:ce:0a:ed:10:80:ce:9d:cc:5c:f9:aa:d4:61:
         53:e8:4c:96:07:76:b2:62:64:0e:9a:f0:f8:e0:27:86:b6:ba:
         7f:32:f0:95:1c:2d:9c:0e:06:41:e5:c5:76:68:52:15:b5:f3:
         ab:f3:2f:4c:38:40:fa:27:3a:58:0b:c5:a1:be:fa:5f:f8:fd:
         d5:f8:96:b0:64:cf:b1:ca:0e:0a:31:a4:82:32:91:d2:7e:5e:
         3b:52:61:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBKpTKkxRcnusNMpIpLPbJxrUuoYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI5MDAyMDA1WhcNMjUxMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NzczNDJlMzQ0ZTZhMmQwMWJiMGE4NjNmZWY5YWFhOTI5
MjBlNGIzNGQ4MTllNmJmYTI2MDZlMzYxMjdhY2YyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDa79FCCNShyWALpc/rnzSPeXYIID7dBs/25/i3D2CaaDWM
GpB4J/l9xHE3cGmbcdHkLqniPsSJLIo+W5u0P2UHMz1ur4xb0Hw0H4VRWcpK97XF
8zdYYCR1VJoZzb47SqKNTjgNHB0UyHPOYtZWJkvbi/lmO4FV53aIw+27BmG6IFEY
ZQKJqEdU6pKbEJR8hvcWn91JYtZ0yJQWZXvIveYC9PvIueM5o+KLERq95fNvvjgY
6E5K2O2wVkwoZwf2exxkXxtA0EdPrrIfB5uX3XxfY49Y8+snWk4qPb0B49UyuICk
Mpolp4wB8Peg3LUL+NOBoARCzOHnKVXMaGAvdoqVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUojEWYwFcs2ikM+FNNMk9l+EStpYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRmNWEyZTAyLTg2MTctNDY3Ny1hNGM4LTg0NzgwYzJkYzZlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATMIbAwDQYJKoZIhvcNAQELBQADggEBAIJ9d06BUbty5GlaCF4Ni40qZBY+
bR98m1bHmrYoHJebbMAHcc1n7xZ2JLb77LlZFEz6wcHSTUQCTnoKW+AKEocRfhLv
/2+/lrC0EbW8yHNg/kvp3HgL5rtzxJy1aHebxewG3z7C1NvgP3Y3KuLV9c+xT2rg
x3EycvihZoyLr3ysezd1f8UZpXfvRlFDLj4GE47VIMZ7Q4Jw9uikaeOw9klXgoL9
iGyrzgrtEIDOncxc+arUYVPoTJYHdrJiZA6a8PjgJ4a2un8y8JUcLZwOBkHlxXZo
UhW186vzL0w4QPonOlgLxaG++l/4/dX4lrBkz7HKDgoxpIIykdJ+XjtSYfM=
-----END CERTIFICATE-----