Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4f988f7c-ee62-4298-acd0-5643868de133.roa
File:                     4f988f7c-ee62-4298-acd0-5643868de133.roa (raw, json)
Hash identifier:          77MwtsoAX56emEojJIisKKuFWguJXCz4YSHo4BmAsU4=
Subject key identifier:   8E:C6:6D:3E:B2:5C:7D:EE:34:8B:00:B0:E1:5F:F2:DC:3E:59:6B:6A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7E814FCFEAFC856D0852480C8CC8925759857761
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4f988f7c-ee62-4298-acd0-5643868de133.roa
Signing time:             Fri 31 Oct 2025 20:53:31 +0000
ROA not before:           Fri 31 Oct 2025 20:53:31 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        75.2.96.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:81:4f:cf:ea:fc:85:6d:08:52:48:0c:8c:c8:92:57:59:85:77:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 20:53:31 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=c20e8fc340d1baad1ec6666b6818f7f615d42637cea74c8ebbbd137b27ab1e8e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:3e:f1:4b:a5:9d:24:43:d3:3c:89:40:e3:d8:
                    af:c5:fd:01:72:73:61:c4:a5:b6:28:b2:ef:ba:b1:
                    01:b3:12:01:ad:03:8e:9d:88:ae:a8:3c:95:14:77:
                    93:9f:32:02:4b:81:60:b2:49:b3:bb:dc:c7:03:6f:
                    c5:5c:2b:b6:d9:ef:41:de:26:3e:7f:fb:f8:7d:ac:
                    59:a1:e6:4a:4b:ec:81:ee:46:f6:92:8b:58:29:ea:
                    bb:8f:b7:49:a3:c1:5d:84:d0:76:3c:60:b0:56:37:
                    ad:2e:d7:3d:40:7b:df:cf:29:cb:04:4e:cf:91:fa:
                    94:98:9b:c4:75:76:95:44:a4:7d:a8:dd:c2:76:5b:
                    65:0d:d1:e0:d4:18:05:7d:7f:3e:41:7d:b3:f0:21:
                    f5:42:4a:2b:e0:99:2c:26:94:39:7e:d1:2d:49:8b:
                    e1:d8:39:92:2f:1d:15:61:1d:c9:d4:36:8a:3e:e3:
                    6e:29:91:08:6a:e1:f9:7c:ec:10:5b:27:ac:15:fe:
                    d2:3f:ae:82:49:ec:47:9d:4c:1b:a2:10:61:8a:58:
                    89:42:e9:9c:68:aa:86:0a:49:17:36:a4:29:85:c7:
                    c7:83:62:ca:2f:39:3e:90:01:77:b1:98:cb:a4:db:
                    fa:f9:2f:52:d0:a5:d9:88:79:9d:e7:ae:70:31:a3:
                    9c:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:C6:6D:3E:B2:5C:7D:EE:34:8B:00:B0:E1:5F:F2:DC:3E:59:6B:6A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4f988f7c-ee62-4298-acd0-5643868de133.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  75.2.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         28:65:07:05:36:c5:04:72:9e:6b:42:72:e1:39:da:bd:52:4e:
         d0:c8:84:96:fd:2e:26:1f:d2:54:ac:f2:e1:e9:f7:a5:cf:c4:
         35:d0:a1:1f:55:08:bc:b0:c5:71:a2:5e:a2:8b:40:03:97:44:
         70:f0:15:02:78:5b:e7:57:03:6c:4c:26:64:f3:5c:27:22:59:
         51:e1:c4:00:f4:22:5d:ce:73:f0:00:27:e4:ea:6e:25:7d:64:
         46:5f:d2:24:9d:8a:d0:8d:f0:ea:64:39:31:bc:94:63:5c:81:
         3e:af:22:74:5a:6f:52:3f:e3:f2:f8:ba:7c:e4:77:84:90:af:
         89:d2:63:ad:9f:a8:90:f6:50:05:4e:ac:e5:47:01:5c:22:e4:
         fd:a4:d4:5d:1a:a4:09:5c:a4:47:f9:47:c3:45:3b:9b:72:7e:
         a6:62:6d:94:98:04:e5:ca:00:00:84:0e:4b:57:7d:6e:60:29:
         15:71:cf:06:08:84:39:48:ee:5a:73:40:ae:3e:5e:a8:19:05:
         ad:53:b3:bd:f5:80:ce:d4:ac:7d:90:2f:1e:8e:49:e3:d8:21:
         ea:40:4e:6c:83:cc:4c:92:81:b9:4a:af:7e:9d:e0:92:b9:46:
         eb:56:e0:e4:bc:ae:0e:fa:2c:1b:4b:dd:97:99:aa:6c:5d:18:
         79:76:00:5a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfoFPz+r8hW0IUkgMjMiSV1mFd2EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMjA1MzMxWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BjMjBlOGZjMzQwZDFiYWFkMWVjNjY2NmI2ODE4ZjdmNjE1
ZDQyNjM3Y2VhNzRjOGViYmJkMTM3YjI3YWIxZThlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDcPvFLpZ0kQ9M8iUDj2K/F/QFyc2HEpbYosu+6sQGzEgGt
A46diK6oPJUUd5OfMgJLgWCySbO73McDb8VcK7bZ70HeJj5/+/h9rFmh5kpL7IHu
RvaSi1gp6ruPt0mjwV2E0HY8YLBWN60u1z1Ae9/PKcsETs+R+pSYm8R1dpVEpH2o
3cJ2W2UN0eDUGAV9fz5BfbPwIfVCSivgmSwmlDl+0S1Ji+HYOZIvHRVhHcnUNoo+
424pkQhq4fl87BBbJ6wV/tI/roJJ7EedTBuiEGGKWIlC6ZxoqoYKSRc2pCmFx8eD
YsovOT6QAXexmMuk2/r5L1LQpdmIeZ3nrnAxo5y7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjsZtPrJcfe40iwCw4V/y3D5Za2owHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRmOTg4ZjdjLWVlNjItNDI5OC1hY2QwLTU2NDM4NjhkZTEzMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARLAmAwDQYJKoZIhvcNAQELBQADggEBAChlBwU2xQRynmtCcuE52r1STtDI
hJb9LiYf0lSs8uHp96XPxDXQoR9VCLywxXGiXqKLQAOXRHDwFQJ4W+dXA2xMJmTz
XCciWVHhxAD0Il3Oc/AAJ+TqbiV9ZEZf0iSditCN8OpkOTG8lGNcgT6vInRab1I/
4/L4unzkd4SQr4nSY62fqJD2UAVOrOVHAVwi5P2k1F0apAlcpEf5R8NFO5tyfqZi
bZSYBOXKAACEDktXfW5gKRVxzwYIhDlI7lpzQK4+XqgZBa1Ts731gM7UrH2QLx6O
SePYIepATmyDzEySgblKr36d4JK5RutW4OS8rg76LBtL3ZeZqmxdGHl2AFo=
-----END CERTIFICATE-----