Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/515d6f04-3964-43a0-97b1-51850a0bc0eb.roa
File:                     515d6f04-3964-43a0-97b1-51850a0bc0eb.roa (raw, json)
Hash identifier:          3m0rYyq+B60rrPn8a27edgfNWF3x/B30VLN/PMidzEc=
Subject key identifier:   D4:07:6B:C2:B0:87:23:E3:2A:FC:A9:27:4A:6B:B7:9A:44:CA:D5:F6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       13D35762EAB5837A276745499E887F98F9354B58
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/515d6f04-3964-43a0-97b1-51850a0bc0eb.roa
Signing time:             Sat 25 Oct 2025 00:00:38 +0000
ROA not before:           Sat 25 Oct 2025 00:00:38 +0000
ROA not after:            Sat 29 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        162.250.237.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:d3:57:62:ea:b5:83:7a:27:67:45:49:9e:88:7f:98:f9:35:4b:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 25 00:00:38 2025 GMT
            Not After : Nov 29 23:59:59 2025 GMT
        Subject: serialNumber=bb882aabc539ab617f8c26a0290943a495753dfc7508b505f61d20400c9e5fff, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:a2:b1:ef:e8:a9:7e:26:bf:f0:98:7b:2a:34:
                    98:fa:5d:6a:2c:0b:9b:ba:bf:f1:6e:4e:7c:2d:1f:
                    22:a7:c4:7b:31:a5:30:f5:03:22:e8:36:6d:63:4e:
                    6f:c4:93:56:81:b3:ca:44:0d:e0:49:1a:06:15:ed:
                    11:1b:88:04:d5:2d:8a:74:ef:89:01:af:20:11:5f:
                    c4:65:80:83:51:52:46:bc:64:df:d7:1b:74:42:9c:
                    8a:3e:85:c9:a0:7e:c9:25:d5:ac:8f:ef:0e:79:84:
                    05:33:92:fd:bf:c8:68:9c:65:1e:75:a4:04:fd:e6:
                    c0:fd:22:06:25:a4:41:b7:95:b9:74:78:98:f5:8e:
                    27:6e:b5:3e:cd:d4:b4:78:7b:93:d9:37:7a:c0:9d:
                    45:c9:7a:28:56:7e:37:13:f6:ec:0a:cf:c6:01:10:
                    6f:54:f0:d5:e1:a8:58:ed:e7:69:31:b9:16:70:ef:
                    49:cd:d0:d0:ed:e2:dc:ef:f0:f7:c5:dd:bd:4b:9b:
                    14:52:71:70:bd:fc:85:63:1b:87:d6:b6:7b:e3:23:
                    08:56:94:6f:c5:99:b8:41:51:f8:3a:5d:66:30:3b:
                    10:7e:23:17:87:61:e4:45:a1:5a:72:cc:20:c4:01:
                    c4:6e:de:d0:af:e0:89:78:e4:fc:54:d6:95:af:58:
                    16:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:07:6B:C2:B0:87:23:E3:2A:FC:A9:27:4A:6B:B7:9A:44:CA:D5:F6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/515d6f04-3964-43a0-97b1-51850a0bc0eb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.250.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:66:ed:72:d6:a3:b7:9e:72:45:67:97:8f:b0:43:6e:cd:67:
         8f:65:58:03:80:22:4f:0b:16:6a:44:77:cc:80:e4:30:66:df:
         8c:d1:7b:c9:ac:a2:38:d9:06:aa:0b:03:d7:96:6b:9c:bb:a6:
         93:fa:4f:5c:c7:69:4c:f8:68:d7:32:6d:dc:b2:fa:43:3c:2b:
         4c:36:c1:6d:35:3f:54:ab:b0:2e:10:72:49:36:26:fa:54:cd:
         1b:d7:43:58:e8:3e:8d:61:24:46:e2:82:bc:3d:5e:32:ec:82:
         5b:05:3e:1d:3d:47:e8:fc:14:17:bc:11:ec:1f:46:60:99:60:
         54:7d:49:11:11:a9:f8:40:4e:73:14:3c:c3:ef:42:22:d3:f2:
         9d:ab:69:2e:c4:5b:55:39:00:15:a2:b4:b7:a5:a6:aa:29:c1:
         22:6c:3e:e2:b5:db:7e:42:f3:c2:7d:20:d6:b8:38:df:3b:cd:
         db:f6:dd:2f:26:f9:5d:86:a9:49:65:cf:35:d2:fe:6b:79:70:
         8f:f6:65:a1:a2:b9:a2:4b:28:5e:99:b9:ba:e1:e2:f2:6c:e4:
         71:b5:19:6b:f3:3e:ce:a6:11:ac:6e:97:7e:e3:97:6d:16:36:
         be:5a:70:cc:2e:aa:1d:fe:f9:17:13:7b:1f:3e:d5:7b:8b:06:
         64:42:40:b4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUE9NXYuq1g3onZ0VJnoh/mPk1S1gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI1MDAwMDM4WhcNMjUxMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BiYjg4MmFhYmM1MzlhYjYxN2Y4YzI2YTAyOTA5NDNhNDk1
NzUzZGZjNzUwOGI1MDVmNjFkMjA0MDBjOWU1ZmZmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNorHv6Kl+Jr/wmHsqNJj6XWosC5u6v/FuTnwtHyKnxHsx
pTD1AyLoNm1jTm/Ek1aBs8pEDeBJGgYV7REbiATVLYp074kBryARX8RlgINRUka8
ZN/XG3RCnIo+hcmgfskl1ayP7w55hAUzkv2/yGicZR51pAT95sD9IgYlpEG3lbl0
eJj1jidutT7N1LR4e5PZN3rAnUXJeihWfjcT9uwKz8YBEG9U8NXhqFjt52kxuRZw
70nN0NDt4tzv8PfF3b1LmxRScXC9/IVjG4fWtnvjIwhWlG/FmbhBUfg6XWYwOxB+
IxeHYeRFoVpyzCDEAcRu3tCv4Il45PxU1pWvWBYPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1AdrwrCHI+Mq/KknSmu3mkTK1fYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzUxNWQ2ZjA0LTM5NjQtNDNhMC05N2IxLTUxODUwYTBiYzBlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACi+u0wDQYJKoZIhvcNAQELBQADggEBAD1m7XLWo7eeckVnl4+wQ27NZ49l
WAOAIk8LFmpEd8yA5DBm34zRe8msojjZBqoLA9eWa5y7ppP6T1zHaUz4aNcybdyy
+kM8K0w2wW01P1SrsC4Qckk2JvpUzRvXQ1joPo1hJEbigrw9XjLsglsFPh09R+j8
FBe8EewfRmCZYFR9SRERqfhATnMUPMPvQiLT8p2raS7EW1U5ABWitLelpqopwSJs
PuK1235C88J9INa4ON87zdv23S8m+V2GqUllzzXS/mt5cI/2ZaGiuaJLKF6Zubrh
4vJs5HG1GWvzPs6mEaxul37jl20WNr5acMwuqh3++RcTex8+1XuLBmRCQLQ=
-----END CERTIFICATE-----