Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/52a2b218-2a29-4964-b153-565ac1d505cf.roa
File:                     52a2b218-2a29-4964-b153-565ac1d505cf.roa (raw, json)
Hash identifier:          nh48XSNdEy7hwrxJ/aQ5qp0CX4XhdN95RgJCng3eJAQ=
Subject key identifier:   12:DA:E3:4C:32:FD:5C:BE:0E:16:99:AB:F0:74:6F:EF:4B:19:B9:76
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0BE4EF396010D0C4F3F121ABECAA90877136F04F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/52a2b218-2a29-4964-b153-565ac1d505cf.roa
Signing time:             Sun 02 Nov 2025 00:20:07 +0000
ROA not before:           Sun 02 Nov 2025 00:20:07 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.59.0.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:e4:ef:39:60:10:d0:c4:f3:f1:21:ab:ec:aa:90:87:71:36:f0:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:20:07 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=4caae9527a845ac380fa5b4f39cda5a2381bb98d2dff77dd3868e6cd35666617, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:2e:6d:88:0c:08:85:28:f9:21:a1:84:c5:ac:
                    be:c2:d7:3d:d9:ec:5b:93:ea:c9:ac:ce:94:a4:bf:
                    d6:df:d4:0c:f8:da:16:f9:12:76:ea:29:5f:21:3e:
                    a3:1b:e1:8a:7b:68:25:59:fc:fc:ad:87:17:5a:99:
                    e9:9f:fa:2d:12:78:50:15:f8:93:18:61:31:fb:07:
                    18:42:2b:a1:63:8a:d6:da:37:09:de:c9:3c:86:9b:
                    a6:48:b2:40:c0:0e:0b:05:c5:d3:cd:e7:af:6b:6d:
                    a5:31:85:4c:96:66:68:45:02:ab:45:6e:c1:ee:75:
                    9b:96:cd:17:a4:cf:68:66:5f:9f:9a:93:71:65:19:
                    80:0a:bb:35:50:9a:11:1b:2c:94:47:1d:8b:ef:03:
                    b1:f8:7d:da:f4:1d:15:16:70:13:80:0f:bb:13:9c:
                    51:79:07:8b:e2:e0:82:0a:17:8a:4b:26:30:f3:27:
                    ac:56:e6:2c:3c:9c:f1:2c:e5:c3:9c:cb:15:93:7c:
                    1b:05:c5:e8:e3:b9:4d:60:8e:82:07:6f:18:39:aa:
                    c2:42:3f:9a:9e:a9:a9:1e:b9:13:42:cd:bb:35:4e:
                    6d:ae:d0:fb:3f:56:df:42:6a:4a:df:39:ea:c7:7c:
                    39:1a:3f:9a:e7:ea:a4:f5:7f:a7:de:c1:49:98:a8:
                    58:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:DA:E3:4C:32:FD:5C:BE:0E:16:99:AB:F0:74:6F:EF:4B:19:B9:76
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/52a2b218-2a29-4964-b153-565ac1d505cf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.59.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         49:6d:4d:05:4c:23:99:8e:5e:5c:49:7d:6f:0c:e8:68:50:ef:
         cd:7a:27:7b:90:6e:75:7f:25:45:76:47:ed:48:22:bb:90:56:
         57:de:50:bb:2c:6e:b1:d7:1c:36:de:a4:62:e4:e0:d5:4b:23:
         b4:76:62:c6:f3:18:60:4a:97:54:e5:dd:37:9e:94:fb:7f:6a:
         c3:32:de:71:b1:11:3e:b1:3d:7e:3c:bf:5e:4b:f6:db:a3:80:
         58:33:59:a4:39:ae:6d:50:9b:66:40:da:4f:99:89:36:de:d3:
         fb:60:18:f9:24:04:32:c1:b3:2b:52:b8:1d:1a:76:c4:06:e0:
         b3:2e:d4:35:e2:4a:1a:a7:c6:ff:e7:90:a9:a4:92:08:1f:3d:
         d2:56:fe:78:91:20:68:9b:8c:0a:d6:35:29:81:f8:df:b3:0b:
         f4:b5:eb:e0:eb:6e:fb:bc:12:53:c0:9f:bf:7c:55:66:6e:dd:
         29:52:03:c1:c9:f6:bb:26:e8:d3:10:ff:4f:b1:ff:9a:7d:d7:
         49:c9:68:8d:33:84:ca:80:5c:c8:0c:03:82:a4:b8:b1:82:22:
         b8:45:73:80:15:05:fc:24:4d:91:41:94:df:7b:97:2e:77:fa:
         7b:95:0a:6c:b7:0f:ca:55:b6:c0:34:c5:bd:46:6e:3d:65:d7:
         60:a4:93:0f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUC+TvOWAQ0MTz8SGr7KqQh3E28E8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDAyMDA3WhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0Y2FhZTk1MjdhODQ1YWMzODBmYTViNGYzOWNkYTVhMjM4
MWJiOThkMmRmZjc3ZGQzODY4ZTZjZDM1NjY2NjE3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJLm2IDAiFKPkhoYTFrL7C1z3Z7FuT6smszpSkv9bf1Az4
2hb5EnbqKV8hPqMb4Yp7aCVZ/Pythxdamemf+i0SeFAV+JMYYTH7BxhCK6Fjitba
NwneyTyGm6ZIskDADgsFxdPN569rbaUxhUyWZmhFAqtFbsHudZuWzRekz2hmX5+a
k3FlGYAKuzVQmhEbLJRHHYvvA7H4fdr0HRUWcBOAD7sTnFF5B4vi4IIKF4pLJjDz
J6xW5iw8nPEs5cOcyxWTfBsFxejjuU1gjoIHbxg5qsJCP5qeqakeuRNCzbs1Tm2u
0Ps/Vt9CakrfOerHfDkaP5rn6qT1f6fewUmYqFitAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEtrjTDL9XL4OFpmr8HRv70sZuXYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzUyYTJiMjE4LTJhMjktNDk2NC1iMTUzLTU2NWFjMWQ1MDVjZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZAOwAwDQYJKoZIhvcNAQELBQADggEBAEltTQVMI5mOXlxJfW8M6GhQ7816
J3uQbnV/JUV2R+1IIruQVlfeULssbrHXHDbepGLk4NVLI7R2YsbzGGBKl1Tl3Tee
lPt/asMy3nGxET6xPX48v15L9tujgFgzWaQ5rm1Qm2ZA2k+ZiTbe0/tgGPkkBDLB
sytSuB0adsQG4LMu1DXiShqnxv/nkKmkkggfPdJW/niRIGibjArWNSmB+N+zC/S1
6+Drbvu8ElPAn798VWZu3SlSA8HJ9rsm6NMQ/0+x/5p910nJaI0zhMqAXMgMA4Kk
uLGCIrhFc4AVBfwkTZFBlN97ly53+nuVCmy3D8pVtsA0xb1Gbj1l12Ckkw8=
-----END CERTIFICATE-----