Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/530a77ca-5428-42b4-9c03-adb88573ea2a.roa
File:                     530a77ca-5428-42b4-9c03-adb88573ea2a.roa (raw, json)
Hash identifier:          19xh4tMtaKj88okXK4RkFr+Naw7ZvG2hLx2qMo9NbMM=
Subject key identifier:   EB:16:23:22:7E:75:3E:ED:90:00:E4:EE:C0:10:B1:86:70:FC:6A:CF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       09BFF9F2950FAFC8278DC9F8771D0BE6EAA87502
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/530a77ca-5428-42b4-9c03-adb88573ea2a.roa
Signing time:             Sun 02 Nov 2025 00:30:12 +0000
ROA not before:           Sun 02 Nov 2025 00:30:12 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        66.7.0.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:bf:f9:f2:95:0f:af:c8:27:8d:c9:f8:77:1d:0b:e6:ea:a8:75:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:30:12 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=4ea00e066c3748fa76358160907196f10e8571a2389dd1e26c11e417b2603500, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:88:a9:3f:4d:cf:c5:35:26:e5:fd:34:7d:d3:
                    74:39:d8:c2:fb:2e:8c:32:ed:3f:3e:5b:7c:9d:94:
                    36:b4:10:53:a4:33:95:1d:5a:00:c4:3b:88:6a:56:
                    a1:56:32:35:11:3c:5a:03:04:57:76:43:45:ae:3c:
                    68:ba:83:78:ba:b5:90:97:4c:81:19:7d:8d:76:21:
                    9f:5d:0b:80:09:00:f4:6f:fb:e5:db:bc:34:d4:09:
                    98:53:be:34:cb:25:3c:fa:f4:01:04:a2:e2:72:0f:
                    ae:be:6a:07:d9:11:e3:b8:3c:d2:93:a8:63:87:18:
                    48:12:64:45:7d:30:b9:c5:0b:69:e4:8e:d1:4b:35:
                    4f:64:15:88:1e:d7:a1:d2:e0:21:6e:e9:0b:37:47:
                    b0:b5:22:0d:d2:bb:b6:ab:1a:00:28:21:77:02:91:
                    a5:f8:7d:0f:23:68:de:4b:66:1c:20:da:8d:1a:f4:
                    1a:30:b9:d1:4d:4b:51:ba:93:9e:e9:33:6e:26:8f:
                    5b:54:d5:c9:7b:ba:ae:cc:85:e2:9b:65:e5:a7:b7:
                    ad:95:38:f5:38:a9:8e:52:1f:8f:92:06:32:7c:1e:
                    6b:ba:1e:7c:c8:00:00:41:89:d8:0c:11:26:78:43:
                    15:dd:92:8f:39:4d:c5:b7:61:98:1a:f8:9a:cd:28:
                    11:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:16:23:22:7E:75:3E:ED:90:00:E4:EE:C0:10:B1:86:70:FC:6A:CF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/530a77ca-5428-42b4-9c03-adb88573ea2a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.7.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         c8:04:0c:e2:a7:11:96:0a:0a:c0:91:07:96:d3:08:ab:88:74:
         35:1c:7d:d9:46:d0:74:f0:73:43:a1:cf:d5:29:17:5e:60:a6:
         71:4e:b5:67:4f:fa:85:90:7c:50:cc:46:d7:81:df:88:d0:03:
         9d:ee:b4:6f:02:7b:d7:c4:90:dc:f0:a8:a6:ec:2e:65:6d:0c:
         fe:f3:a7:e9:34:26:77:80:f7:d4:c7:99:7a:60:02:a6:3e:40:
         57:ef:26:75:01:db:5a:bd:98:f5:02:42:41:e7:a5:f1:81:eb:
         4f:6a:30:d2:e0:e0:0a:9e:51:82:31:e2:3c:a9:06:35:dd:28:
         de:5d:3f:42:6b:7b:9c:f8:d4:ae:5a:5b:84:75:02:17:92:24:
         e5:8b:23:58:d5:ae:0a:f2:7b:f0:81:bb:0f:ad:9c:53:fb:ef:
         35:37:0d:b1:92:b8:d3:cf:79:25:3a:61:64:ec:29:b4:ce:fe:
         31:1f:93:89:02:6a:4f:4d:15:96:77:99:99:56:2e:6f:3f:ef:
         21:de:32:23:2d:52:96:4e:42:95:c5:dc:ea:d7:60:f9:48:63:
         e6:e0:d7:df:3a:5a:f1:57:7d:41:5d:f8:d4:84:a3:44:13:9b:
         28:d2:e0:e5:e1:b1:05:2e:e0:58:c1:5d:e6:4a:b8:8a:de:ce:
         e9:cc:13:82
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCb/58pUPr8gnjcn4dx0L5uqodQIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDAzMDEyWhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZWEwMGUwNjZjMzc0OGZhNzYzNTgxNjA5MDcxOTZmMTBl
ODU3MWEyMzg5ZGQxZTI2YzExZTQxN2IyNjAzNTAwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMiKk/Tc/FNSbl/TR903Q52ML7Lowy7T8+W3ydlDa0EFOk
M5UdWgDEO4hqVqFWMjURPFoDBFd2Q0WuPGi6g3i6tZCXTIEZfY12IZ9dC4AJAPRv
++XbvDTUCZhTvjTLJTz69AEEouJyD66+agfZEeO4PNKTqGOHGEgSZEV9MLnFC2nk
jtFLNU9kFYge16HS4CFu6Qs3R7C1Ig3Su7arGgAoIXcCkaX4fQ8jaN5LZhwg2o0a
9BowudFNS1G6k57pM24mj1tU1cl7uq7MheKbZeWnt62VOPU4qY5SH4+SBjJ8Hmu6
HnzIAABBidgMESZ4QxXdko85TcW3YZga+JrNKBGLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6xYjIn51Pu2QAOTuwBCxhnD8as8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzUzMGE3N2NhLTU0MjgtNDJiNC05YzAzLWFkYjg4NTczZWEyYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZCBwAwDQYJKoZIhvcNAQELBQADggEBAMgEDOKnEZYKCsCRB5bTCKuIdDUc
fdlG0HTwc0Ohz9UpF15gpnFOtWdP+oWQfFDMRteB34jQA53utG8Ce9fEkNzwqKbs
LmVtDP7zp+k0JneA99THmXpgAqY+QFfvJnUB21q9mPUCQkHnpfGB609qMNLg4Aqe
UYIx4jypBjXdKN5dP0Jre5z41K5aW4R1AheSJOWLI1jVrgrye/CBuw+tnFP77zU3
DbGSuNPPeSU6YWTsKbTO/jEfk4kCak9NFZZ3mZlWLm8/7yHeMiMtUpZOQpXF3OrX
YPlIY+bg1986WvFXfUFd+NSEo0QTmyjS4OXhsQUu4FjBXeZKuIrezunME4I=
-----END CERTIFICATE-----