Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/53d78b8d-9d24-4b82-95d5-b283fa71e677.roa
File:                     53d78b8d-9d24-4b82-95d5-b283fa71e677.roa (raw, json)
Hash identifier:          NgAWVlg/RjBWuYMh6cj5Vo0JxgHe5UIMNG54Axtu9mk=
Subject key identifier:   28:32:41:A7:A0:5E:E0:DA:8E:09:B8:B2:FF:CE:74:64:C9:39:01:34
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       47ACD4F64D6EC05DCDF81870D0C404863F644F5E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/53d78b8d-9d24-4b82-95d5-b283fa71e677.roa
Signing time:             Tue 04 Nov 2025 00:21:36 +0000
ROA not before:           Tue 04 Nov 2025 00:21:36 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.48.0.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:ac:d4:f6:4d:6e:c0:5d:cd:f8:18:70:d0:c4:04:86:3f:64:4f:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  4 00:21:36 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=53b3ceb0a522d632c60df2ae838e392f0bcb829767462d56e39fc81951a0eda7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c8:98:45:3a:89:f5:54:d1:b5:41:e3:26:a8:
                    a8:db:ef:8a:0e:13:9c:ea:83:76:7c:50:76:90:62:
                    8b:e1:a8:73:ef:95:f3:85:a0:88:b3:e9:a8:89:ae:
                    5c:ad:3b:40:d6:b7:47:32:41:28:4f:da:51:5e:4d:
                    8c:8a:bb:67:c6:82:bb:07:af:a9:2e:9b:62:6c:a8:
                    f6:ca:a9:e4:10:2c:15:0c:67:68:ce:de:34:f5:d2:
                    9b:9b:cd:cb:b0:83:1d:d9:e3:9d:8a:58:b6:ab:76:
                    50:c5:6d:90:6f:d7:f1:29:05:17:11:99:06:e5:6b:
                    d3:ca:56:35:e7:99:29:cf:b2:8c:3c:a8:e3:2b:1d:
                    7b:92:6c:0c:04:52:3a:44:f7:bf:50:d1:0f:0e:63:
                    d6:89:ca:8b:87:6d:82:9b:ff:5d:03:e3:42:05:db:
                    4b:7a:78:47:91:a8:b6:fa:e5:79:49:55:14:a3:b3:
                    19:0c:b9:09:d9:a3:8d:df:02:59:85:24:49:d3:4f:
                    de:49:34:8d:fd:78:dd:b5:e3:89:d0:eb:55:49:1e:
                    42:c1:cd:34:ea:ad:a9:54:99:e6:ad:b9:f5:82:fb:
                    b5:43:c4:c5:db:4b:da:db:ec:03:fe:8e:ab:3a:13:
                    e9:9a:f7:6b:41:55:f6:c1:f5:7b:a1:4f:cd:6b:5b:
                    a2:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:32:41:A7:A0:5E:E0:DA:8E:09:B8:B2:FF:CE:74:64:C9:39:01:34
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/53d78b8d-9d24-4b82-95d5-b283fa71e677.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.48.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         2b:57:13:4c:7c:17:ad:0f:2e:46:9d:18:82:8c:29:54:41:2a:
         19:06:fe:0d:81:c7:e2:ef:21:0b:2b:4e:57:cc:b9:23:0a:b0:
         8c:0c:be:7b:2a:84:1d:43:6d:fc:dd:46:62:4f:ca:31:3b:6e:
         c5:34:a1:86:26:14:4d:9e:51:2d:eb:d7:68:f0:1b:cf:9b:21:
         aa:ec:a1:43:fc:0f:c4:e7:8c:d6:7c:ec:29:2d:54:c0:59:84:
         34:1d:22:25:57:02:0e:19:63:fe:82:21:9a:ea:bc:2e:b6:13:
         4f:aa:a0:50:33:23:37:09:99:05:bc:79:ce:de:e9:6d:92:e9:
         72:a8:1d:a9:10:25:f0:78:3e:12:c5:e4:74:d9:f2:44:06:a7:
         40:8e:4e:71:1b:d5:b7:e3:df:4b:d7:b8:cf:19:a0:29:06:55:
         71:27:b7:47:27:67:71:9c:c5:68:79:23:93:7a:b1:63:9f:c6:
         c3:2d:ad:26:86:04:65:d4:9e:7f:66:c5:9d:bc:b8:85:54:05:
         26:91:bb:9b:3d:44:bd:9c:d7:b5:a2:27:77:1f:fa:3b:16:76:
         b3:3a:88:f6:ed:a1:77:34:61:1a:6d:18:b3:dc:4f:04:ed:01:
         03:b8:d5:8b:79:04:12:95:a8:e0:1b:3f:0d:2d:9f:7e:5b:96:
         ab:5c:4f:78
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUR6zU9k1uwF3N+Bhw0MQEhj9kT14wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA0MDAyMTM2WhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A1M2IzY2ViMGE1MjJkNjMyYzYwZGYyYWU4MzhlMzkyZjBi
Y2I4Mjk3Njc0NjJkNTZlMzlmYzgxOTUxYTBlZGE3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpyJhFOon1VNG1QeMmqKjb74oOE5zqg3Z8UHaQYovhqHPv
lfOFoIiz6aiJrlytO0DWt0cyQShP2lFeTYyKu2fGgrsHr6kum2JsqPbKqeQQLBUM
Z2jO3jT10pubzcuwgx3Z452KWLardlDFbZBv1/EpBRcRmQbla9PKVjXnmSnPsow8
qOMrHXuSbAwEUjpE979Q0Q8OY9aJyouHbYKb/10D40IF20t6eEeRqLb65XlJVRSj
sxkMuQnZo43fAlmFJEnTT95JNI39eN2144nQ61VJHkLBzTTqralUmeatufWC+7VD
xMXbS9rb7AP+jqs6E+ma92tBVfbB9XuhT81rW6IZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKDJBp6Be4NqOCbiy/850ZMk5ATQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzUzZDc4YjhkLTlkMjQtNGI4Mi05NWQ1LWIyODNmYTcxZTY3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZBMAAwDQYJKoZIhvcNAQELBQADggEBACtXE0x8F60PLkadGIKMKVRBKhkG
/g2Bx+LvIQsrTlfMuSMKsIwMvnsqhB1DbfzdRmJPyjE7bsU0oYYmFE2eUS3r12jw
G8+bIarsoUP8D8TnjNZ87CktVMBZhDQdIiVXAg4ZY/6CIZrqvC62E0+qoFAzIzcJ
mQW8ec7e6W2S6XKoHakQJfB4PhLF5HTZ8kQGp0COTnEb1bfj30vXuM8ZoCkGVXEn
t0cnZ3GcxWh5I5N6sWOfxsMtrSaGBGXUnn9mxZ28uIVUBSaRu5s9RL2c17WiJ3cf
+jsWdrM6iPbtoXc0YRptGLPcTwTtAQO41Yt5BBKVqOAbPw0tn35blqtcT3g=
-----END CERTIFICATE-----