Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/54e42db5-0b5b-478b-82ca-813f1638abd2.roa
File:                     54e42db5-0b5b-478b-82ca-813f1638abd2.roa (raw, json)
Hash identifier:          PIlCIj0c23WUnr3YmCX0TCt48uKYJLO1pBWgpY/aAhA=
Subject key identifier:   17:F8:6D:D5:21:54:E2:55:37:34:61:3F:86:C3:E1:11:03:06:7D:8E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       02EDD3118BDC2307061A7026E224C3D0B6F371B5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/54e42db5-0b5b-478b-82ca-813f1638abd2.roa
Signing time:             Tue 28 Oct 2025 00:51:33 +0000
ROA not before:           Tue 28 Oct 2025 00:51:33 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.176.0.0/14 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:ed:d3:11:8b:dc:23:07:06:1a:70:26:e2:24:c3:d0:b6:f3:71:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:51:33 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=94f4a8775dc2f70d7506bf6f66c45a7e685e3a2935f14088b5636b8d238c704b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ea:a6:23:46:e3:ae:9a:dc:c7:28:72:09:e2:
                    c2:7a:4b:bf:84:0d:73:9e:6f:70:78:c3:1b:f3:0b:
                    ce:a2:0d:4e:b7:c1:a5:00:aa:20:a0:b1:dd:98:79:
                    04:a7:bc:24:73:1e:30:83:ce:77:f5:cd:b7:6a:2c:
                    c1:6d:20:28:fc:ea:ec:ff:30:b6:b1:61:06:25:f6:
                    63:42:42:3a:e2:e4:90:3c:b7:b2:5a:ed:c8:76:ea:
                    0f:ff:6c:18:08:64:cf:4a:63:d7:ea:28:3a:d3:0a:
                    30:b9:90:e5:16:1f:8d:1a:46:ac:d4:40:4d:c6:c6:
                    ce:87:79:0f:0a:d5:aa:2e:32:c8:b9:5c:2b:32:8c:
                    f1:eb:38:5e:6f:2e:5d:ad:6d:9f:07:26:63:c0:a2:
                    3e:c2:3d:7d:bc:72:ce:c4:c5:1b:75:e6:4a:25:27:
                    f2:69:91:fe:6e:e8:e7:54:fd:f0:08:6e:7e:0f:ea:
                    26:2e:52:1c:da:74:95:ec:d5:a4:d9:04:a1:fe:6a:
                    07:3f:b9:a9:14:5b:ab:24:64:3c:28:36:c7:93:37:
                    59:c2:54:20:41:50:48:56:f0:8a:8b:fb:55:5e:75:
                    f8:13:8b:88:de:c5:c1:f9:cd:41:dc:eb:ce:75:e9:
                    34:b2:4a:4c:1e:45:8c:04:ea:f0:66:1b:d2:80:ee:
                    63:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:F8:6D:D5:21:54:E2:55:37:34:61:3F:86:C3:E1:11:03:06:7D:8E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/54e42db5-0b5b-478b-82ca-813f1638abd2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.176.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         b3:a2:e1:de:89:af:49:97:27:b3:18:7f:a4:f7:da:2a:f0:65:
         25:a7:fe:57:a3:18:93:93:47:91:68:e1:32:6b:75:56:58:63:
         f3:e2:39:4a:1b:65:e9:9c:28:68:07:d4:91:7c:0e:8a:b5:8d:
         89:03:25:d4:90:9f:0c:7a:e0:77:14:25:36:e9:6f:8a:bb:73:
         c2:c1:c9:ef:2d:f0:66:27:c5:ad:b4:34:67:4c:c6:a7:8f:a8:
         68:0e:f0:ed:f5:b0:47:b5:15:57:ec:c4:26:aa:ea:0a:1b:d2:
         30:1b:e8:6c:6d:1d:11:dd:77:33:6c:21:b2:a6:9e:e8:81:14:
         07:f6:2c:78:ff:67:e1:b4:eb:04:04:e1:36:85:d4:44:3c:0f:
         bd:8d:a0:82:c3:d7:ea:86:c0:89:34:97:8b:f0:a6:11:11:2e:
         75:3f:a1:03:bf:e8:d0:5e:e6:de:14:7c:70:b4:d3:80:a2:77:
         08:69:08:b3:39:10:75:8b:94:56:15:4a:24:b1:36:7a:d1:29:
         6c:78:9d:97:d8:11:10:89:81:32:0e:8b:5d:88:85:d1:8e:ca:
         6a:52:d9:60:3f:f2:0f:e0:9b:3d:d1:6f:f1:70:69:81:6d:c2:
         d2:a7:23:27:2a:05:18:1b:8e:cf:a2:21:15:dc:fe:db:47:73:
         ed:a0:11:61
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUAu3TEYvcIwcGGnAm4iTD0LbzcbUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDA1MTMzWhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NGY0YTg3NzVkYzJmNzBkNzUwNmJmNmY2NmM0NWE3ZTY4
NWUzYTI5MzVmMTQwODhiNTYzNmI4ZDIzOGM3MDRiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCd6qYjRuOumtzHKHIJ4sJ6S7+EDXOeb3B4wxvzC86iDU63
waUAqiCgsd2YeQSnvCRzHjCDznf1zbdqLMFtICj86uz/MLaxYQYl9mNCQjri5JA8
t7Ja7ch26g//bBgIZM9KY9fqKDrTCjC5kOUWH40aRqzUQE3Gxs6HeQ8K1aouMsi5
XCsyjPHrOF5vLl2tbZ8HJmPAoj7CPX28cs7ExRt15kolJ/Jpkf5u6OdU/fAIbn4P
6iYuUhzadJXs1aTZBKH+agc/uakUW6skZDwoNseTN1nCVCBBUEhW8IqL+1VedfgT
i4jexcH5zUHc68516TSySkweRYwE6vBmG9KA7mOvAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUF/ht1SFU4lU3NGE/hsPhEQMGfY4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU0ZTQyZGI1LTBiNWItNDc4Yi04MmNhLTgxM2YxNjM4YWJkMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwJBsDANBgkqhkiG9w0BAQsFAAOCAQEAs6Lh3omvSZcnsxh/pPfaKvBlJaf+
V6MYk5NHkWjhMmt1Vlhj8+I5Shtl6ZwoaAfUkXwOirWNiQMl1JCfDHrgdxQlNulv
irtzwsHJ7y3wZifFrbQ0Z0zGp4+oaA7w7fWwR7UVV+zEJqrqChvSMBvobG0dEd13
M2whsqae6IEUB/YseP9n4bTrBAThNoXURDwPvY2ggsPX6obAiTSXi/CmEREudT+h
A7/o0F7m3hR8cLTTgKJ3CGkIszkQdYuUVhVKJLE2etEpbHidl9gREImBMg6LXYiF
0Y7KalLZYD/yD+CbPdFv8XBpgW3C0qcjJyoFGBuOz6IhFdz+20dz7aARYQ==
-----END CERTIFICATE-----