Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/59965eb9-a645-4fb7-a6d9-bdde9e726d3f.roa
File:                     59965eb9-a645-4fb7-a6d9-bdde9e726d3f.roa (raw, json)
Hash identifier:          5IIZQGUziy0opVpdmhR75VIfgTzPnEnnSNfDFL5PBZk=
Subject key identifier:   61:FA:9B:64:18:E2:43:37:A6:1B:B8:59:83:A8:F3:7F:78:38:EF:77
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2BB597C7687726B6471E48BF7CFBF14FCB2461A0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/59965eb9-a645-4fb7-a6d9-bdde9e726d3f.roa
Signing time:             Wed 05 Nov 2025 00:30:58 +0000
ROA not before:           Wed 05 Nov 2025 00:30:58 +0000
ROA not after:            Wed 10 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.226.216.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:b5:97:c7:68:77:26:b6:47:1e:48:bf:7c:fb:f1:4f:cb:24:61:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  5 00:30:58 2025 GMT
            Not After : Dec 10 23:59:59 2025 GMT
        Subject: serialNumber=c973153503dae5775958f21d3ade1f4ef6d2cc6cced36d15c852854cce57eeff, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9f:cc:91:94:7c:25:8b:ca:cb:28:0b:28:43:
                    94:dc:91:3f:df:7f:23:f9:fe:7a:3e:bb:3f:d3:cd:
                    12:06:26:3d:9a:aa:2e:07:55:69:5d:56:49:1b:ae:
                    b5:af:bd:67:3a:eb:fd:1a:b0:c7:c2:c9:65:97:9f:
                    3a:e4:18:e3:98:3c:27:c8:f5:6f:5c:c4:e6:c1:f0:
                    34:a1:54:8b:90:1b:bb:85:7e:db:95:56:15:6d:c0:
                    6e:23:df:f4:99:fc:53:3d:50:16:70:17:b6:18:34:
                    3f:5d:26:50:d7:45:a4:05:59:05:c4:e8:96:19:f9:
                    7a:51:80:46:02:49:29:59:f7:67:9f:ff:36:a6:22:
                    df:73:0e:b1:d0:ee:dc:ef:b0:c7:ee:73:f0:e7:f9:
                    78:7c:93:bf:b4:25:6b:55:dc:a5:03:e7:8a:2f:4f:
                    ee:6a:b3:9f:8f:d2:79:c5:d7:30:0d:48:4c:92:5e:
                    04:f2:d6:58:18:31:c1:8e:f8:39:7b:a1:b6:89:e0:
                    eb:58:0b:a3:d8:6e:b4:35:a9:24:66:9b:f7:30:dc:
                    53:e6:9e:b8:dd:be:aa:99:3f:06:05:a1:70:c6:5b:
                    a9:45:ad:0f:8e:f6:96:5e:c7:e4:95:b6:14:38:e1:
                    fb:79:fa:e9:b2:6e:33:5c:ef:1c:04:32:b4:44:c9:
                    43:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:FA:9B:64:18:E2:43:37:A6:1B:B8:59:83:A8:F3:7F:78:38:EF:77
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/59965eb9-a645-4fb7-a6d9-bdde9e726d3f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.226.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:87:7b:28:97:c0:1c:23:81:f0:08:d8:31:42:7e:b7:46:2e:
         b0:69:95:c9:01:6a:f0:30:2f:d2:c1:3d:96:14:b8:96:86:95:
         d3:46:c7:48:32:9f:6f:41:f6:70:5b:a9:62:01:d3:da:f4:c8:
         72:80:0e:f7:fe:e7:4e:74:c9:91:d6:72:e0:e2:7a:05:70:10:
         d6:46:e0:e7:1c:32:34:9a:48:96:f2:fc:c6:dc:81:60:10:1c:
         dd:64:04:57:c3:ee:a7:09:9d:89:d0:68:5f:ea:3c:d6:cd:a1:
         c8:5b:e6:8e:0a:be:0b:c9:1f:55:c0:ef:b5:bb:dd:c9:53:58:
         a6:6e:52:b1:0f:e2:ad:99:6f:da:58:d2:60:aa:e9:7f:e1:26:
         ca:7e:fb:42:02:43:64:28:49:ea:8b:ca:82:7c:3a:31:42:8d:
         03:6c:0d:26:a4:7c:14:2d:d5:00:44:d1:78:c6:a3:f5:64:59:
         8d:17:8a:ca:a4:9c:7a:1b:bc:68:f4:19:36:63:e4:2f:b2:df:
         1b:42:aa:60:7e:d7:18:18:86:36:87:63:69:a3:58:ef:0f:3c:
         60:c4:54:a0:ce:7b:81:fc:94:93:00:de:93:9c:2a:0e:29:42:
         21:26:aa:1e:2b:8f:62:b7:51:a3:3d:a0:25:2e:96:86:40:d0:
         11:78:c0:cc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUK7WXx2h3JrZHHki/fPvxT8skYaAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA1MDAzMDU4WhcNMjUxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BjOTczMTUzNTAzZGFlNTc3NTk1OGYyMWQzYWRlMWY0ZWY2
ZDJjYzZjY2VkMzZkMTVjODUyODU0Y2NlNTdlZWZmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyn8yRlHwli8rLKAsoQ5TckT/ffyP5/no+uz/TzRIGJj2a
qi4HVWldVkkbrrWvvWc66/0asMfCyWWXnzrkGOOYPCfI9W9cxObB8DShVIuQG7uF
ftuVVhVtwG4j3/SZ/FM9UBZwF7YYND9dJlDXRaQFWQXE6JYZ+XpRgEYCSSlZ92ef
/zamIt9zDrHQ7tzvsMfuc/Dn+Xh8k7+0JWtV3KUD54ovT+5qs5+P0nnF1zANSEyS
XgTy1lgYMcGO+Dl7obaJ4OtYC6PYbrQ1qSRmm/cw3FPmnrjdvqqZPwYFoXDGW6lF
rQ+O9pZex+SVthQ44ft5+umybjNc7xwEMrREyUOHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYfqbZBjiQzemG7hZg6jzf3g473cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU5OTY1ZWI5LWE2NDUtNGZiNy1hNmQ5LWJkZGU5ZTcyNmQzZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJA4tgwDQYJKoZIhvcNAQELBQADggEBACaHeyiXwBwjgfAI2DFCfrdGLrBp
lckBavAwL9LBPZYUuJaGldNGx0gyn29B9nBbqWIB09r0yHKADvf+5050yZHWcuDi
egVwENZG4OccMjSaSJby/MbcgWAQHN1kBFfD7qcJnYnQaF/qPNbNochb5o4KvgvJ
H1XA77W73clTWKZuUrEP4q2Zb9pY0mCq6X/hJsp++0ICQ2QoSeqLyoJ8OjFCjQNs
DSakfBQt1QBE0XjGo/VkWY0XisqknHobvGj0GTZj5C+y3xtCqmB+1xgYhjaHY2mj
WO8PPGDEVKDOe4H8lJMA3pOcKg4pQiEmqh4rj2K3UaM9oCUuloZA0BF4wMw=
-----END CERTIFICATE-----