Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5a48fd68-ae13-4542-b8a0-9413f8573dd6.roa
File:                     5a48fd68-ae13-4542-b8a0-9413f8573dd6.roa (raw, json)
Hash identifier:          3ZBKe7DPi0+GMXEUWI1ySyWLJP7uMbbJyf3vVBYw9og=
Subject key identifier:   4A:EE:62:2C:07:28:9F:09:99:A2:CB:3B:D2:83:55:B1:64:52:0B:97
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       75AECD49EFD418AEE6AEC48B8D677D81C0A0C231
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5a48fd68-ae13-4542-b8a0-9413f8573dd6.roa
Signing time:             Sat 25 Oct 2025 00:30:14 +0000
ROA not before:           Sat 25 Oct 2025 00:30:14 +0000
ROA not after:            Sat 29 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        168.203.64.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:ae:cd:49:ef:d4:18:ae:e6:ae:c4:8b:8d:67:7d:81:c0:a0:c2:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 25 00:30:14 2025 GMT
            Not After : Nov 29 23:59:59 2025 GMT
        Subject: serialNumber=13ec24e5d07257de6bdcd652e793b4e767e729cda89d5b1caa3921315131dc1b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:7e:59:e2:19:12:5e:34:75:39:ae:6d:9d:0c:
                    d0:03:a1:63:f4:4b:74:84:28:65:22:88:34:e9:c5:
                    43:24:52:9e:3d:4a:c1:57:45:79:39:cc:d7:89:9f:
                    9a:04:c6:78:d4:5e:0e:31:a7:55:f5:61:36:bc:70:
                    2b:61:54:65:f5:85:9f:f0:4e:4b:ff:76:62:63:47:
                    63:ab:e1:9d:0b:a0:00:30:29:36:24:7a:62:e9:0b:
                    e4:ab:c4:f6:a9:cd:fe:bb:ce:fa:ad:12:d5:32:05:
                    53:cb:42:36:7e:d2:03:85:72:2f:dd:b5:ed:ac:7d:
                    8a:e2:34:7e:1e:b3:b2:66:6d:48:a0:d1:70:c3:1c:
                    52:67:a4:fe:75:84:11:eb:a5:8f:53:4e:65:04:9c:
                    28:2f:24:aa:5d:ec:65:78:59:66:b6:cc:c0:d4:26:
                    32:f9:8e:1b:82:66:42:88:16:07:ac:d5:d9:ff:d0:
                    7c:27:be:05:f3:aa:16:77:00:61:84:b6:8e:2b:4e:
                    78:95:b6:a4:d4:32:cd:f0:fe:10:00:88:de:85:17:
                    7e:af:21:52:e1:9d:c8:ea:a0:21:9c:c5:c6:c5:b1:
                    b7:18:2b:31:ee:62:b9:51:d6:68:40:7f:ce:42:a8:
                    56:9f:c6:91:98:88:2f:16:67:17:71:65:fd:c6:8d:
                    30:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:EE:62:2C:07:28:9F:09:99:A2:CB:3B:D2:83:55:B1:64:52:0B:97
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5a48fd68-ae13-4542-b8a0-9413f8573dd6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.203.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         5e:04:66:fa:5d:2b:6d:56:92:3e:43:64:ee:28:dc:47:d8:a3:
         b9:bb:b5:d9:34:78:df:c2:3e:71:92:56:72:10:e2:03:c8:fc:
         95:4f:3a:66:93:73:53:05:dd:ab:e9:21:9f:9f:ed:b9:59:46:
         b5:fb:d6:36:15:1a:04:d1:f9:e1:46:63:f4:64:e9:6c:a2:db:
         d4:82:d4:86:8a:27:b1:20:08:f7:66:f8:dc:c6:91:00:cb:bd:
         ed:a0:27:80:b8:bf:20:30:0e:32:f7:73:8f:51:36:26:ed:8b:
         55:d9:c8:b7:d5:c2:9b:7d:79:bc:26:fa:c6:33:b0:c4:dc:4c:
         26:1c:1b:b2:25:74:a2:8c:b3:f0:b3:c0:1a:38:c0:aa:b4:a0:
         28:b9:ca:ca:e8:1c:65:44:d9:b8:d5:8d:dd:c0:59:52:25:d9:
         31:94:4d:1d:07:b0:ee:ba:01:96:5a:c6:49:76:ca:0f:04:6b:
         2b:fb:19:4b:a3:0b:d4:da:e4:3b:f9:78:e5:d3:df:cd:64:e5:
         be:e9:b4:19:3c:a9:50:b9:78:6f:52:7f:d5:8b:af:69:57:eb:
         6f:90:d9:f6:2d:99:0b:7b:ab:85:21:f3:57:a0:31:cc:cd:4c:
         49:c8:c0:c0:61:07:79:bc:c7:74:63:2d:58:a1:27:be:48:4e:
         72:5a:78:aa
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUda7NSe/UGK7mrsSLjWd9gcCgwjEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI1MDAzMDE0WhcNMjUxMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AxM2VjMjRlNWQwNzI1N2RlNmJkY2Q2NTJlNzkzYjRlNzY3
ZTcyOWNkYTg5ZDViMWNhYTM5MjEzMTUxMzFkYzFiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYflniGRJeNHU5rm2dDNADoWP0S3SEKGUiiDTpxUMkUp49
SsFXRXk5zNeJn5oExnjUXg4xp1X1YTa8cCthVGX1hZ/wTkv/dmJjR2Or4Z0LoAAw
KTYkemLpC+SrxPapzf67zvqtEtUyBVPLQjZ+0gOFci/dte2sfYriNH4es7JmbUig
0XDDHFJnpP51hBHrpY9TTmUEnCgvJKpd7GV4WWa2zMDUJjL5jhuCZkKIFges1dn/
0HwnvgXzqhZ3AGGEto4rTniVtqTUMs3w/hAAiN6FF36vIVLhncjqoCGcxcbFsbcY
KzHuYrlR1mhAf85CqFafxpGYiC8WZxdxZf3GjTCFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSu5iLAconwmZoss70oNVsWRSC5cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVhNDhmZDY4LWFlMTMtNDU0Mi1iOGEwLTk0MTNmODU3M2RkNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAaoy0AwDQYJKoZIhvcNAQELBQADggEBAF4EZvpdK21Wkj5DZO4o3EfYo7m7
tdk0eN/CPnGSVnIQ4gPI/JVPOmaTc1MF3avpIZ+f7blZRrX71jYVGgTR+eFGY/Rk
6Wyi29SC1IaKJ7EgCPdm+NzGkQDLve2gJ4C4vyAwDjL3c49RNibti1XZyLfVwpt9
ebwm+sYzsMTcTCYcG7IldKKMs/CzwBo4wKq0oCi5ysroHGVE2bjVjd3AWVIl2TGU
TR0HsO66AZZaxkl2yg8Eayv7GUujC9Ta5Dv5eOXT381k5b7ptBk8qVC5eG9Sf9WL
r2lX62+Q2fYtmQt7q4Uh81egMczNTEnIwMBhB3m8x3RjLVihJ75ITnJaeKo=
-----END CERTIFICATE-----