Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/61630a45-5ce6-4aaa-ba3b-b4682bc87ede.roa
File:                     61630a45-5ce6-4aaa-ba3b-b4682bc87ede.roa (raw, json)
Hash identifier:          XFgu9N1wSosUpb88mWrO4BLCsQzy+5BnQgYL154Wx7E=
Subject key identifier:   80:BC:47:BD:6E:7E:ED:85:E0:8A:59:18:9B:B3:CA:24:E3:5B:3C:27
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       34C6B659A00D6DE5A7FD339F725EEF24C6253CC8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/61630a45-5ce6-4aaa-ba3b-b4682bc87ede.roa
Signing time:             Tue 04 Nov 2025 00:10:07 +0000
ROA not before:           Tue 04 Nov 2025 00:10:07 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.131.128.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:c6:b6:59:a0:0d:6d:e5:a7:fd:33:9f:72:5e:ef:24:c6:25:3c:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  4 00:10:07 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=39a8ac04287c853bd2d3ec46f1c1858f155c5ec95ed849a00ac91f20924cf90d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:ab:cd:df:48:b5:e9:70:5b:46:dd:a3:fe:13:
                    bf:20:2b:51:e6:3a:4f:00:b0:a9:a0:e7:03:7a:50:
                    cd:60:ea:76:e6:db:60:03:3c:8a:ac:12:6e:06:02:
                    af:8b:db:02:21:c7:b6:b2:6e:0a:a8:e3:94:c0:4d:
                    49:3a:25:dd:80:49:6c:6c:5a:44:40:0e:b8:14:57:
                    ee:8a:d7:1a:6b:c7:c6:50:1c:f9:ff:4c:ec:fd:52:
                    3e:1f:99:46:af:97:c5:15:c3:f4:36:64:7c:d9:96:
                    56:e6:d2:43:2b:b4:fd:a9:a0:d0:63:ef:ce:43:29:
                    49:ea:95:59:14:3d:6b:7b:30:e1:6f:e3:2a:da:d5:
                    a4:b8:c2:84:c6:98:00:4c:69:ac:92:41:8c:6f:94:
                    f6:37:a2:14:27:d7:bf:96:06:0f:d1:ca:86:8c:7c:
                    9b:36:ee:cc:29:61:ec:f7:58:5e:49:46:a8:b4:ef:
                    5e:9f:55:8d:e9:a5:0f:d4:97:fd:2a:75:58:46:d1:
                    a2:81:f3:92:58:d6:33:71:cc:5a:ac:5b:9a:9c:e1:
                    ad:3b:2d:a8:3b:ad:1c:d5:19:00:d1:00:d1:93:c6:
                    58:93:18:96:3f:51:c3:7d:22:0b:de:e3:27:b4:a8:
                    3e:37:07:35:26:42:cd:ad:5d:65:d2:1f:a8:26:53:
                    1c:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:BC:47:BD:6E:7E:ED:85:E0:8A:59:18:9B:B3:CA:24:E3:5B:3C:27
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/61630a45-5ce6-4aaa-ba3b-b4682bc87ede.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.131.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         a3:10:95:7d:7c:b4:85:3d:1b:73:a3:ad:cb:26:44:79:77:ba:
         8f:01:b2:94:5a:24:00:87:98:e8:f5:70:bf:ae:02:1c:9b:eb:
         33:6c:91:7a:e8:cd:2c:53:40:ef:a2:16:8e:c3:a0:3a:19:f2:
         62:98:f2:3f:d3:d1:aa:c4:86:eb:ef:4c:d0:66:00:38:c2:ba:
         9b:79:b1:6a:36:59:48:9a:ed:07:fd:86:bf:1f:ce:44:4c:b0:
         28:16:e2:2e:b7:62:61:5a:9a:cd:da:43:74:b5:40:c5:e3:e0:
         40:92:f8:68:56:30:64:31:2d:9f:8a:a9:49:1f:ef:09:5e:7d:
         bd:bb:96:97:ce:7d:f6:2b:e6:c9:a1:bc:1f:ee:c2:11:20:8f:
         a3:27:6e:2a:71:50:8b:08:cb:22:4d:c0:97:0e:d4:a7:e7:80:
         af:ab:75:da:50:99:c4:d0:33:70:ca:22:32:12:c8:c0:ed:45:
         1f:8f:80:0c:48:56:ea:2c:21:49:0b:02:23:f3:5c:e6:68:3b:
         99:37:d0:e2:a7:e1:25:33:3a:55:cd:dd:eb:5e:5b:c7:0d:7d:
         a9:b3:4f:88:34:2e:dd:8d:88:54:9c:40:db:c2:4d:fc:99:4d:
         ce:2d:e5:69:0d:8c:37:06:6f:6d:6b:95:e5:01:11:45:8f:47:
         9c:7f:ec:e8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNMa2WaANbeWn/TOfcl7vJMYlPMgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA0MDAxMDA3WhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzOWE4YWMwNDI4N2M4NTNiZDJkM2VjNDZmMWMxODU4ZjE1
NWM1ZWM5NWVkODQ5YTAwYWM5MWYyMDkyNGNmOTBkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDeq83fSLXpcFtG3aP+E78gK1HmOk8AsKmg5wN6UM1g6nbm
22ADPIqsEm4GAq+L2wIhx7aybgqo45TATUk6Jd2ASWxsWkRADrgUV+6K1xprx8ZQ
HPn/TOz9Uj4fmUavl8UVw/Q2ZHzZllbm0kMrtP2poNBj785DKUnqlVkUPWt7MOFv
4yra1aS4woTGmABMaaySQYxvlPY3ohQn17+WBg/RyoaMfJs27swpYez3WF5JRqi0
716fVY3ppQ/Ul/0qdVhG0aKB85JY1jNxzFqsW5qc4a07Lag7rRzVGQDRANGTxliT
GJY/UcN9Igve4ye0qD43BzUmQs2tXWXSH6gmUxzVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgLxHvW5+7YXgilkYm7PKJONbPCcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYxNjMwYTQ1LTVjZTYtNGFhYS1iYTNiLWI0NjgyYmM4N2VkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdAg4AwDQYJKoZIhvcNAQELBQADggEBAKMQlX18tIU9G3OjrcsmRHl3uo8B
spRaJACHmOj1cL+uAhyb6zNskXrozSxTQO+iFo7DoDoZ8mKY8j/T0arEhuvvTNBm
ADjCupt5sWo2WUia7Qf9hr8fzkRMsCgW4i63YmFams3aQ3S1QMXj4ECS+GhWMGQx
LZ+KqUkf7wlefb27lpfOffYr5smhvB/uwhEgj6MnbipxUIsIyyJNwJcO1KfngK+r
ddpQmcTQM3DKIjISyMDtRR+PgAxIVuosIUkLAiPzXOZoO5k30OKn4SUzOlXN3ete
W8cNfamzT4g0Lt2NiFScQNvCTfyZTc4t5WkNjDcGb21rleUBEUWPR5x/7Og=
-----END CERTIFICATE-----