Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/683f0f25-6fc4-4076-b464-0eae077d79de.roa
File:                     683f0f25-6fc4-4076-b464-0eae077d79de.roa (raw, json)
Hash identifier:          65s6GySKeeWlrVmIxchDaGmmJqBWUUDX+51XjoneaI0=
Subject key identifier:   2F:E3:C4:DC:BD:87:95:43:F0:07:F7:E7:82:EE:6B:05:7E:DF:78:66
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1FC2A1C1A7B58264069304236E382935CCABFE81
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/683f0f25-6fc4-4076-b464-0eae077d79de.roa
Signing time:             Wed 22 Oct 2025 00:30:17 +0000
ROA not before:           Wed 22 Oct 2025 00:30:17 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.54.57.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:c2:a1:c1:a7:b5:82:64:06:93:04:23:6e:38:29:35:cc:ab:fe:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:30:17 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=37f7d9a2014f81de476f8cbe15539bdb2fd3ab29da79a7c0ce2701e322bba900, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:fb:74:86:c9:b1:16:9b:dd:8e:fb:36:28:cf:
                    51:05:5e:0b:88:80:c7:81:13:ba:0a:b3:f0:8e:42:
                    79:65:27:a0:73:b3:a1:96:d1:0b:94:0c:4d:01:32:
                    06:22:d6:93:70:c6:b9:ca:b7:83:bf:fe:2a:34:3c:
                    e1:ed:62:19:74:09:37:84:2d:f6:3f:a9:ef:2c:78:
                    7d:56:ef:44:16:10:c9:74:a5:34:15:78:f6:2f:9f:
                    b4:47:37:c2:5e:51:73:4c:4e:13:ca:3a:ec:42:08:
                    10:b5:3e:22:31:79:81:de:b4:97:6d:07:44:d6:e4:
                    74:9e:a4:55:4c:57:18:03:fd:37:50:a0:02:7b:57:
                    43:58:ee:38:c5:c8:87:8e:10:73:ac:5b:3f:27:4d:
                    68:28:34:99:79:6a:15:5b:d1:9d:5b:aa:6a:8d:8f:
                    35:4e:3e:22:25:67:3a:d3:f4:8c:3c:0a:1d:d3:2f:
                    23:08:dc:0d:d6:1d:7a:30:8b:61:b8:42:d7:90:20:
                    cf:e2:50:6d:0d:b7:de:b6:60:b7:38:a9:75:6f:4e:
                    96:89:ba:dd:b2:ce:86:04:f7:b0:3f:24:d3:75:ce:
                    43:a2:41:ee:cc:16:4a:81:e5:f1:9e:a5:00:d6:6d:
                    db:39:c8:a8:e5:d2:89:bb:70:ab:1f:1b:af:d7:d6:
                    b0:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:E3:C4:DC:BD:87:95:43:F0:07:F7:E7:82:EE:6B:05:7E:DF:78:66
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/683f0f25-6fc4-4076-b464-0eae077d79de.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.54.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:2a:cf:29:c7:30:36:04:d5:08:f6:f6:53:99:fc:99:cd:3a:
         f3:6c:31:74:f9:85:5a:c8:ac:b1:9d:9c:77:77:57:12:79:cf:
         b7:db:bd:38:75:52:99:f1:cb:70:31:84:be:2d:fd:02:4e:30:
         d1:92:ee:10:72:9c:41:e4:a3:82:79:3b:ec:ea:21:96:0e:7d:
         ae:99:ac:36:a9:b5:0f:4e:60:16:75:70:c2:ea:90:22:da:bc:
         d7:cc:6d:b6:da:02:65:96:9d:80:24:b2:0e:22:dc:b9:ff:9d:
         82:c1:ed:fe:cc:24:80:f1:e6:1c:59:b4:56:8f:62:ee:d2:93:
         25:7a:8b:66:69:e4:e6:c8:40:5e:42:30:ae:6e:d0:a3:e1:22:
         8d:3e:70:48:97:f8:07:65:39:34:b6:39:6f:6d:7a:c2:69:6c:
         e5:41:d3:69:7b:78:99:67:65:01:a6:06:0e:f6:af:0b:c9:79:
         88:2e:73:7b:b2:f8:d5:2e:2c:8e:32:1e:ac:6d:4c:dd:78:1d:
         ab:41:1d:40:af:bb:cb:c4:d2:93:1c:c6:68:c8:b7:80:0c:8a:
         f5:e9:1f:75:f4:8e:c6:90:cd:1f:19:71:04:a6:19:82:ae:ba:
         01:cd:ec:a1:bd:6d:b2:57:ec:c7:b0:d3:f8:78:94:62:0f:c6:
         52:bc:30:09
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUH8Khwae1gmQGkwQjbjgpNcyr/oEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAzMDE3WhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0AzN2Y3ZDlhMjAxNGY4MWRlNDc2ZjhjYmUxNTUzOWJkYjJm
ZDNhYjI5ZGE3OWE3YzBjZTI3MDFlMzIyYmJhOTAwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDi+3SGybEWm92O+zYoz1EFXguIgMeBE7oKs/COQnllJ6Bz
s6GW0QuUDE0BMgYi1pNwxrnKt4O//io0POHtYhl0CTeELfY/qe8seH1W70QWEMl0
pTQVePYvn7RHN8JeUXNMThPKOuxCCBC1PiIxeYHetJdtB0TW5HSepFVMVxgD/TdQ
oAJ7V0NY7jjFyIeOEHOsWz8nTWgoNJl5ahVb0Z1bqmqNjzVOPiIlZzrT9Iw8Ch3T
LyMI3A3WHXowi2G4QteQIM/iUG0Nt962YLc4qXVvTpaJut2yzoYE97A/JNN1zkOi
Qe7MFkqB5fGepQDWbds5yKjl0om7cKsfG6/X1rDdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUL+PE3L2HlUPwB/fngu5rBX7feGYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY4M2YwZjI1LTZmYzQtNDA3Ni1iNDY0LTBlYWUwNzdkNzlkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjNjkwDQYJKoZIhvcNAQELBQADggEBAHMqzynHMDYE1Qj29lOZ/JnNOvNs
MXT5hVrIrLGdnHd3VxJ5z7fbvTh1Upnxy3AxhL4t/QJOMNGS7hBynEHko4J5O+zq
IZYOfa6ZrDaptQ9OYBZ1cMLqkCLavNfMbbbaAmWWnYAksg4i3Ln/nYLB7f7MJIDx
5hxZtFaPYu7SkyV6i2Zp5ObIQF5CMK5u0KPhIo0+cEiX+AdlOTS2OW9tesJpbOVB
02l7eJlnZQGmBg72rwvJeYguc3uy+NUuLI4yHqxtTN14HatBHUCvu8vE0pMcxmjI
t4AMivXpH3X0jsaQzR8ZcQSmGYKuugHN7KG9bbJX7Mew0/h4lGIPxlK8MAk=
-----END CERTIFICATE-----