Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6d8a1b36-3855-4b0a-8d07-ec0c2baf4fe8.roa
File:                     6d8a1b36-3855-4b0a-8d07-ec0c2baf4fe8.roa (raw, json)
Hash identifier:          gdSym9PWUQQ2w6pijEdg6OS6XBZ3FOYaOmGChfCKVpY=
Subject key identifier:   A3:B2:35:32:A9:8D:83:1C:9C:89:4F:2F:7C:80:AB:F6:C8:68:3A:0E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5FAF27E82BAC1D50B6D98CD6D2563EABDF6313F6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6d8a1b36-3855-4b0a-8d07-ec0c2baf4fe8.roa
Signing time:             Wed 22 Oct 2025 00:10:11 +0000
ROA not before:           Wed 22 Oct 2025 00:10:11 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.28.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:af:27:e8:2b:ac:1d:50:b6:d9:8c:d6:d2:56:3e:ab:df:63:13:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:10:11 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=ef88d0c3e20f5511efb6de836582529f20497693472ca76f282b936240ec899f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:fd:8c:24:f6:a0:ea:20:60:40:68:1a:9a:ae:
                    ac:45:53:60:8f:30:01:a4:08:3c:c5:5b:68:80:43:
                    8e:be:e5:8c:86:73:27:85:9f:d0:c2:b3:dd:d8:b7:
                    ad:7e:66:a9:90:09:1c:a5:6f:20:fd:52:25:6d:66:
                    64:49:59:c7:10:0b:da:84:2a:46:6b:f2:0f:e1:90:
                    21:76:91:df:81:02:3a:61:7a:1f:3d:78:9c:a9:d8:
                    81:eb:1c:0f:3f:03:2e:d0:f6:05:1a:de:1e:90:15:
                    a5:0c:3d:a5:88:82:dc:92:29:2d:ec:49:1b:1c:90:
                    81:03:ba:4e:90:c6:c4:ae:6d:79:60:25:7c:f6:be:
                    3d:31:b9:50:b0:ac:89:88:a9:2b:1a:65:48:34:7d:
                    e4:54:f0:50:c2:43:76:4b:6e:91:74:a5:8c:d2:90:
                    24:58:0f:b2:80:53:ee:5c:30:ac:1b:24:6e:e3:16:
                    e3:7d:82:0b:d5:41:6a:f9:63:9e:be:66:70:0e:8d:
                    d6:25:d1:f3:80:16:01:e1:be:c5:df:f2:28:61:59:
                    92:ec:d7:d2:79:fd:6c:80:96:9b:b5:a6:62:33:74:
                    0b:22:5c:95:22:65:88:ff:7c:a0:ed:c1:dd:dc:2a:
                    17:06:4a:8f:ee:63:ae:56:bd:f6:31:58:3f:80:ff:
                    86:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:B2:35:32:A9:8D:83:1C:9C:89:4F:2F:7C:80:AB:F6:C8:68:3A:0E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6d8a1b36-3855-4b0a-8d07-ec0c2baf4fe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.28.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         b4:37:15:71:23:26:a6:da:6c:03:44:f4:1b:48:ef:49:00:5c:
         bc:43:0b:9b:fe:25:28:f2:5f:bf:37:07:6b:86:59:46:ab:61:
         0b:3c:37:30:72:06:a7:47:24:02:53:dd:2a:29:43:df:a3:1e:
         2a:56:4e:e9:c9:46:de:38:2c:c3:50:3a:a3:9f:13:c0:ae:43:
         bf:fb:cb:f3:2d:23:06:5d:c4:29:9f:2f:e8:a0:6d:0d:ed:22:
         08:e5:d7:f0:65:f8:3f:73:ec:e3:70:ad:b7:a2:b0:c6:99:4a:
         68:ed:a2:39:b8:42:3d:83:da:8f:fb:36:49:86:ce:a9:f0:0f:
         8e:9f:07:dd:43:41:7e:38:7a:e0:86:f5:fe:42:3f:2b:b7:97:
         c4:64:fa:35:15:ed:bd:75:50:39:e6:08:4c:df:f5:68:51:99:
         58:56:2c:c7:f8:1a:a7:5a:f0:f2:45:7a:24:0b:72:2d:19:85:
         31:3b:a9:c4:0e:05:8b:00:13:5b:00:0e:82:1d:32:b5:46:7a:
         b1:a5:a4:16:0c:f1:65:10:77:23:64:6e:6f:9c:c5:78:7b:5b:
         30:89:7f:2e:86:70:b9:46:71:04:ca:83:b8:5a:14:d0:ef:fd:
         c7:29:e3:33:79:78:50:49:fb:43:f1:2f:2a:3b:06:a0:3f:34:
         1e:ea:ab:73
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUX68n6CusHVC22YzW0lY+q99jE/YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAxMDExWhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZjg4ZDBjM2UyMGY1NTExZWZiNmRlODM2NTgyNTI5ZjIw
NDk3NjkzNDcyY2E3NmYyODJiOTM2MjQwZWM4OTlmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2/Ywk9qDqIGBAaBqarqxFU2CPMAGkCDzFW2iAQ46+5YyG
cyeFn9DCs93Yt61+ZqmQCRylbyD9UiVtZmRJWccQC9qEKkZr8g/hkCF2kd+BAjph
eh89eJyp2IHrHA8/Ay7Q9gUa3h6QFaUMPaWIgtySKS3sSRsckIEDuk6QxsSubXlg
JXz2vj0xuVCwrImIqSsaZUg0feRU8FDCQ3ZLbpF0pYzSkCRYD7KAU+5cMKwbJG7j
FuN9ggvVQWr5Y56+ZnAOjdYl0fOAFgHhvsXf8ihhWZLs19J5/WyAlpu1pmIzdAsi
XJUiZYj/fKDtwd3cKhcGSo/uY65WvfYxWD+A/4ZbAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUo7I1MqmNgxyciU8vfICr9shoOg4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZkOGExYjM2LTM4NTUtNGIwYS04ZDA3LWVjMGMyYmFmNGZlOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEjHDANBgkqhkiG9w0BAQsFAAOCAQEAtDcVcSMmptpsA0T0G0jvSQBcvEML
m/4lKPJfvzcHa4ZZRqthCzw3MHIGp0ckAlPdKilD36MeKlZO6clG3jgsw1A6o58T
wK5Dv/vL8y0jBl3EKZ8v6KBtDe0iCOXX8GX4P3Ps43Ctt6KwxplKaO2iObhCPYPa
j/s2SYbOqfAPjp8H3UNBfjh64Ib1/kI/K7eXxGT6NRXtvXVQOeYITN/1aFGZWFYs
x/gap1rw8kV6JAtyLRmFMTupxA4FiwATWwAOgh0ytUZ6saWkFgzxZRB3I2Rub5zF
eHtbMIl/LoZwuUZxBMqDuFoU0O/9xynjM3l4UEn7Q/EvKjsGoD80Huqrcw==
-----END CERTIFICATE-----