Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8cf32fab-999e-4279-b732-33c0fe0c95ad.roa
File:                     8cf32fab-999e-4279-b732-33c0fe0c95ad.roa (raw, json)
Hash identifier:          CiCAQjLWvmD0MtPoLNMIaQEFYiQ/9cqEMLZL5gRvd9k=
Subject key identifier:   4D:31:7D:A3:8D:9E:70:47:CA:85:86:A5:9B:9F:99:27:77:3C:A8:B6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4EF5F27156AFA9A24A4BDBAB78132599C3CFECD2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8cf32fab-999e-4279-b732-33c0fe0c95ad.roa
Signing time:             Wed 05 Nov 2025 00:21:25 +0000
ROA not before:           Wed 05 Nov 2025 00:21:25 +0000
ROA not after:            Wed 10 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        69.0.188.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:f5:f2:71:56:af:a9:a2:4a:4b:db:ab:78:13:25:99:c3:cf:ec:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  5 00:21:25 2025 GMT
            Not After : Dec 10 23:59:59 2025 GMT
        Subject: serialNumber=f9d45a16f6f180124b7881f3e4a3d64bfde6544b8847b65b7a9fbd85acceefab, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:89:f3:ac:46:0e:cd:a0:25:d8:76:dd:7d:0b:
                    fb:00:af:47:26:4d:4c:a3:ca:39:d4:32:d7:1b:ef:
                    7c:0d:41:1e:62:13:82:22:b8:8d:6b:05:f0:31:d1:
                    6d:f9:9d:40:d7:1f:1d:43:d3:a0:fe:e4:a9:41:08:
                    f5:e1:7c:e8:0d:3c:10:c4:45:4c:03:43:d5:f6:ad:
                    b4:6e:a2:d8:86:6f:47:51:f1:db:fa:ea:33:9d:87:
                    24:b2:ea:f0:d4:b2:d5:7c:6e:24:6b:e7:a2:3b:5a:
                    4f:10:6c:f8:8b:d2:b3:25:e1:6a:75:98:ca:a0:2b:
                    74:bb:c5:7c:73:48:2e:97:5a:29:da:e8:32:46:92:
                    df:3f:61:b5:70:49:0d:94:22:fa:a3:22:67:9e:fb:
                    d3:f7:6a:94:99:0d:ce:d2:70:8c:48:cd:c7:0d:a6:
                    11:62:ca:88:59:d9:02:f1:18:58:18:d4:e2:eb:b7:
                    76:f8:6d:9d:68:75:02:02:c2:39:c2:94:e3:85:5a:
                    31:6b:2f:65:9d:87:9d:d2:f9:5f:67:93:65:33:f5:
                    9f:ba:de:92:85:61:fe:0d:95:39:a1:ce:3d:10:11:
                    bd:41:5f:45:92:de:1a:d3:6a:4e:05:67:07:9e:47:
                    30:64:a6:4b:50:b9:e0:d9:11:36:80:26:3a:33:db:
                    e6:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:31:7D:A3:8D:9E:70:47:CA:85:86:A5:9B:9F:99:27:77:3C:A8:B6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8cf32fab-999e-4279-b732-33c0fe0c95ad.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.0.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:97:54:da:4c:30:f9:c1:88:fc:d1:46:9e:90:4b:c1:e6:6c:
         8e:50:c3:d8:48:e0:8b:b5:9b:c7:71:61:00:c1:43:7d:63:e2:
         ae:b7:be:8a:b1:b2:00:90:43:c2:15:10:62:73:ab:c0:f4:13:
         29:9b:3c:8e:6b:5d:f7:a4:6a:24:cd:21:05:16:44:10:78:65:
         a9:a0:4a:d7:28:1b:f0:5e:9a:cf:8c:74:6e:8f:e1:f6:8b:33:
         0c:42:11:a2:0a:f0:86:07:5a:52:d6:5d:10:5f:a3:69:6e:83:
         3b:84:68:30:87:d1:28:1f:1e:4c:8f:5d:27:eb:e9:61:d4:2b:
         da:26:8b:28:da:f3:58:dd:d8:40:9e:59:5e:9c:1c:09:64:92:
         37:83:e4:ee:dc:67:b3:4c:6b:f6:5c:ab:56:20:3a:6c:fe:74:
         df:d2:41:47:2a:9a:b6:29:09:e4:ee:96:da:25:f9:d7:9a:df:
         11:e7:c5:d5:dc:0f:58:e8:d1:77:c3:0f:bd:b6:f5:a9:72:78:
         26:b0:fe:c8:04:60:0e:51:8e:bb:f3:70:fa:7d:87:5a:82:51:
         d0:15:1f:02:ed:08:02:dc:05:0f:dc:24:5f:50:14:61:9d:df:
         4c:1c:31:72:2f:2e:78:e1:72:32:07:98:ec:cc:ad:d6:96:25:
         a3:44:cb:a3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTvXycVavqaJKS9ureBMlmcPP7NIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA1MDAyMTI1WhcNMjUxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmOWQ0NWExNmY2ZjE4MDEyNGI3ODgxZjNlNGEzZDY0YmZk
ZTY1NDRiODg0N2I2NWI3YTlmYmQ4NWFjY2VlZmFiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWifOsRg7NoCXYdt19C/sAr0cmTUyjyjnUMtcb73wNQR5i
E4IiuI1rBfAx0W35nUDXHx1D06D+5KlBCPXhfOgNPBDERUwDQ9X2rbRuotiGb0dR
8dv66jOdhySy6vDUstV8biRr56I7Wk8QbPiL0rMl4Wp1mMqgK3S7xXxzSC6XWina
6DJGkt8/YbVwSQ2UIvqjImee+9P3apSZDc7ScIxIzccNphFiyohZ2QLxGFgY1OLr
t3b4bZ1odQICwjnClOOFWjFrL2Wdh53S+V9nk2Uz9Z+63pKFYf4NlTmhzj0QEb1B
X0WS3hrTak4FZweeRzBkpktQueDZETaAJjoz2+ZfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTTF9o42ecEfKhYalm5+ZJ3c8qLYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhjZjMyZmFiLTk5OWUtNDI3OS1iNzMyLTMzYzBmZTBjOTVhZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJFALwwDQYJKoZIhvcNAQELBQADggEBAFOXVNpMMPnBiPzRRp6QS8HmbI5Q
w9hI4Iu1m8dxYQDBQ31j4q63voqxsgCQQ8IVEGJzq8D0EymbPI5rXfekaiTNIQUW
RBB4ZamgStcoG/Bems+MdG6P4faLMwxCEaIK8IYHWlLWXRBfo2lugzuEaDCH0Sgf
HkyPXSfr6WHUK9omiyja81jd2ECeWV6cHAlkkjeD5O7cZ7NMa/Zcq1YgOmz+dN/S
QUcqmrYpCeTultol+dea3xHnxdXcD1jo0XfDD7229alyeCaw/sgEYA5RjrvzcPp9
h1qCUdAVHwLtCALcBQ/cJF9QFGGd30wcMXIvLnjhcjIHmOzMrdaWJaNEy6M=
-----END CERTIFICATE-----