Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/979dc8d9-65f6-490d-ba4a-cbcc274052e3.roa
File:                     979dc8d9-65f6-490d-ba4a-cbcc274052e3.roa (raw, json)
Hash identifier:          smv+THIX5V/XPvkyFPr1kfftb33yyiRKnjxdgSPxBjE=
Subject key identifier:   8D:BA:BC:66:DE:D6:AB:81:60:69:CB:8E:C6:36:0B:5F:39:39:12:AE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4781851E6D5AE7341D6FAEFF079F316472D7893A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/979dc8d9-65f6-490d-ba4a-cbcc274052e3.roa
Signing time:             Wed 05 Nov 2025 00:40:55 +0000
ROA not before:           Wed 05 Nov 2025 00:40:55 +0000
ROA not after:            Wed 10 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        69.0.152.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:81:85:1e:6d:5a:e7:34:1d:6f:ae:ff:07:9f:31:64:72:d7:89:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  5 00:40:55 2025 GMT
            Not After : Dec 10 23:59:59 2025 GMT
        Subject: serialNumber=51b3340980ceb51c68c053a74d4351cacef7114f03f039af7347d59b4387dcb4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:ee:24:d7:86:bb:0c:d9:39:bf:53:c9:19:b1:
                    4c:4b:99:51:58:9e:7f:6d:5f:12:68:5b:92:66:55:
                    59:ce:d1:f4:51:b3:56:1d:6b:46:20:9a:95:20:ea:
                    da:56:dc:35:ad:ec:84:50:86:ba:31:de:2b:c5:22:
                    16:b3:1f:cb:c5:75:d9:e4:0f:5f:5a:e1:53:2e:d7:
                    fa:6b:27:10:be:a7:e8:d1:b9:46:f8:f5:ba:54:7a:
                    eb:82:7e:45:3e:30:f6:01:c3:11:d7:c0:e4:f5:af:
                    46:a7:b7:a8:29:09:e2:a8:44:be:1b:05:11:50:7e:
                    ab:9e:f9:6b:f5:fa:3a:1b:f9:43:41:ca:29:d5:a3:
                    ab:ea:9a:63:e3:a7:a5:ef:e5:04:ce:73:b8:25:4b:
                    b1:0e:76:a0:a3:5e:ba:96:c5:aa:d8:73:4a:0f:6e:
                    79:14:0c:c8:9c:5e:79:44:db:18:09:d5:73:85:1e:
                    88:72:be:31:44:0e:4e:48:e9:69:4d:26:e9:95:c8:
                    56:16:55:cf:6d:52:fb:86:78:dc:10:0c:6c:e4:3c:
                    bf:9f:85:32:42:7f:2e:d5:ab:59:b0:d3:64:88:29:
                    d3:ed:e3:06:c1:a7:60:a3:af:ef:d1:10:77:f9:49:
                    cb:7c:35:98:3c:77:8e:15:32:d5:63:f4:32:ee:a1:
                    33:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:BA:BC:66:DE:D6:AB:81:60:69:CB:8E:C6:36:0B:5F:39:39:12:AE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/979dc8d9-65f6-490d-ba4a-cbcc274052e3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.0.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         73:2c:2a:e8:87:90:7d:c8:f6:91:9f:63:21:c1:ed:99:00:b3:
         18:0d:32:8f:0a:cb:33:74:49:ca:aa:12:07:87:f8:3e:ae:69:
         76:51:77:cd:91:b4:72:0c:7f:e7:ee:c1:79:f3:f7:e7:4c:35:
         8e:b5:e3:fc:b4:10:69:ef:d7:2a:ef:a0:6c:30:3f:98:62:38:
         7d:3e:a9:6c:d9:9a:83:ff:4e:60:8c:e7:45:4d:2a:0b:8b:e7:
         95:5b:9a:d4:8f:62:49:ef:94:1c:0d:a5:91:d1:64:54:77:5d:
         c4:3b:f3:a9:fb:79:4d:c4:8b:df:dc:d7:d4:5b:83:6e:d3:6c:
         10:be:3a:5e:12:72:3f:1e:65:4a:6e:da:50:42:45:2d:c2:69:
         5c:c5:5f:1a:a4:6e:1a:0e:a4:b5:f2:ac:b9:66:f2:e4:73:58:
         aa:db:ce:23:76:4d:d3:32:a6:9f:13:8b:36:07:96:9a:aa:6d:
         d7:1c:2d:7c:36:bf:80:97:37:20:b8:47:8e:69:50:d1:50:32:
         64:72:d2:88:4c:c2:4d:0f:a2:6a:7c:e3:4c:af:49:d5:93:f2:
         47:b6:18:6e:1d:cc:db:91:e1:f5:49:fe:a7:07:b9:11:03:2e:
         49:29:d2:05:c6:f6:6e:8e:b3:4b:4a:a3:64:9e:ee:19:8f:bd:
         96:fd:3b:3f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUR4GFHm1a5zQdb67/B58xZHLXiTowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA1MDA0MDU1WhcNMjUxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A1MWIzMzQwOTgwY2ViNTFjNjhjMDUzYTc0ZDQzNTFjYWNl
ZjcxMTRmMDNmMDM5YWY3MzQ3ZDU5YjQzODdkY2I0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDK7iTXhrsM2Tm/U8kZsUxLmVFYnn9tXxJoW5JmVVnO0fRR
s1Yda0YgmpUg6tpW3DWt7IRQhrox3ivFIhazH8vFddnkD19a4VMu1/prJxC+p+jR
uUb49bpUeuuCfkU+MPYBwxHXwOT1r0ant6gpCeKoRL4bBRFQfque+Wv1+job+UNB
yinVo6vqmmPjp6Xv5QTOc7glS7EOdqCjXrqWxarYc0oPbnkUDMicXnlE2xgJ1XOF
HohyvjFEDk5I6WlNJumVyFYWVc9tUvuGeNwQDGzkPL+fhTJCfy7Vq1mw02SIKdPt
4wbBp2Cjr+/REHf5Sct8NZg8d44VMtVj9DLuoTOxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjbq8Zt7Wq4FgacuOxjYLXzk5Eq4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk3OWRjOGQ5LTY1ZjYtNDkwZC1iYTRhLWNiY2MyNzQwNTJlMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANFAJgwDQYJKoZIhvcNAQELBQADggEBAHMsKuiHkH3I9pGfYyHB7ZkAsxgN
Mo8KyzN0ScqqEgeH+D6uaXZRd82RtHIMf+fuwXnz9+dMNY614/y0EGnv1yrvoGww
P5hiOH0+qWzZmoP/TmCM50VNKguL55VbmtSPYknvlBwNpZHRZFR3XcQ786n7eU3E
i9/c19Rbg27TbBC+Ol4Scj8eZUpu2lBCRS3CaVzFXxqkbhoOpLXyrLlm8uRzWKrb
ziN2TdMypp8TizYHlpqqbdccLXw2v4CXNyC4R45pUNFQMmRy0ohMwk0Pomp840yv
SdWT8ke2GG4dzNuR4fVJ/qcHuREDLkkp0gXG9m6Os0tKo2Se7hmPvZb9Oz8=
-----END CERTIFICATE-----