Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9e81d9f6-5425-4345-a797-38781819acdc.roa
File:                     9e81d9f6-5425-4345-a797-38781819acdc.roa (raw, json)
Hash identifier:          9CK9huY579CQNfrTrwEvPyKrpIM6cYjf1KQ1A7HaP8c=
Subject key identifier:   CE:A9:82:14:D5:F9:5F:43:D4:9E:44:B9:05:18:70:1A:80:C7:A6:72
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       27C39843BBB05F5C3741498B84DE5F6C8CB48159
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9e81d9f6-5425-4345-a797-38781819acdc.roa
Signing time:             Sat 01 Nov 2025 00:50:09 +0000
ROA not before:           Sat 01 Nov 2025 00:50:09 +0000
ROA not after:            Sat 06 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        184.72.64.0/18 maxlen: 18
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:c3:98:43:bb:b0:5f:5c:37:41:49:8b:84:de:5f:6c:8c:b4:81:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  1 00:50:09 2025 GMT
            Not After : Dec  6 23:59:59 2025 GMT
        Subject: serialNumber=24eda735a0b9bddfb9678777969500768d6746b0e4f18f9b8242da6c876a6c41, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:97:e6:fd:57:dd:88:5f:8c:05:dc:73:01:22:
                    d4:c2:4a:9d:7b:40:2d:17:53:af:2d:76:01:7a:96:
                    38:fc:90:5c:90:28:a8:ae:1f:78:27:35:07:42:5f:
                    fa:f1:a3:6b:c5:63:1b:42:90:ae:a9:39:6f:a3:e4:
                    1c:ed:e8:ed:98:c5:f0:10:bc:47:d7:a3:ca:c5:4b:
                    af:fd:be:35:3e:49:68:60:1b:4a:04:a8:09:65:0c:
                    44:bf:be:bf:12:49:8c:e5:8f:e5:10:3c:26:01:cf:
                    95:dc:8d:1d:99:c0:1c:50:c0:bd:a4:87:54:d9:6b:
                    61:f6:05:10:36:19:92:cf:32:55:3a:4a:c2:c0:5d:
                    a8:45:29:51:75:11:20:39:4b:5f:ab:61:91:00:a1:
                    fe:c4:15:42:7a:bc:bc:b2:c4:5d:26:a6:bb:04:08:
                    f2:ca:4a:31:a4:90:56:e8:5d:b7:a2:46:6c:43:fe:
                    d0:d8:9e:85:95:53:f2:7f:3e:d0:a0:f7:4a:2a:8a:
                    3d:32:1a:91:cc:cd:a1:be:65:41:33:d9:59:14:d9:
                    c0:63:f3:2a:86:30:22:65:96:e9:78:95:2e:dd:73:
                    0e:16:17:22:8d:22:94:c6:90:ba:1d:eb:89:49:78:
                    f4:9e:b1:19:aa:06:15:4b:bc:5d:a8:bb:4a:fb:53:
                    b4:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:A9:82:14:D5:F9:5F:43:D4:9E:44:B9:05:18:70:1A:80:C7:A6:72
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9e81d9f6-5425-4345-a797-38781819acdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  184.72.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         18:1d:6c:6b:b1:50:da:d3:d2:e5:47:13:2a:79:b9:73:ee:7e:
         5a:eb:e6:14:bd:34:5a:8c:e8:73:0a:3d:97:61:66:cc:0c:f6:
         bd:ef:34:43:fa:53:fd:d8:b4:5c:bc:e9:14:fd:58:83:4f:da:
         ad:52:6f:1e:6c:53:2a:79:96:4b:51:19:4d:49:12:e2:37:d1:
         48:69:37:a1:a2:66:f3:44:0b:ee:97:70:21:22:3a:b8:ae:ba:
         1d:1a:03:42:71:31:c5:f9:d7:fe:fb:fd:f5:66:4a:65:a0:bf:
         ed:43:8c:3f:8c:5c:bf:c1:89:38:7b:54:08:9a:bd:7c:bc:51:
         a6:cd:34:84:43:c6:54:62:24:93:6e:3c:74:98:78:c7:e7:0e:
         97:c1:90:b4:58:02:46:a8:6e:9b:b1:14:35:34:53:b3:42:5c:
         fc:7c:2d:3f:24:c2:2d:f3:5a:a5:61:55:ef:aa:99:cd:1b:7a:
         96:99:77:72:00:29:6e:f7:b1:26:ea:c2:da:e9:00:ab:f5:58:
         f9:53:0a:28:e9:c5:85:bf:eb:15:9e:29:08:d1:64:94:c3:1a:
         d3:db:fe:01:10:f7:c1:48:8a:05:6d:71:b4:cb:fa:c7:97:c7:
         2d:e7:57:bb:27:35:11:e3:05:ce:b6:ac:86:ef:6a:dd:08:7e:
         e9:a2:49:be
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJ8OYQ7uwX1w3QUmLhN5fbIy0gVkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAxMDA1MDA5WhcNMjUxMjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNGVkYTczNWEwYjliZGRmYjk2Nzg3Nzc5Njk1MDA3Njhk
Njc0NmIwZTRmMThmOWI4MjQyZGE2Yzg3NmE2YzQxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0l+b9V92IX4wF3HMBItTCSp17QC0XU68tdgF6ljj8kFyQ
KKiuH3gnNQdCX/rxo2vFYxtCkK6pOW+j5Bzt6O2YxfAQvEfXo8rFS6/9vjU+SWhg
G0oEqAllDES/vr8SSYzlj+UQPCYBz5XcjR2ZwBxQwL2kh1TZa2H2BRA2GZLPMlU6
SsLAXahFKVF1ESA5S1+rYZEAof7EFUJ6vLyyxF0mprsECPLKSjGkkFboXbeiRmxD
/tDYnoWVU/J/PtCg90oqij0yGpHMzaG+ZUEz2VkU2cBj8yqGMCJllul4lS7dcw4W
FyKNIpTGkLod64lJePSesRmqBhVLvF2ou0r7U7TRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzqmCFNX5X0PUnkS5BRhwGoDHpnIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzllODFkOWY2LTU0MjUtNDM0NS1hNzk3LTM4NzgxODE5YWNkYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAa4SEAwDQYJKoZIhvcNAQELBQADggEBABgdbGuxUNrT0uVHEyp5uXPuflrr
5hS9NFqM6HMKPZdhZswM9r3vNEP6U/3YtFy86RT9WINP2q1Sbx5sUyp5lktRGU1J
EuI30UhpN6GiZvNEC+6XcCEiOriuuh0aA0JxMcX51/77/fVmSmWgv+1DjD+MXL/B
iTh7VAiavXy8UabNNIRDxlRiJJNuPHSYeMfnDpfBkLRYAkaobpuxFDU0U7NCXPx8
LT8kwi3zWqVhVe+qmc0bepaZd3IAKW73sSbqwtrpAKv1WPlTCijpxYW/6xWeKQjR
ZJTDGtPb/gEQ98FIigVtcbTL+seXxy3nV7snNRHjBc62rIbvat0IfumiSb4=
-----END CERTIFICATE-----