Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9f6f7c31-6468-4794-addf-4e261bbd9e31.roa
File:                     9f6f7c31-6468-4794-addf-4e261bbd9e31.roa (raw, json)
Hash identifier:          61SRB3ImfMF/Aj1Gea3UBHkbNcVmRvKBTIODX7lJ6qU=
Subject key identifier:   B9:46:95:E4:7E:86:B0:EB:67:49:12:15:0F:C2:CF:CB:E7:3E:A2:37
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       484F80746F5B312402C28248E3E45DA9E6C9593C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9f6f7c31-6468-4794-addf-4e261bbd9e31.roa
Signing time:             Sun 26 Oct 2025 00:30:54 +0000
ROA not before:           Sun 26 Oct 2025 00:30:54 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.98.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:4f:80:74:6f:5b:31:24:02:c2:82:48:e3:e4:5d:a9:e6:c9:59:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 00:30:54 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=8e383c420a12763554e63fd88377e13debac011d2820ff7cbc7b6270e2cb96b6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:45:07:72:b6:89:e4:ad:e6:db:89:60:10:5a:
                    71:e3:e5:c3:7f:be:f1:f6:0f:2c:d2:27:54:55:d7:
                    60:82:e6:37:11:99:a0:4c:f4:51:11:0e:05:3e:e0:
                    77:c8:03:7b:63:06:09:ed:f8:d8:21:4a:e5:cc:c3:
                    4d:8a:2a:5f:3c:c7:2a:61:9e:43:f5:1d:ac:32:90:
                    e0:f8:b9:99:95:26:81:1f:65:43:71:fc:cb:9a:d6:
                    f8:96:53:94:3b:c7:b7:05:c8:c9:95:3e:b2:e5:ff:
                    97:84:cd:2c:17:07:b8:97:d2:29:91:3e:70:f1:8c:
                    a2:fe:94:7a:26:bb:93:c3:ab:f2:49:1d:77:9a:83:
                    1f:9a:f6:1b:d1:4a:f9:55:9f:03:81:e5:a8:dd:d8:
                    fa:e3:fa:a3:b7:51:67:ca:ae:ec:94:ef:fd:46:7a:
                    40:12:ca:43:4e:7d:1f:12:99:f1:99:30:d1:50:94:
                    cb:43:8f:0d:40:db:d1:43:ce:e1:31:a7:4f:9d:e8:
                    9c:b9:9c:2a:56:07:07:46:2e:77:9e:80:f9:6a:1a:
                    a1:2f:d3:a3:6d:76:ab:06:67:ad:35:04:53:c2:54:
                    28:aa:3c:82:be:8b:3a:74:cb:f3:5f:b9:6c:ad:f4:
                    67:9c:ff:ee:b6:9c:ae:1c:68:af:78:35:ae:a0:53:
                    a4:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:46:95:E4:7E:86:B0:EB:67:49:12:15:0F:C2:CF:CB:E7:3E:A2:37
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9f6f7c31-6468-4794-addf-4e261bbd9e31.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:c8:c3:6c:bd:57:27:bf:0f:bc:77:8f:1b:68:41:48:4a:80:
         7f:5b:49:7e:dc:41:64:eb:22:95:9b:7f:5c:fc:de:8a:95:8b:
         25:7f:86:4f:91:b1:6a:47:b0:7e:77:d1:b6:06:47:a4:b3:69:
         24:18:ef:da:e9:da:fd:7d:9b:f8:67:8c:44:dd:c2:79:e5:77:
         42:ca:ef:2e:f2:4b:26:33:54:e4:c3:72:9b:f6:fa:57:7a:63:
         c1:86:f1:e0:f2:08:ee:26:eb:9f:8a:69:fc:9d:92:4e:9d:65:
         6f:4f:20:e5:2b:7e:0e:0c:34:a0:42:89:1d:4b:bd:11:3f:b5:
         fd:4c:40:65:50:13:c8:86:a5:1b:2a:ef:66:5a:97:57:93:6d:
         a4:61:ca:95:08:6f:ec:ae:c1:c4:9e:a0:30:0d:7c:41:dc:8b:
         bc:c7:e5:59:34:df:41:4c:c4:f8:93:60:f6:e9:a3:5a:e6:a1:
         61:4d:79:d9:ff:fd:c9:b2:c2:25:59:d6:0b:24:63:70:71:da:
         06:b3:09:57:41:77:7a:e1:d3:ee:8d:8e:e2:f4:d3:ad:af:7d:
         f4:26:47:cf:6d:5f:3f:d8:eb:93:5c:8b:45:4c:7a:0b:0a:13:
         c3:4d:df:6e:d9:8b:04:0c:8c:2b:b6:61:a7:72:62:a8:a3:4e:
         76:24:37:47
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSE+AdG9bMSQCwoJI4+RdqebJWTwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDAzMDU0WhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZTM4M2M0MjBhMTI3NjM1NTRlNjNmZDg4Mzc3ZTEzZGVi
YWMwMTFkMjgyMGZmN2NiYzdiNjI3MGUyY2I5NmI2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoRQdytonkrebbiWAQWnHj5cN/vvH2DyzSJ1RV12CC5jcR
maBM9FERDgU+4HfIA3tjBgnt+NghSuXMw02KKl88xyphnkP1HawykOD4uZmVJoEf
ZUNx/Mua1viWU5Q7x7cFyMmVPrLl/5eEzSwXB7iX0imRPnDxjKL+lHomu5PDq/JJ
HXeagx+a9hvRSvlVnwOB5ajd2Prj+qO3UWfKruyU7/1GekASykNOfR8SmfGZMNFQ
lMtDjw1A29FDzuExp0+d6Jy5nCpWBwdGLneegPlqGqEv06NtdqsGZ601BFPCVCiq
PIK+izp0y/NfuWyt9Gec/+62nK4caK94Na6gU6T7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuUaV5H6GsOtnSRIVD8LPy+c+ojcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlmNmY3YzMxLTY0NjgtNDc5NC1hZGRmLTRlMjYxYmJkOWUzMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/GIwDQYJKoZIhvcNAQELBQADggEBAA/Iw2y9Vye/D7x3jxtoQUhKgH9b
SX7cQWTrIpWbf1z83oqViyV/hk+RsWpHsH530bYGR6SzaSQY79rp2v19m/hnjETd
wnnld0LK7y7ySyYzVOTDcpv2+ld6Y8GG8eDyCO4m65+Kafydkk6dZW9PIOUrfg4M
NKBCiR1LvRE/tf1MQGVQE8iGpRsq72Zal1eTbaRhypUIb+yuwcSeoDANfEHci7zH
5Vk030FMxPiTYPbpo1rmoWFNedn//cmywiVZ1gskY3Bx2gazCVdBd3rh0+6NjuL0
062vffQmR89tXz/Y65Nci0VMegsKE8NN327ZiwQMjCu2YadyYqijTnYkN0c=
-----END CERTIFICATE-----