Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a22c470d-8074-414a-ac14-cdafb7379aed.roa
File:                     a22c470d-8074-414a-ac14-cdafb7379aed.roa (raw, json)
Hash identifier:          Jch/72f006Ye4LSVrOeUSwTvLzsJOTb93AYHd3QPlrg=
Subject key identifier:   EB:E4:B4:E0:E7:20:E8:9C:90:F9:9B:03:AA:A6:EF:BD:C8:0E:F2:07
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       07EE8834BEB31323FBC8553CD68137A65FEF5876
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a22c470d-8074-414a-ac14-cdafb7379aed.roa
Signing time:             Tue 28 Oct 2025 00:01:01 +0000
ROA not before:           Tue 28 Oct 2025 00:01:01 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        162.250.236.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:ee:88:34:be:b3:13:23:fb:c8:55:3c:d6:81:37:a6:5f:ef:58:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:01:01 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=6c32b42ba51771af7eecbabd5cc9f1f72416f9226e7dadf17192d6091cc606e1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:4c:6d:b4:c8:03:40:c8:b6:1c:90:f4:a5:64:
                    3e:14:ce:33:2e:01:8b:48:ef:e2:d3:98:0d:d6:e8:
                    22:a4:f2:6f:85:9f:66:3d:90:27:8f:b9:22:93:9d:
                    96:b9:80:bd:f0:2c:cb:b2:c7:8d:ca:69:1f:de:6f:
                    41:60:1a:5b:68:0d:d3:25:70:8e:7e:48:2c:d0:0e:
                    0a:14:47:ac:03:93:72:c8:db:1d:a6:f2:3a:c7:2d:
                    22:1b:2a:28:25:47:62:4f:e5:37:a5:10:1f:36:13:
                    84:35:68:27:26:9c:71:43:8b:e3:e3:f2:58:91:28:
                    c7:b2:78:3e:db:6f:26:89:60:ff:7a:76:38:3c:18:
                    9d:7e:b9:37:85:50:14:1e:91:61:0b:75:bf:a1:db:
                    b7:df:56:dc:a7:3d:d0:fc:fa:8c:d8:12:e6:a4:ef:
                    7b:29:8d:63:0e:90:7c:35:24:ab:7e:97:40:bf:2a:
                    41:f5:15:28:fa:bc:89:25:60:73:83:b4:af:e0:2e:
                    39:eb:bc:b9:61:f2:cf:5d:ad:96:d5:04:3a:89:76:
                    a9:7b:20:d8:cd:03:e4:f2:0f:00:62:bc:06:80:60:
                    d7:58:90:2c:a2:1d:59:80:cc:b3:86:90:1f:e3:50:
                    d2:92:46:d7:9d:12:e4:02:92:be:a1:0c:40:13:55:
                    76:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:E4:B4:E0:E7:20:E8:9C:90:F9:9B:03:AA:A6:EF:BD:C8:0E:F2:07
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a22c470d-8074-414a-ac14-cdafb7379aed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.250.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:6c:54:ba:38:b9:b2:37:07:40:21:e2:2b:c5:91:f8:c8:ed:
         e2:fb:c0:59:90:c6:71:7f:b1:a9:92:29:b0:9f:7d:33:7e:6a:
         14:02:07:8a:43:5f:59:0c:5e:71:cd:1f:b1:7a:5a:3d:c1:2c:
         6e:d7:26:4f:f0:99:95:89:c4:8e:3b:ac:33:72:09:72:80:6a:
         36:28:96:c3:a0:0f:5f:67:39:2b:f2:d6:d2:9c:be:1b:81:94:
         19:e7:0b:16:0a:d9:02:2e:54:84:56:10:89:a7:33:67:d7:00:
         f6:23:1a:f5:db:88:ee:d4:3a:8c:90:7f:3c:ab:33:7b:d2:0f:
         41:3c:3e:71:ae:60:01:54:93:af:74:04:23:c2:0c:1e:43:39:
         13:6f:d4:f0:e3:9f:1c:3f:72:ec:fe:02:5d:a5:f9:0d:7a:96:
         93:b0:72:b2:a1:9b:8d:84:db:b4:85:74:1b:b0:bd:e9:93:5e:
         7b:20:44:71:70:9a:30:4e:85:66:21:b2:72:09:ea:a4:14:bf:
         9a:80:49:c9:06:a6:27:93:4c:9c:a9:c2:97:e6:d0:00:af:6a:
         3d:73:61:8e:8f:7e:a4:60:ff:01:80:85:27:ac:c6:86:75:48:
         06:06:5b:8f:b4:8a:b9:c5:af:58:2b:16:7e:58:80:87:04:c2:
         b2:2c:91:95
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUB+6INL6zEyP7yFU81oE3pl/vWHYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDAwMTAxWhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2YzMyYjQyYmE1MTc3MWFmN2VlY2JhYmQ1Y2M5ZjFmNzI0
MTZmOTIyNmU3ZGFkZjE3MTkyZDYwOTFjYzYwNmUxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHTG20yANAyLYckPSlZD4UzjMuAYtI7+LTmA3W6CKk8m+F
n2Y9kCePuSKTnZa5gL3wLMuyx43KaR/eb0FgGltoDdMlcI5+SCzQDgoUR6wDk3LI
2x2m8jrHLSIbKiglR2JP5TelEB82E4Q1aCcmnHFDi+Pj8liRKMeyeD7bbyaJYP96
djg8GJ1+uTeFUBQekWELdb+h27ffVtynPdD8+ozYEuak73spjWMOkHw1JKt+l0C/
KkH1FSj6vIklYHODtK/gLjnrvLlh8s9drZbVBDqJdql7INjNA+TyDwBivAaAYNdY
kCyiHVmAzLOGkB/jUNKSRtedEuQCkr6hDEATVXarAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6+S04Ocg6JyQ+ZsDqqbvvcgO8gcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EyMmM0NzBkLTgwNzQtNDE0YS1hYzE0LWNkYWZiNzM3OWFlZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACi+uwwDQYJKoZIhvcNAQELBQADggEBAAVsVLo4ubI3B0Ah4ivFkfjI7eL7
wFmQxnF/samSKbCffTN+ahQCB4pDX1kMXnHNH7F6Wj3BLG7XJk/wmZWJxI47rDNy
CXKAajYolsOgD19nOSvy1tKcvhuBlBnnCxYK2QIuVIRWEImnM2fXAPYjGvXbiO7U
OoyQfzyrM3vSD0E8PnGuYAFUk690BCPCDB5DORNv1PDjnxw/cuz+Al2l+Q16lpOw
crKhm42E27SFdBuwvemTXnsgRHFwmjBOhWYhsnIJ6qQUv5qASckGpieTTJypwpfm
0ACvaj1zYY6PfqRg/wGAhSesxoZ1SAYGW4+0irnFr1grFn5YgIcEwrIskZU=
-----END CERTIFICATE-----