Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a3c7f799-6c54-4ca8-97cc-3e7125ce4e58.roa
File:                     a3c7f799-6c54-4ca8-97cc-3e7125ce4e58.roa (raw, json)
Hash identifier:          vswsB90Nj2VkhhJToEE6WER3V4ibSGHZbWI+slfveiw=
Subject key identifier:   8A:92:EB:74:96:A8:61:E7:DE:1B:10:A3:DC:01:5C:57:1A:04:5B:58
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       752D0C90E8BB9C2AEB4ABDAFD637906B53A6822C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a3c7f799-6c54-4ca8-97cc-3e7125ce4e58.roa
Signing time:             Fri 31 Oct 2025 01:01:01 +0000
ROA not before:           Fri 31 Oct 2025 01:01:01 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        209.162.176.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:2d:0c:90:e8:bb:9c:2a:eb:4a:bd:af:d6:37:90:6b:53:a6:82:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 01:01:01 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=633f5d0a1e3ab253a0465fdb39490b3464394b25746acde54ab61cfb95deb06f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:52:81:26:f5:4a:80:ab:f4:9b:13:0d:85:0e:
                    eb:ae:01:91:db:11:a1:f9:d4:81:a4:f4:82:2c:12:
                    69:f6:98:6f:3a:6b:6a:f4:1e:c8:27:49:62:99:95:
                    e9:14:03:50:d9:a6:f2:cb:64:11:4c:ab:85:a6:97:
                    ab:4d:9d:48:65:dd:3c:07:5b:20:3a:7d:35:58:3b:
                    58:b9:05:aa:ab:fa:40:e5:87:97:66:b8:4c:f7:60:
                    d6:23:67:b5:b9:d7:78:d1:a0:b5:a4:ca:80:8b:72:
                    c6:84:33:e1:9f:e9:99:50:18:09:1f:90:0c:fa:67:
                    3c:31:34:23:50:99:8b:da:27:94:3f:41:be:5f:8e:
                    2c:13:3e:4f:b2:34:e1:9e:1c:2b:60:e4:1b:72:eb:
                    9d:91:13:b6:be:4a:0e:f3:23:9c:f6:36:2a:d1:78:
                    3b:fc:a0:c9:17:aa:15:dc:37:4c:97:30:78:f6:a0:
                    3e:8b:d9:04:cf:57:5c:fa:43:0a:ce:9e:a3:cd:76:
                    2c:54:e2:66:12:b3:48:d5:b7:48:9a:89:36:3b:76:
                    95:42:15:e1:56:21:c5:8e:6b:12:53:6f:fb:87:3a:
                    ad:0e:49:5a:e0:92:78:fa:ba:d3:2b:77:38:24:04:
                    2c:35:f0:92:f4:72:b4:31:75:f1:0e:cb:1c:c8:68:
                    f2:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:92:EB:74:96:A8:61:E7:DE:1B:10:A3:DC:01:5C:57:1A:04:5B:58
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a3c7f799-6c54-4ca8-97cc-3e7125ce4e58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.162.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5d:5c:da:1b:10:31:37:68:b0:e1:96:e8:b2:71:65:cc:1e:75:
         2b:cc:7b:ed:33:13:d9:3c:b3:f2:16:f5:43:dc:37:f2:18:14:
         dd:36:26:2c:53:77:06:60:7a:d5:76:f0:04:4d:87:37:f6:00:
         67:3f:5d:a4:71:a8:71:c3:ce:5c:f6:50:24:2e:4d:69:a1:db:
         66:3e:a6:d8:62:f5:f2:c3:77:70:dc:92:a5:01:b3:f9:44:7b:
         48:66:98:2f:3d:3f:b7:e3:bf:4d:29:84:6d:25:02:fa:4f:a5:
         a9:5c:90:10:61:82:d8:5d:68:2b:76:d9:4d:98:57:e3:29:55:
         c4:b9:f6:8d:56:da:85:3e:5a:58:b8:9f:de:71:f6:ce:6e:2b:
         b8:de:9e:ca:57:f0:51:e3:a7:7d:45:8c:e3:1f:85:74:75:3a:
         eb:d1:9f:6a:ed:b3:89:74:01:fd:d6:43:48:37:88:6c:ca:a2:
         fa:5d:9d:ee:e6:66:ff:63:24:c0:1c:33:2d:82:8f:e2:72:66:
         a6:c7:8c:a4:bf:e1:ad:f0:e4:86:72:3a:4a:09:34:88:65:98:
         42:f7:d1:e8:f8:7f:0f:c3:cf:28:8b:94:75:56:37:2f:6b:c9:
         3b:ea:99:b5:a6:4a:5d:74:32:d9:5b:61:fe:49:53:73:5e:d1:
         78:5d:37:10
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdS0MkOi7nCrrSr2v1jeQa1OmgiwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMDEwMTAxWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MzNmNWQwYTFlM2FiMjUzYTA0NjVmZGIzOTQ5MGIzNDY0
Mzk0YjI1NzQ2YWNkZTU0YWI2MWNmYjk1ZGViMDZmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5UoEm9UqAq/SbEw2FDuuuAZHbEaH51IGk9IIsEmn2mG86
a2r0HsgnSWKZlekUA1DZpvLLZBFMq4Wml6tNnUhl3TwHWyA6fTVYO1i5Baqr+kDl
h5dmuEz3YNYjZ7W513jRoLWkyoCLcsaEM+Gf6ZlQGAkfkAz6ZzwxNCNQmYvaJ5Q/
Qb5fjiwTPk+yNOGeHCtg5Bty652RE7a+Sg7zI5z2NirReDv8oMkXqhXcN0yXMHj2
oD6L2QTPV1z6QwrOnqPNdixU4mYSs0jVt0iaiTY7dpVCFeFWIcWOaxJTb/uHOq0O
SVrgknj6utMrdzgkBCw18JL0crQxdfEOyxzIaPKNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUipLrdJaoYefeGxCj3AFcVxoEW1gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EzYzdmNzk5LTZjNTQtNGNhOC05N2NjLTNlNzEyNWNlNGU1OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATRorAwDQYJKoZIhvcNAQELBQADggEBAF1c2hsQMTdosOGW6LJxZcwedSvM
e+0zE9k8s/IW9UPcN/IYFN02JixTdwZgetV28ARNhzf2AGc/XaRxqHHDzlz2UCQu
TWmh22Y+pthi9fLDd3DckqUBs/lEe0hmmC89P7fjv00phG0lAvpPpalckBBhgthd
aCt22U2YV+MpVcS59o1W2oU+Wli4n95x9s5uK7jenspX8FHjp31FjOMfhXR1OuvR
n2rts4l0Af3WQ0g3iGzKovpdne7mZv9jJMAcMy2Cj+JyZqbHjKS/4a3w5IZyOkoJ
NIhlmEL30ej4fw/DzyiLlHVWNy9ryTvqmbWmSl10MtlbYf5JU3Ne0XhdNxA=
-----END CERTIFICATE-----