Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a458e6c6-7bc7-4807-a074-51b2c4289147.roa
File:                     a458e6c6-7bc7-4807-a074-51b2c4289147.roa (raw, json)
Hash identifier:          9kNHbQY34Fl5H6fIE7jAACwi/fvpTPPRlBO4j30gokQ=
Subject key identifier:   E6:60:26:2F:17:7A:C7:FC:66:DF:22:BE:49:5E:27:A6:E9:79:C2:E0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2F050D6E8680E015572752CD1114F14D3E54721D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a458e6c6-7bc7-4807-a074-51b2c4289147.roa
Signing time:             Wed 05 Nov 2025 00:10:48 +0000
ROA not before:           Wed 05 Nov 2025 00:10:48 +0000
ROA not after:            Wed 10 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        207.21.246.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:05:0d:6e:86:80:e0:15:57:27:52:cd:11:14:f1:4d:3e:54:72:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  5 00:10:48 2025 GMT
            Not After : Dec 10 23:59:59 2025 GMT
        Subject: serialNumber=292496980983f2ebe63e39e41e0617b8a2a07364d513b553d50221c03fc8c2e8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:30:f8:5f:d4:e5:15:e7:cc:27:4d:0e:da:9f:
                    43:be:ba:8b:8e:98:61:94:cc:73:3b:6f:fa:46:8c:
                    5d:84:fd:69:ee:c4:2d:32:09:33:3c:8f:90:37:3f:
                    d7:36:de:9b:a5:bd:12:f5:a5:87:ef:6d:e2:9f:a5:
                    ba:3d:ec:2a:21:fa:5c:94:a8:e7:1f:e7:db:ea:3e:
                    86:31:ed:5a:37:00:83:9d:72:3a:9f:d2:72:ac:86:
                    c3:60:25:09:79:fe:18:fb:7b:a1:0f:60:a1:b9:44:
                    bb:df:85:56:4d:3a:e0:03:46:82:56:78:75:3c:f1:
                    d8:e4:0d:fb:ab:7f:d5:6e:d6:88:8f:4d:02:d7:78:
                    3e:21:6f:d4:5b:62:cb:3d:0f:b9:78:db:4d:ac:a9:
                    59:64:4f:a9:a9:32:3a:34:3b:3a:e5:ec:c8:9a:bf:
                    81:81:80:6e:8f:20:29:2b:50:79:a9:77:15:15:f9:
                    91:c5:67:f0:d9:4c:d5:7f:4c:e8:6a:ff:06:71:50:
                    bd:21:a0:23:e6:60:8e:9d:e4:16:a0:d9:57:36:b9:
                    58:9d:45:00:33:ab:f5:80:44:9e:da:a2:83:a8:36:
                    1d:38:45:e3:fb:48:a1:64:47:5a:50:a7:07:b1:72:
                    4b:92:bd:ff:17:39:7d:a3:87:11:ad:47:2b:74:3c:
                    ac:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:60:26:2F:17:7A:C7:FC:66:DF:22:BE:49:5E:27:A6:E9:79:C2:E0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a458e6c6-7bc7-4807-a074-51b2c4289147.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.21.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         31:63:59:03:7c:64:9a:5d:51:75:8f:ff:86:82:f5:7c:46:a7:
         f0:73:3a:ad:e2:d8:c5:c9:95:d6:01:75:87:0c:b9:75:c6:b2:
         33:f0:cd:75:0f:73:c2:1a:2b:3e:d0:45:f5:35:8b:fe:32:26:
         2b:f7:e4:4b:38:a2:1a:89:48:b9:1a:2e:3f:56:10:26:5a:b8:
         2f:04:a1:b7:aa:66:1a:ab:98:a6:19:d1:ae:1f:72:d2:5f:e1:
         f6:1d:b3:fc:a8:a8:ac:e6:6a:01:20:7d:fa:4f:5d:1a:1c:57:
         c7:20:64:ad:ff:fc:06:63:64:a4:fc:1b:0e:02:14:a3:64:90:
         25:ce:4c:e8:f5:d6:29:33:49:28:78:2e:8a:c5:21:41:e6:80:
         0b:ce:0e:60:39:f4:e2:9f:91:06:d5:ca:e5:c5:23:50:d8:5e:
         73:64:aa:56:4b:22:9a:80:f0:a8:29:f7:fd:ed:a9:3f:1e:bf:
         dc:d0:4c:a5:d0:15:c4:ff:68:82:a8:10:3e:d3:05:52:13:e9:
         c8:3d:b4:96:db:53:c6:35:2d:36:12:c9:02:70:f5:9b:e3:5d:
         7f:be:78:d4:7d:34:bb:58:36:48:63:6f:ae:3f:3f:81:7c:6d:
         af:41:52:41:8f:68:d7:aa:05:1a:d0:e2:14:0b:83:02:34:b6:
         af:a8:e2:cb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULwUNboaA4BVXJ1LNERTxTT5Uch0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA1MDAxMDQ4WhcNMjUxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AyOTI0OTY5ODA5ODNmMmViZTYzZTM5ZTQxZTA2MTdiOGEy
YTA3MzY0ZDUxM2I1NTNkNTAyMjFjMDNmYzhjMmU4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfMPhf1OUV58wnTQ7an0O+uouOmGGUzHM7b/pGjF2E/Wnu
xC0yCTM8j5A3P9c23pulvRL1pYfvbeKfpbo97Coh+lyUqOcf59vqPoYx7Vo3AIOd
cjqf0nKshsNgJQl5/hj7e6EPYKG5RLvfhVZNOuADRoJWeHU88djkDfurf9Vu1oiP
TQLXeD4hb9RbYss9D7l4202sqVlkT6mpMjo0Ozrl7Miav4GBgG6PICkrUHmpdxUV
+ZHFZ/DZTNV/TOhq/wZxUL0hoCPmYI6d5Bag2Vc2uVidRQAzq/WARJ7aooOoNh04
ReP7SKFkR1pQpwexckuSvf8XOX2jhxGtRyt0PKzHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5mAmLxd6x/xm3yK+SV4npul5wuAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E0NThlNmM2LTdiYzctNDgwNy1hMDc0LTUxYjJjNDI4OTE0Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAHPFfYwDQYJKoZIhvcNAQELBQADggEBADFjWQN8ZJpdUXWP/4aC9XxGp/Bz
Oq3i2MXJldYBdYcMuXXGsjPwzXUPc8IaKz7QRfU1i/4yJiv35Es4ohqJSLkaLj9W
ECZauC8EobeqZhqrmKYZ0a4fctJf4fYds/yoqKzmagEgffpPXRocV8cgZK3//AZj
ZKT8Gw4CFKNkkCXOTOj11ikzSSh4LorFIUHmgAvODmA59OKfkQbVyuXFI1DYXnNk
qlZLIpqA8Kgp9/3tqT8ev9zQTKXQFcT/aIKoED7TBVIT6cg9tJbbU8Y1LTYSyQJw
9ZvjXX++eNR9NLtYNkhjb64/P4F8ba9BUkGPaNeqBRrQ4hQLgwI0tq+o4ss=
-----END CERTIFICATE-----