Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a537444f-9491-4144-a93b-138617032fc0.roa
File:                     a537444f-9491-4144-a93b-138617032fc0.roa (raw, json)
Hash identifier:          btL58M1tV03jlZZniO2Q7u4Tidw6/Uktbi1Co59BE0w=
Subject key identifier:   B1:5B:6A:8A:57:29:06:18:52:58:5F:F7:81:8A:B4:3D:FC:76:4B:DC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       51E65066D51D4C824EAD05D9A9A875001384A815
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a537444f-9491-4144-a93b-138617032fc0.roa
Signing time:             Tue 28 Oct 2025 00:30:45 +0000
ROA not before:           Tue 28 Oct 2025 00:30:45 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.106.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:e6:50:66:d5:1d:4c:82:4e:ad:05:d9:a9:a8:75:00:13:84:a8:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:30:45 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=0dc79157a027370a72fda984f1971841ec67b0ec632e608ce86515c3d5fa2bcf, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:92:20:99:2e:49:60:17:43:75:4b:55:e1:5f:
                    2b:7d:2d:0b:4c:af:09:ce:e4:d1:d0:eb:72:dc:a5:
                    70:a3:a8:e0:0d:b5:3c:b0:8f:b8:78:05:3b:4f:11:
                    0e:9a:5a:7e:a2:13:c7:c2:f1:f6:bc:16:73:ef:58:
                    40:0e:fe:75:cc:dd:49:3a:71:86:08:59:4c:33:72:
                    a0:67:90:31:d3:e3:c6:6b:73:b1:c9:ef:cf:a4:e0:
                    55:1e:8d:c9:c3:d0:2c:92:cb:a9:0e:80:10:22:e4:
                    a8:4c:91:9e:db:cb:6a:21:e2:26:55:86:13:4e:74:
                    e6:7f:9f:4c:dc:f1:b3:e2:5e:60:c3:5b:da:e9:f5:
                    28:c3:cb:4f:06:07:17:95:3e:cc:1c:be:a5:73:a0:
                    70:67:fd:d0:d7:d0:76:52:85:d3:22:4f:af:30:3c:
                    aa:e5:f3:65:27:b5:bf:fa:10:7d:58:9b:2d:90:dd:
                    3b:a3:0e:af:b9:7a:2f:51:53:2b:bd:90:f0:53:33:
                    c1:b4:cf:1b:9f:7b:92:0f:24:ff:80:52:6f:b1:72:
                    b2:7a:08:da:f2:b9:a9:07:e3:5d:40:f4:af:ee:ca:
                    bf:93:99:8e:f8:44:88:bf:a1:27:0b:1f:f9:ce:12:
                    23:5b:01:a8:65:27:56:60:0c:3b:22:2f:1c:ec:f1:
                    73:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:5B:6A:8A:57:29:06:18:52:58:5F:F7:81:8A:B4:3D:FC:76:4B:DC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a537444f-9491-4144-a93b-138617032fc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:96:be:95:84:ae:fc:a4:61:27:9e:cd:40:b1:77:d2:9e:ab:
         26:14:1a:a8:df:03:61:b7:97:94:89:c3:15:cc:57:0d:34:ec:
         bd:f7:15:98:20:79:f9:56:69:37:9f:ea:9b:09:d7:a0:0b:b7:
         8a:84:5b:9b:e8:9e:ab:98:6c:1b:22:eb:77:7c:ff:31:55:4a:
         91:48:c0:c1:70:a5:c4:59:71:f1:16:f0:b0:63:b4:e2:91:74:
         54:af:21:40:f6:f3:26:a6:c2:89:3e:e1:92:1b:68:77:d6:02:
         f5:c7:de:24:29:54:f6:a5:f2:47:6a:fd:80:5e:9a:99:44:3b:
         d6:3d:ea:ec:69:92:ec:a7:ad:d0:f1:cf:a8:bf:54:8e:98:3f:
         91:be:15:4c:2f:b3:ee:e0:6c:44:84:a0:1b:8d:b5:a9:24:bf:
         c9:14:37:70:58:f7:ca:7a:69:db:ef:61:21:91:9d:6c:b7:42:
         8d:62:b3:90:7d:45:90:72:69:13:de:f6:a7:f2:b9:f9:c9:0a:
         7c:cb:59:00:56:28:dc:d9:5c:00:0e:f0:8a:e0:e8:4a:86:04:
         29:6c:a0:11:91:d5:b2:08:99:0e:c0:a8:ed:8d:c2:55:85:91:
         1c:f9:a2:7c:08:17:3d:84:bc:53:92:e2:03:00:9d:e8:14:3b:
         3f:68:4f:59
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUeZQZtUdTIJOrQXZqah1ABOEqBUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDAzMDQ1WhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwZGM3OTE1N2EwMjczNzBhNzJmZGE5ODRmMTk3MTg0MWVj
NjdiMGVjNjMyZTYwOGNlODY1MTVjM2Q1ZmEyYmNmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjkiCZLklgF0N1S1XhXyt9LQtMrwnO5NHQ63LcpXCjqOAN
tTywj7h4BTtPEQ6aWn6iE8fC8fa8FnPvWEAO/nXM3Uk6cYYIWUwzcqBnkDHT48Zr
c7HJ78+k4FUejcnD0CySy6kOgBAi5KhMkZ7by2oh4iZVhhNOdOZ/n0zc8bPiXmDD
W9rp9SjDy08GBxeVPswcvqVzoHBn/dDX0HZShdMiT68wPKrl82Untb/6EH1Ymy2Q
3TujDq+5ei9RUyu9kPBTM8G0zxufe5IPJP+AUm+xcrJ6CNryuakH411A9K/uyr+T
mY74RIi/oScLH/nOEiNbAahlJ1ZgDDsiLxzs8XO3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsVtqilcpBhhSWF/3gYq0Pfx2S9wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E1Mzc0NDRmLTk0OTEtNDE0NC1hOTNiLTEzODYxNzAzMmZjMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/GowDQYJKoZIhvcNAQELBQADggEBAHuWvpWErvykYSeezUCxd9KeqyYU
GqjfA2G3l5SJwxXMVw007L33FZggeflWaTef6psJ16ALt4qEW5vonquYbBsi63d8
/zFVSpFIwMFwpcRZcfEW8LBjtOKRdFSvIUD28yamwok+4ZIbaHfWAvXH3iQpVPal
8kdq/YBemplEO9Y96uxpkuynrdDxz6i/VI6YP5G+FUwvs+7gbESEoBuNtakkv8kU
N3BY98p6advvYSGRnWy3Qo1is5B9RZByaRPe9qfyufnJCnzLWQBWKNzZXAAO8Irg
6EqGBClsoBGR1bIImQ7AqO2NwlWFkRz5onwIFz2EvFOS4gMAnegUOz9oT1k=
-----END CERTIFICATE-----