Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7c489b0-36dd-4531-842b-acab12d64317.roa
File:                     a7c489b0-36dd-4531-842b-acab12d64317.roa (raw, json)
Hash identifier:          Hmh5sjJPU/IMq76vBYummbyfz6hV0z5jJ7Yol3eiK2M=
Subject key identifier:   7D:9D:FA:70:7A:EC:8A:D3:95:45:0D:03:3E:86:D8:5D:71:32:82:63
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0DC19D3483918E4AC7D7CC6731AA9AD8BBF2D20C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7c489b0-36dd-4531-842b-acab12d64317.roa
Signing time:             Fri 31 Oct 2025 21:06:45 +0000
ROA not before:           Fri 31 Oct 2025 21:06:45 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        76.223.64.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:c1:9d:34:83:91:8e:4a:c7:d7:cc:67:31:aa:9a:d8:bb:f2:d2:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 21:06:45 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=cc21b22db42e5f179c8b7ae6d38b2ed088ad1e353f6c607cd7a16fed254fad01, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:1e:fb:1d:e0:2b:48:e5:2f:2d:f0:37:c5:47:
                    6f:5c:d7:03:1d:64:7d:70:f2:07:1a:d5:8a:c8:9f:
                    fe:d0:d1:cb:5e:a1:3c:af:b3:65:dc:70:2d:44:57:
                    c4:a9:66:7e:89:eb:63:ea:05:bb:77:e2:4f:28:4e:
                    84:dd:72:ec:42:d9:3e:9a:33:fc:37:c0:d9:67:4b:
                    da:3b:ea:e1:91:e3:1d:05:de:dd:53:b0:ed:13:a9:
                    25:b1:a3:02:17:25:20:f0:00:eb:23:8e:6e:a1:06:
                    e9:89:00:13:61:30:90:ca:84:c3:18:31:de:62:a3:
                    23:ff:b0:23:e7:81:b9:3f:ea:6e:21:2b:7e:98:ac:
                    d7:a6:3c:9d:11:79:6b:60:cf:57:bf:3f:cf:e2:10:
                    f0:50:67:3a:65:a7:2e:53:7e:ce:8d:e6:d4:aa:0b:
                    9c:b6:80:21:ce:e0:1b:a9:7b:96:4d:8e:cb:88:db:
                    e9:f3:8f:73:03:7f:a6:99:60:26:e9:57:46:e5:73:
                    36:19:d9:6e:69:c4:9f:2d:a1:62:bc:9a:23:da:b0:
                    d2:69:d3:1e:6c:d7:8b:2e:ec:8e:53:86:ba:ad:96:
                    56:ac:b2:99:79:c2:f7:80:83:a1:01:d5:9c:dd:3e:
                    19:74:73:8a:31:f4:19:4f:a8:57:9d:ab:51:7c:1b:
                    1a:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:9D:FA:70:7A:EC:8A:D3:95:45:0D:03:3E:86:D8:5D:71:32:82:63
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7c489b0-36dd-4531-842b-acab12d64317.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.223.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         74:4d:ac:88:8f:42:9c:34:55:d7:0b:54:fe:fc:f6:44:62:2e:
         f8:de:96:a0:09:20:18:1f:57:aa:92:da:18:06:8d:66:7f:7a:
         3a:ca:e3:de:2f:e5:b6:7d:79:a6:92:b8:c5:d9:02:f1:ee:f2:
         e2:0c:71:89:b9:67:2c:6f:f5:09:4a:f3:1e:e4:a5:69:d7:c2:
         5d:1e:f4:20:40:47:74:cf:46:70:14:6c:b3:d9:f5:3f:ba:4f:
         05:11:dd:0e:77:01:0f:c6:76:21:d4:72:a0:bc:36:b0:2b:83:
         c0:08:2f:ce:00:f3:13:77:99:28:71:81:07:eb:79:b5:04:a4:
         7e:f8:6d:df:69:ed:37:39:a1:4f:e7:8f:be:dd:d1:4f:43:4d:
         ff:7f:cd:19:72:c8:f9:aa:1d:58:96:3e:43:33:7e:b8:0e:ba:
         eb:73:cf:3d:fc:9c:8c:73:b3:c2:d8:ba:a6:93:bc:c1:70:de:
         1c:0d:99:dd:61:0e:00:a3:b3:71:60:5c:c7:5c:f6:9f:b8:e8:
         45:e7:1e:cc:40:72:db:0a:65:b1:69:26:61:5f:2e:5e:58:ac:
         9d:3c:68:bb:d2:4e:b8:46:da:83:30:bd:df:47:be:24:57:d7:
         d1:3b:c7:51:1f:4d:56:9c:e5:14:e6:c0:f8:27:ba:c6:d6:1f:
         8f:b5:7c:ec
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDcGdNIORjkrH18xnMaqa2Lvy0gwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMjEwNjQ1WhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYzIxYjIyZGI0MmU1ZjE3OWM4YjdhZTZkMzhiMmVkMDg4
YWQxZTM1M2Y2YzYwN2NkN2ExNmZlZDI1NGZhZDAxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWHvsd4CtI5S8t8DfFR29c1wMdZH1w8gca1YrIn/7Q0cte
oTyvs2XccC1EV8SpZn6J62PqBbt34k8oToTdcuxC2T6aM/w3wNlnS9o76uGR4x0F
3t1TsO0TqSWxowIXJSDwAOsjjm6hBumJABNhMJDKhMMYMd5ioyP/sCPngbk/6m4h
K36YrNemPJ0ReWtgz1e/P8/iEPBQZzplpy5Tfs6N5tSqC5y2gCHO4Bupe5ZNjsuI
2+nzj3MDf6aZYCbpV0blczYZ2W5pxJ8toWK8miPasNJp0x5s14su7I5Thrqtllas
spl5wveAg6EB1ZzdPhl0c4ox9BlPqFedq1F8GxpPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfZ36cHrsitOVRQ0DPobYXXEygmMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E3YzQ4OWIwLTM2ZGQtNDUzMS04NDJiLWFjYWIxMmQ2NDMxNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARM30AwDQYJKoZIhvcNAQELBQADggEBAHRNrIiPQpw0VdcLVP789kRiLvje
lqAJIBgfV6qS2hgGjWZ/ejrK494v5bZ9eaaSuMXZAvHu8uIMcYm5Zyxv9QlK8x7k
pWnXwl0e9CBAR3TPRnAUbLPZ9T+6TwUR3Q53AQ/GdiHUcqC8NrArg8AIL84A8xN3
mShxgQfrebUEpH74bd9p7Tc5oU/nj77d0U9DTf9/zRlyyPmqHViWPkMzfrgOuutz
zz38nIxzs8LYuqaTvMFw3hwNmd1hDgCjs3FgXMdc9p+46EXnHsxActsKZbFpJmFf
Ll5YrJ08aLvSTrhG2oMwvd9HviRX19E7x1EfTVac5RTmwPgnusbWH4+1fOw=
-----END CERTIFICATE-----