Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3c0e199-49ca-4e9e-90e1-c595278d550d.roa
File:                     b3c0e199-49ca-4e9e-90e1-c595278d550d.roa (raw, json)
Hash identifier:          R4O4hJH3EfyXi1uHLmE1YQwSkvHZeKw+pmmtnoCbgo4=
Subject key identifier:   00:FF:4E:5B:F8:0A:B9:E7:96:76:9F:98:7B:60:D8:11:A7:0B:F7:85
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3611CDBF70814B42702795F1AC20AAD02FC30DC3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3c0e199-49ca-4e9e-90e1-c595278d550d.roa
Signing time:             Tue 04 Nov 2025 00:20:11 +0000
ROA not before:           Tue 04 Nov 2025 00:20:11 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        94.36.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:11:cd:bf:70:81:4b:42:70:27:95:f1:ac:20:aa:d0:2f:c3:0d:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  4 00:20:11 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=fde81de62fca9638076528ce63509be18803dcf12837cbd909639ec66ecefbda, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f3:07:2e:c8:cd:3f:78:2b:72:99:45:ae:40:
                    9b:77:d6:97:b7:56:b6:74:b0:49:86:69:4a:e9:87:
                    36:30:97:d1:59:e4:9a:bb:40:bf:b0:22:77:64:ab:
                    5a:ae:a2:12:90:4c:0b:07:5a:9d:21:90:37:64:86:
                    b6:df:83:70:b3:b9:a8:1c:d8:84:cd:5d:a9:a8:88:
                    9a:ed:af:98:6b:85:40:95:b3:48:16:03:08:5a:6f:
                    fd:1d:a1:6a:ae:40:bc:04:7e:d6:a8:44:42:83:27:
                    e3:bc:b7:a7:9b:e8:20:e0:86:f0:4d:25:10:34:01:
                    c1:07:6e:36:df:67:88:00:f1:2f:ad:3a:ca:63:64:
                    ca:6e:01:7d:af:85:86:6e:de:09:70:d5:75:80:04:
                    2c:23:28:ab:a4:ea:ba:39:82:5a:93:9a:1c:d1:c7:
                    d0:b5:af:0e:7a:06:c0:97:fa:82:5a:10:22:e8:60:
                    b2:6e:57:3c:fe:4c:96:5f:e8:a5:32:79:13:90:fb:
                    ef:37:54:eb:25:12:03:d4:c5:8c:94:fc:86:e2:23:
                    62:32:c7:9a:33:41:4e:b6:68:25:5d:a4:0d:21:f1:
                    e8:b5:c4:66:3d:ab:f6:44:99:b3:33:55:06:03:a1:
                    50:6a:26:f1:01:41:eb:23:85:28:74:d9:da:0f:1c:
                    c3:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:FF:4E:5B:F8:0A:B9:E7:96:76:9F:98:7B:60:D8:11:A7:0B:F7:85
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3c0e199-49ca-4e9e-90e1-c595278d550d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.36.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         a4:0b:c6:03:e1:15:6a:69:bb:eb:54:8a:37:68:b1:d5:95:57:
         2e:d4:5b:12:ad:ff:fc:af:df:8d:ee:31:97:82:4f:c7:0e:24:
         8b:f0:e3:a0:86:7b:4e:c2:f7:7e:03:09:89:23:93:3a:6c:96:
         15:fb:c6:fe:14:9a:7a:65:c3:74:98:bd:6b:a7:0e:9c:a2:78:
         e6:5a:31:f4:ce:2b:4d:12:7e:58:3f:6c:73:51:bf:33:e6:09:
         f7:60:86:92:75:37:80:d2:a0:7c:84:2c:15:be:88:8b:54:7b:
         e0:71:ff:21:58:98:ad:92:b0:41:ba:f6:a6:32:34:1d:7a:11:
         b8:5e:98:74:58:aa:97:07:47:c8:33:b5:12:a7:5d:1e:53:dd:
         62:3d:d9:ab:c4:3c:8d:1d:2f:84:e0:d8:87:f0:7a:5c:c2:1d:
         79:50:e8:b1:f7:df:c8:52:74:9a:a5:e8:0e:bd:c9:71:69:8e:
         90:d2:6d:8b:f6:e1:c6:a2:6a:ab:82:64:3a:bc:a0:69:69:59:
         ba:26:41:df:8b:6c:89:a0:d0:19:22:42:7a:71:51:4a:07:2f:
         50:14:2a:bc:fe:f0:cf:37:a8:ae:26:90:9a:7b:bb:e6:78:6e:
         e6:f5:2e:9d:ee:28:82:7d:8b:aa:ee:dc:48:fb:26:93:8e:44:
         70:4f:cf:d0
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUNhHNv3CBS0JwJ5XxrCCq0C/DDcMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA0MDAyMDExWhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZGU4MWRlNjJmY2E5NjM4MDc2NTI4Y2U2MzUwOWJlMTg4
MDNkY2YxMjgzN2NiZDkwOTYzOWVjNjZlY2VmYmRhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCy8wcuyM0/eCtymUWuQJt31pe3VrZ0sEmGaUrphzYwl9FZ
5Jq7QL+wIndkq1quohKQTAsHWp0hkDdkhrbfg3Czuagc2ITNXamoiJrtr5hrhUCV
s0gWAwhab/0doWquQLwEftaoREKDJ+O8t6eb6CDghvBNJRA0AcEHbjbfZ4gA8S+t
OspjZMpuAX2vhYZu3glw1XWABCwjKKuk6ro5glqTmhzRx9C1rw56BsCX+oJaECLo
YLJuVzz+TJZf6KUyeROQ++83VOslEgPUxYyU/IbiI2Iyx5ozQU62aCVdpA0h8ei1
xGY9q/ZEmbMzVQYDoVBqJvEBQesjhSh02doPHMMJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUAP9OW/gKueeWdp+Ye2DYEacL94UwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IzYzBlMTk5LTQ5Y2EtNGU5ZS05MGUxLWM1OTUyNzhkNTUwZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwFeJDANBgkqhkiG9w0BAQsFAAOCAQEApAvGA+EVamm761SKN2ix1ZVXLtRb
Eq3//K/fje4xl4JPxw4ki/DjoIZ7TsL3fgMJiSOTOmyWFfvG/hSaemXDdJi9a6cO
nKJ45lox9M4rTRJ+WD9sc1G/M+YJ92CGknU3gNKgfIQsFb6Ii1R74HH/IViYrZKw
Qbr2pjI0HXoRuF6YdFiqlwdHyDO1EqddHlPdYj3Zq8Q8jR0vhODYh/B6XMIdeVDo
sfffyFJ0mqXoDr3JcWmOkNJti/bhxqJqq4JkOrygaWlZuiZB34tsiaDQGSJCenFR
SgcvUBQqvP7wzzeoriaQmnu75nhu5vUune4ogn2Lqu7cSPsmk45EcE/P0A==
-----END CERTIFICATE-----