Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b551b0fa-4ca7-4e59-b924-6e15a8ffd1ea.roa
File:                     b551b0fa-4ca7-4e59-b924-6e15a8ffd1ea.roa (raw, json)
Hash identifier:          aZiXyQ8jUJuLtjHn+ZrwVq/rATtL53R0ca+ljgjDp/M=
Subject key identifier:   43:FC:A4:B2:B1:42:63:3B:82:43:3E:96:94:F7:7D:22:C0:3D:3B:67
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1B082ABE9B500540A0C61EC273A2119A96843204
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b551b0fa-4ca7-4e59-b924-6e15a8ffd1ea.roa
Signing time:             Tue 28 Oct 2025 00:00:11 +0000
ROA not before:           Tue 28 Oct 2025 00:00:11 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        68.232.112.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:08:2a:be:9b:50:05:40:a0:c6:1e:c2:73:a2:11:9a:96:84:32:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:00:11 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=50ea8a6f4abbdce48c6ffc9994c4d8359596e02ea1e92a71a1111b5b20c2d7f8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:5c:69:93:1d:9e:dc:00:cc:e4:b4:e7:76:eb:
                    ec:97:06:8b:b3:74:b1:1b:48:84:32:b9:6c:62:d9:
                    f7:b0:97:04:07:ff:ff:7d:1b:70:ac:2f:48:c7:21:
                    7a:d8:8a:79:21:19:f7:d8:88:e9:6e:45:90:83:8d:
                    79:a3:df:39:0c:fb:83:82:40:93:b4:98:8d:91:6c:
                    16:5f:bd:dc:ec:bf:5b:c8:82:1d:99:92:35:f0:98:
                    f8:a8:d8:e5:f4:ae:11:96:00:80:55:9f:ab:4b:85:
                    e4:37:56:dc:3d:e7:97:5b:c3:b9:7c:38:2b:eb:eb:
                    3f:8f:8f:42:d9:ca:ec:9a:1a:a7:45:84:16:06:77:
                    ea:a6:33:71:85:08:9e:5b:a2:11:dc:9d:d2:55:e8:
                    30:a1:1e:9d:58:98:ae:14:6b:db:b4:51:ed:01:95:
                    3f:2c:fc:eb:2a:7a:03:da:8f:74:0b:ff:6b:58:b6:
                    ff:b3:8c:96:4d:34:ec:f6:e5:b0:6f:1a:d1:5c:9a:
                    b3:89:75:47:4f:ff:60:63:74:81:97:9d:cd:a4:05:
                    76:f8:07:69:70:82:99:fe:da:26:e6:d7:25:bb:fc:
                    ba:ee:6a:2d:d4:d7:5b:79:91:01:39:30:68:ef:88:
                    0e:0a:68:cc:96:d8:ec:55:b3:d1:d6:0e:75:1b:d4:
                    ff:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:FC:A4:B2:B1:42:63:3B:82:43:3E:96:94:F7:7D:22:C0:3D:3B:67
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b551b0fa-4ca7-4e59-b924-6e15a8ffd1ea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  68.232.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         1f:70:24:14:08:fa:f0:cf:6d:87:94:1f:f4:61:d1:ed:a2:47:
         d1:6c:9d:86:4b:9d:60:b4:8b:2e:8c:e0:0d:e0:b2:79:b2:44:
         02:3e:16:5c:38:27:b4:86:73:07:18:e3:36:33:41:66:f2:8f:
         5f:91:58:2b:8e:c3:f6:37:5f:90:c8:7a:26:41:6a:aa:41:c2:
         2b:6d:d8:1f:ae:3f:ec:b0:51:dc:26:b9:43:b4:45:f7:2d:89:
         a3:ed:ba:58:a4:39:07:3d:0f:c2:fe:d1:0d:55:61:ae:b5:0a:
         2d:1e:70:74:95:67:cc:a3:a2:be:84:fa:ff:b6:63:be:e6:fb:
         01:77:a8:a3:2a:29:a4:09:00:08:b8:c7:55:da:ab:ac:fe:b7:
         aa:4f:c0:03:2c:13:29:a4:12:dd:d0:6d:b3:49:d4:34:6e:bc:
         e2:b9:fd:a3:8c:b3:69:b9:9e:2c:78:d4:ca:fa:ac:e9:3e:83:
         b7:f5:4d:91:9b:47:b2:ef:97:90:e2:c7:cc:81:6c:eb:bd:dd:
         27:55:d9:f7:53:b6:a1:ea:30:43:e2:4f:a6:89:79:7f:43:32:
         45:60:8b:c5:65:c1:20:98:f6:8a:e1:d6:69:33:40:f3:30:1e:
         3c:c0:6b:7e:3b:16:ba:7e:74:9b:fa:f0:a0:92:93:5c:fb:76:
         b3:1d:68:18
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGwgqvptQBUCgxh7Cc6IRmpaEMgQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDAwMDExWhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A1MGVhOGE2ZjRhYmJkY2U0OGM2ZmZjOTk5NGM0ZDgzNTk1
OTZlMDJlYTFlOTJhNzFhMTExMWI1YjIwYzJkN2Y4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDxXGmTHZ7cAMzktOd26+yXBouzdLEbSIQyuWxi2fewlwQH
//99G3CsL0jHIXrYinkhGffYiOluRZCDjXmj3zkM+4OCQJO0mI2RbBZfvdzsv1vI
gh2ZkjXwmPio2OX0rhGWAIBVn6tLheQ3Vtw955dbw7l8OCvr6z+Pj0LZyuyaGqdF
hBYGd+qmM3GFCJ5bohHcndJV6DChHp1YmK4Ua9u0Ue0BlT8s/OsqegPaj3QL/2tY
tv+zjJZNNOz25bBvGtFcmrOJdUdP/2BjdIGXnc2kBXb4B2lwgpn+2ibm1yW7/Lru
ai3U11t5kQE5MGjviA4KaMyW2OxVs9HWDnUb1P/JAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQ/yksrFCYzuCQz6WlPd9IsA9O2cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I1NTFiMGZhLTRjYTctNGU1OS1iOTI0LTZlMTVhOGZmZDFlYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARE6HAwDQYJKoZIhvcNAQELBQADggEBAB9wJBQI+vDPbYeUH/Rh0e2iR9Fs
nYZLnWC0iy6M4A3gsnmyRAI+Flw4J7SGcwcY4zYzQWbyj1+RWCuOw/Y3X5DIeiZB
aqpBwitt2B+uP+ywUdwmuUO0RfctiaPtulikOQc9D8L+0Q1VYa61Ci0ecHSVZ8yj
or6E+v+2Y77m+wF3qKMqKaQJAAi4x1Xaq6z+t6pPwAMsEymkEt3QbbNJ1DRuvOK5
/aOMs2m5nix41Mr6rOk+g7f1TZGbR7Lvl5Dix8yBbOu93SdV2fdTtqHqMEPiT6aJ
eX9DMkVgi8VlwSCY9orh1mkzQPMwHjzAa347Frp+dJv68KCSk1z7drMdaBg=
-----END CERTIFICATE-----