Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b7a02b21-64a7-4629-8149-a98f47ed09a5.roa
File:                     b7a02b21-64a7-4629-8149-a98f47ed09a5.roa (raw, json)
Hash identifier:          9U4VO6JGQrN7Ly6YPMgABVNlAGoKERzo+qQzWhJr5Vc=
Subject key identifier:   DB:60:01:5C:47:B9:26:07:1A:4B:67:DB:D3:D8:F5:5A:95:7F:8B:0B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2AA4526E2DB3E645C97BDF73781A0AC4DC75280F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b7a02b21-64a7-4629-8149-a98f47ed09a5.roa
Signing time:             Sun 26 Oct 2025 00:40:53 +0000
ROA not before:           Sun 26 Oct 2025 00:40:53 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        66.221.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:a4:52:6e:2d:b3:e6:45:c9:7b:df:73:78:1a:0a:c4:dc:75:28:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 00:40:53 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=a0b764dbc63ad1a4534c00ffe208320bc9a72953381ed5d0d2716d0ac4793dc3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:10:ba:0b:21:f0:82:36:5b:f4:4d:40:55:e6:
                    b1:0b:b3:1f:c0:4f:98:b7:78:cb:0d:32:6c:49:62:
                    03:3c:d5:3d:64:e9:30:01:22:4d:bb:b8:56:32:1a:
                    97:d7:13:ec:76:4b:7e:c8:79:01:c5:a2:84:39:99:
                    37:8d:f0:ae:cc:77:fe:11:44:43:f4:38:44:d8:4d:
                    d2:b7:87:3d:03:2c:7f:1a:87:7b:ed:56:ee:b4:a4:
                    b1:f7:24:ad:8e:e6:29:b6:fc:4f:f0:e8:a8:64:86:
                    ba:9d:0c:32:00:e1:18:28:04:59:21:68:c6:38:e1:
                    f1:cb:03:3d:71:47:48:9f:3d:66:9b:87:4d:e9:7a:
                    04:25:f0:05:4e:93:4d:50:46:1f:95:bf:71:35:72:
                    51:95:24:ad:91:d8:56:e3:32:55:5e:51:3d:4c:c6:
                    c8:c6:68:eb:bd:7c:c2:63:34:c8:12:31:13:28:e0:
                    66:11:ea:a2:e4:e8:8c:6e:62:cb:46:b5:a5:a6:1d:
                    fe:6a:db:53:96:b2:1c:2a:ae:e1:22:dd:20:12:f0:
                    b9:39:52:b8:3b:d7:11:bf:7c:99:34:d6:36:ea:44:
                    3e:c2:86:3b:32:39:81:31:ee:a8:dd:b9:e1:96:af:
                    54:a9:a0:19:51:a9:39:6e:ef:4a:ba:fb:a5:9f:bb:
                    6c:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:60:01:5C:47:B9:26:07:1A:4B:67:DB:D3:D8:F5:5A:95:7F:8B:0B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b7a02b21-64a7-4629-8149-a98f47ed09a5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.221.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b7:73:d9:c0:75:52:17:1c:ea:b1:52:f9:6c:50:ff:ec:07:b3:
         67:08:6f:a3:82:c5:8c:13:1b:fb:02:ba:5c:79:08:89:fb:e8:
         e8:a4:28:70:88:75:64:23:f5:a8:7c:d1:28:ec:0d:aa:90:fa:
         b9:86:73:29:04:b6:5a:dd:e3:34:4a:6a:b7:4f:97:32:79:08:
         b0:28:d4:3f:05:90:14:3c:b7:8e:fe:3f:09:28:7e:f4:f3:d4:
         df:7d:d3:53:f5:a8:d3:4c:fb:06:44:9f:64:78:14:ac:c6:f8:
         f1:be:37:a2:98:05:5a:e2:a3:a4:82:59:88:2f:cd:50:f8:60:
         53:12:cf:bd:66:54:09:a7:e1:df:cc:d5:6e:c2:01:dc:73:5d:
         24:ab:7e:75:46:ca:06:68:a5:a5:36:71:d8:65:1a:a1:29:ab:
         76:3c:b3:db:17:0b:25:47:d5:94:01:98:f5:fe:13:b3:46:a8:
         0f:25:1b:3d:a0:4b:03:83:71:b7:25:b6:b5:d4:63:1c:3c:63:
         cd:94:03:87:cc:2f:41:1f:d0:5b:32:13:c9:0e:40:e5:52:6b:
         eb:b4:7f:f9:4b:e0:4d:3e:7a:1a:a2:33:40:14:b7:6a:9f:59:
         51:37:90:d8:cd:0a:3b:c2:03:b2:19:45:0b:3c:14:87:26:b6:
         51:c5:e1:26
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUKqRSbi2z5kXJe99zeBoKxNx1KA8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDA0MDUzWhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMGI3NjRkYmM2M2FkMWE0NTM0YzAwZmZlMjA4MzIwYmM5
YTcyOTUzMzgxZWQ1ZDBkMjcxNmQwYWM0NzkzZGMzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmELoLIfCCNlv0TUBV5rELsx/AT5i3eMsNMmxJYgM81T1k
6TABIk27uFYyGpfXE+x2S37IeQHFooQ5mTeN8K7Md/4RREP0OETYTdK3hz0DLH8a
h3vtVu60pLH3JK2O5im2/E/w6KhkhrqdDDIA4RgoBFkhaMY44fHLAz1xR0ifPWab
h03pegQl8AVOk01QRh+Vv3E1clGVJK2R2FbjMlVeUT1MxsjGaOu9fMJjNMgSMRMo
4GYR6qLk6IxuYstGtaWmHf5q21OWshwqruEi3SAS8Lk5Urg71xG/fJk01jbqRD7C
hjsyOYEx7qjdueGWr1SpoBlRqTlu70q6+6Wfu2ztAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU22ABXEe5JgcaS2fb09j1WpV/iwswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I3YTAyYjIxLTY0YTctNDYyOS04MTQ5LWE5OGY0N2VkMDlhNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBC3TANBgkqhkiG9w0BAQsFAAOCAQEAt3PZwHVSFxzqsVL5bFD/7AezZwhv
o4LFjBMb+wK6XHkIifvo6KQocIh1ZCP1qHzRKOwNqpD6uYZzKQS2Wt3jNEpqt0+X
MnkIsCjUPwWQFDy3jv4/CSh+9PPU333TU/Wo00z7BkSfZHgUrMb48b43opgFWuKj
pIJZiC/NUPhgUxLPvWZUCafh38zVbsIB3HNdJKt+dUbKBmilpTZx2GUaoSmrdjyz
2xcLJUfVlAGY9f4Ts0aoDyUbPaBLA4NxtyW2tdRjHDxjzZQDh8wvQR/QWzITyQ5A
5VJr67R/+UvgTT56GqIzQBS3ap9ZUTeQ2M0KO8IDshlFCzwUhya2UcXhJg==
-----END CERTIFICATE-----