Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b8a5c33c-4221-4d45-9196-c1249651c336.roa
File:                     b8a5c33c-4221-4d45-9196-c1249651c336.roa (raw, json)
Hash identifier:          47jLQq4COde9UfJiGhmBwpQCNeOWm1U3FOc0O0Drbl8=
Subject key identifier:   1D:DF:36:2B:94:FA:28:36:08:0F:66:A0:D4:FD:15:1F:F2:23:35:D0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4C88FBC275F42B240728667803E382533AE7C47E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b8a5c33c-4221-4d45-9196-c1249651c336.roa
Signing time:             Fri 24 Oct 2025 11:25:14 +0000
ROA not before:           Fri 24 Oct 2025 11:25:14 +0000
ROA not after:            Fri 28 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.8.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:88:fb:c2:75:f4:2b:24:07:28:66:78:03:e3:82:53:3a:e7:c4:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 24 11:25:14 2025 GMT
            Not After : Nov 28 23:59:59 2025 GMT
        Subject: serialNumber=03719840d2df13d0b4ad6680d095a3ccc0df414928629ed180bfa84d3f76a6f0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:8d:b4:34:51:19:74:6c:3e:21:ed:e9:ca:1d:
                    cb:27:3a:7d:31:0e:49:b1:55:ea:77:2f:f0:36:7a:
                    d7:44:d5:bf:04:53:4e:6d:48:a2:35:5f:8e:9d:56:
                    f2:d6:49:c6:d3:e0:f4:cb:60:1e:82:ab:2d:e8:37:
                    8a:a0:4d:0c:e1:ac:ce:d1:22:02:c3:fc:3a:76:47:
                    e3:1c:fd:e7:85:11:0d:a7:74:23:d6:39:10:01:4d:
                    c2:41:d5:0f:6f:62:3f:ae:3c:0e:c0:bd:fb:2e:4d:
                    7e:b4:e5:6d:58:ca:76:be:3e:60:9b:a4:06:34:c2:
                    63:5f:80:73:59:78:3e:0d:f9:a5:0c:e8:b2:2f:8c:
                    c4:91:8f:2f:03:90:8f:f0:47:f0:dd:50:3f:40:52:
                    da:b8:23:08:07:c7:9e:48:88:92:0e:db:4e:c8:c1:
                    79:7a:fa:a1:10:26:eb:07:c8:ec:3d:7f:3a:02:39:
                    14:a7:fe:e8:b2:f4:4b:b7:87:2a:7e:03:8f:e6:d9:
                    c5:b2:65:95:ac:10:c2:85:02:b2:af:26:26:30:31:
                    e4:fe:fe:f0:43:64:85:d4:a1:ab:d5:9e:f7:ad:2f:
                    dc:f2:0b:a8:40:50:b5:75:70:5e:49:b7:93:13:57:
                    11:74:48:ac:be:0f:d5:25:da:e2:63:a1:6b:65:80:
                    27:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:DF:36:2B:94:FA:28:36:08:0F:66:A0:D4:FD:15:1F:F2:23:35:D0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b8a5c33c-4221-4d45-9196-c1249651c336.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.8.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         8a:a0:7a:2b:59:54:2b:f9:05:54:a3:dc:2d:56:db:0c:14:d8:
         e7:a5:ed:70:2e:34:39:6b:55:8d:f7:bd:0f:26:ad:38:dc:d1:
         7b:82:7b:ff:f7:6e:4c:57:98:52:35:0c:68:28:0e:79:07:8b:
         65:21:9f:0b:d9:81:98:48:de:95:1b:a4:8a:55:e4:b4:8b:8d:
         fe:36:3e:36:45:e7:e8:08:db:ee:ce:5a:6d:1b:ef:fd:90:53:
         87:29:2d:fc:3a:4e:c7:a2:5a:05:5b:28:0d:86:4a:82:1c:0a:
         4c:f9:2a:b0:7a:bc:38:89:0d:22:33:3f:15:8e:2e:76:ca:0e:
         aa:97:f0:c7:ed:06:79:b6:03:84:d4:4b:06:3d:db:e6:a9:06:
         7c:61:d9:04:24:02:a5:78:94:a4:50:1d:7f:94:af:13:ad:b7:
         f2:73:0e:86:ea:e3:cc:09:97:e1:27:8a:9f:48:30:2f:e7:75:
         6a:6d:e3:7f:ea:89:d2:c9:15:f6:12:cb:83:9f:9c:4f:8c:66:
         1c:e2:ae:e9:69:c9:4b:64:4a:15:81:68:1e:5d:95:72:ac:63:
         e0:23:48:7c:99:c9:76:9c:6c:51:ea:08:4c:c3:f6:b2:74:9a:
         b2:52:da:f1:4e:de:c8:08:a4:85:19:c2:70:b7:2c:f4:37:eb:
         30:3e:57:42
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTIj7wnX0KyQHKGZ4A+OCUzrnxH4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI0MTEyNTE0WhcNMjUxMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMzcxOTg0MGQyZGYxM2QwYjRhZDY2ODBkMDk1YTNjY2Mw
ZGY0MTQ5Mjg2MjllZDE4MGJmYTg0ZDNmNzZhNmYwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChjbQ0URl0bD4h7enKHcsnOn0xDkmxVep3L/A2etdE1b8E
U05tSKI1X46dVvLWScbT4PTLYB6Cqy3oN4qgTQzhrM7RIgLD/Dp2R+Mc/eeFEQ2n
dCPWORABTcJB1Q9vYj+uPA7AvfsuTX605W1Yyna+PmCbpAY0wmNfgHNZeD4N+aUM
6LIvjMSRjy8DkI/wR/DdUD9AUtq4IwgHx55IiJIO207IwXl6+qEQJusHyOw9fzoC
ORSn/uiy9Eu3hyp+A4/m2cWyZZWsEMKFArKvJiYwMeT+/vBDZIXUoavVnvetL9zy
C6hAULV1cF5Jt5MTVxF0SKy+D9Ul2uJjoWtlgCfHAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUHd82K5T6KDYID2ag1P0VH/IjNdAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I4YTVjMzNjLTQyMjEtNGQ0NS05MTk2LWMxMjQ5NjUxYzMzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBBCDANBgkqhkiG9w0BAQsFAAOCAQEAiqB6K1lUK/kFVKPcLVbbDBTY56Xt
cC40OWtVjfe9DyatONzRe4J7//duTFeYUjUMaCgOeQeLZSGfC9mBmEjelRukilXk
tIuN/jY+NkXn6Ajb7s5abRvv/ZBThykt/DpOx6JaBVsoDYZKghwKTPkqsHq8OIkN
IjM/FY4udsoOqpfwx+0GebYDhNRLBj3b5qkGfGHZBCQCpXiUpFAdf5SvE6238nMO
hurjzAmX4SeKn0gwL+d1am3jf+qJ0skV9hLLg5+cT4xmHOKu6WnJS2RKFYFoHl2V
cqxj4CNIfJnJdpxsUeoITMP2snSaslLa8U7eyAikhRnCcLcs9DfrMD5XQg==
-----END CERTIFICATE-----