Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbc2b1a5-5365-48b4-affd-3867c265d11a.roa
File:                     bbc2b1a5-5365-48b4-affd-3867c265d11a.roa (raw, json)
Hash identifier:          JKY8vzOnnX1aro3pyx/aW56ritpEl9HejhlUo6Tavpc=
Subject key identifier:   20:EC:89:C0:DF:29:CC:D5:6E:53:F0:2E:C1:7A:80:CB:B0:80:61:2E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7DA19CDC2D6D863A16E5DB0C38F9C671D95B911D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbc2b1a5-5365-48b4-affd-3867c265d11a.roa
Signing time:             Wed 05 Nov 2025 00:30:12 +0000
ROA not before:           Wed 05 Nov 2025 00:30:12 +0000
ROA not after:            Wed 10 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        89.254.8.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:a1:9c:dc:2d:6d:86:3a:16:e5:db:0c:38:f9:c6:71:d9:5b:91:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  5 00:30:12 2025 GMT
            Not After : Dec 10 23:59:59 2025 GMT
        Subject: serialNumber=b639d1e58cadc44f9bfab0680cc761fa5e3fb2880da67ff248eb0ff3a052e8be, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:37:d1:f6:f2:f5:de:6d:71:52:c7:04:6c:78:
                    30:09:1f:4d:0f:e0:c8:54:1c:55:ed:6c:e9:73:41:
                    bc:a8:39:56:67:73:40:01:e6:c7:ea:11:e6:60:be:
                    53:88:c1:3f:ec:d9:2a:d3:6d:c8:86:cf:43:ae:22:
                    fa:15:27:94:a2:2c:e4:68:9a:ae:4c:15:37:56:a2:
                    ad:c8:fd:90:c4:f7:21:ec:bc:0b:af:cf:e6:d6:0f:
                    5d:34:08:71:00:6d:43:39:94:9a:68:d8:a7:7d:dd:
                    67:5e:ca:40:d1:6e:73:9a:0b:7c:1f:af:22:35:a1:
                    3d:ee:fb:62:84:07:ac:55:ed:96:55:de:75:1a:7f:
                    6e:09:e9:5e:5a:74:8b:02:f8:92:8d:6f:26:fe:7a:
                    85:a9:47:17:45:08:3f:27:5b:1c:2d:91:60:08:67:
                    37:bf:4f:d5:cf:be:ee:6b:ca:92:a0:4c:f3:2b:e4:
                    cc:ca:53:09:ee:23:e7:11:7a:91:2f:33:bd:bc:1c:
                    13:10:d9:31:db:08:98:8d:22:2e:16:89:6e:ab:43:
                    53:62:8d:b6:1a:09:fc:fe:b7:bb:42:eb:c5:63:dd:
                    8c:14:aa:ef:b0:37:74:b5:09:54:07:e5:01:0e:aa:
                    36:79:a5:a3:d6:d0:9f:86:07:6b:85:a1:1c:7a:0d:
                    0c:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:EC:89:C0:DF:29:CC:D5:6E:53:F0:2E:C1:7A:80:CB:B0:80:61:2E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbc2b1a5-5365-48b4-affd-3867c265d11a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.254.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1b:d4:08:3a:3e:fe:aa:24:6a:b1:c0:d4:a0:d7:24:05:52:65:
         85:05:13:fc:39:1d:7f:80:9c:8a:e1:73:5d:c8:e9:18:4e:5c:
         9e:2f:d6:88:44:2a:34:aa:fe:82:8f:00:6d:80:c9:76:14:22:
         ce:08:0c:97:c2:36:6b:88:52:72:da:fc:47:1b:f0:74:a5:35:
         47:6a:c9:d9:12:a7:ab:75:b8:08:9a:1c:0a:86:3d:a2:f3:05:
         63:6c:d3:a6:c1:63:3c:fe:0a:96:b5:8f:20:8d:77:74:bc:fc:
         41:5a:de:5f:b2:69:78:8a:ac:6a:cd:2d:4e:6c:22:69:20:45:
         b0:d5:e4:78:08:7d:b1:fa:e1:70:03:f6:e6:1d:d8:60:aa:a3:
         9c:1f:6d:08:5d:c6:90:f2:3d:14:b9:61:4d:b9:80:df:0c:85:
         ca:a8:3e:67:4e:13:b0:e1:ae:c4:c0:40:9e:9c:ea:17:45:15:
         d2:64:34:25:2b:b2:2e:49:cf:9c:c6:ba:76:cc:52:bb:67:1b:
         9a:ad:ac:44:46:84:64:ef:78:90:d4:af:f9:a8:ee:1b:42:32:
         40:02:cc:f5:d1:0e:bf:37:5c:d7:28:ef:21:3d:b5:12:70:84:
         4c:c5:ff:25:b1:ce:3f:26:4a:5a:72:08:3e:08:40:75:3b:ae:
         1e:90:13:92
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfaGc3C1thjoW5dsMOPnGcdlbkR0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA1MDAzMDEyWhcNMjUxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BiNjM5ZDFlNThjYWRjNDRmOWJmYWIwNjgwY2M3NjFmYTVl
M2ZiMjg4MGRhNjdmZjI0OGViMGZmM2EwNTJlOGJlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClN9H28vXebXFSxwRseDAJH00P4MhUHFXtbOlzQbyoOVZn
c0AB5sfqEeZgvlOIwT/s2SrTbciGz0OuIvoVJ5SiLORomq5MFTdWoq3I/ZDE9yHs
vAuvz+bWD100CHEAbUM5lJpo2Kd93WdeykDRbnOaC3wfryI1oT3u+2KEB6xV7ZZV
3nUaf24J6V5adIsC+JKNbyb+eoWpRxdFCD8nWxwtkWAIZze/T9XPvu5rypKgTPMr
5MzKUwnuI+cRepEvM728HBMQ2THbCJiNIi4WiW6rQ1NijbYaCfz+t7tC68Vj3YwU
qu+wN3S1CVQH5QEOqjZ5paPW0J+GB2uFoRx6DQyTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIOyJwN8pzNVuU/AuwXqAy7CAYS4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JiYzJiMWE1LTUzNjUtNDhiNC1hZmZkLTM4NjdjMjY1ZDExYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANZ/ggwDQYJKoZIhvcNAQELBQADggEBABvUCDo+/qokarHA1KDXJAVSZYUF
E/w5HX+AnIrhc13I6RhOXJ4v1ohEKjSq/oKPAG2AyXYUIs4IDJfCNmuIUnLa/Ecb
8HSlNUdqydkSp6t1uAiaHAqGPaLzBWNs06bBYzz+Cpa1jyCNd3S8/EFa3l+yaXiK
rGrNLU5sImkgRbDV5HgIfbH64XAD9uYd2GCqo5wfbQhdxpDyPRS5YU25gN8Mhcqo
PmdOE7DhrsTAQJ6c6hdFFdJkNCUrsi5Jz5zGunbMUrtnG5qtrERGhGTveJDUr/mo
7htCMkACzPXRDr83XNco7yE9tRJwhEzF/yWxzj8mSlpyCD4IQHU7rh6QE5I=
-----END CERTIFICATE-----