Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/be837a1b-32c4-49b1-9b20-3b8e4d8e0724.roa
File:                     be837a1b-32c4-49b1-9b20-3b8e4d8e0724.roa (raw, json)
Hash identifier:          HTHiYe83NIVLLlv23hkbEk87XslooGBh578woYEClOw=
Subject key identifier:   B5:51:9C:D1:DB:EF:08:30:97:E8:D3:D7:C1:9D:AB:44:20:7E:AE:BE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       28C75BBD02AE8C8242272677F81212273D1B0172
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/be837a1b-32c4-49b1-9b20-3b8e4d8e0724.roa
Signing time:             Sat 01 Nov 2025 00:51:39 +0000
ROA not before:           Sat 01 Nov 2025 00:51:39 +0000
ROA not after:            Sat 06 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        209.86.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:c7:5b:bd:02:ae:8c:82:42:27:26:77:f8:12:12:27:3d:1b:01:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  1 00:51:39 2025 GMT
            Not After : Dec  6 23:59:59 2025 GMT
        Subject: serialNumber=d561dc85004a62a6b36de0e1c16ee1a6fbb1679849f619f19cfc92f8cb74af75, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:c3:c7:3b:0e:cc:b2:b8:5f:c4:82:f2:4b:c2:
                    2c:d3:7e:05:05:18:e1:7e:05:ad:2a:ff:b3:a6:26:
                    e2:92:c3:9d:e5:0c:97:34:96:37:7b:ea:b4:31:8e:
                    31:4c:9c:7c:3d:6a:cf:8b:b4:0d:e8:b2:23:05:6f:
                    27:67:9e:2c:05:bb:64:1a:05:d5:e7:a3:ec:b6:42:
                    37:a5:3f:ae:e9:a3:78:14:b2:87:60:91:db:a7:90:
                    b1:c3:16:96:35:51:13:50:5d:ee:44:91:01:61:96:
                    47:58:4d:03:21:0a:b1:25:bd:dc:65:99:c0:d1:36:
                    1e:93:78:3a:56:51:61:9e:85:6c:c5:78:32:b0:51:
                    b7:42:b1:0c:3a:40:57:34:ab:17:ad:67:8c:81:12:
                    1d:bb:c6:3c:ba:e2:9a:c7:9c:37:99:5e:0d:f7:d2:
                    aa:ab:46:64:76:8b:9b:ed:12:09:87:8a:e5:11:b6:
                    e1:6e:89:b2:30:3e:66:02:9a:f1:f8:c2:74:d1:e9:
                    94:a2:ae:75:2f:0b:4c:10:38:fa:c2:78:0d:52:76:
                    46:6d:65:95:27:77:b5:87:e9:04:69:15:52:ba:a8:
                    1a:4f:b0:b6:82:01:71:68:12:d7:2c:2c:c3:59:7f:
                    73:9a:10:40:99:2c:14:48:1b:c1:50:86:fb:9f:dd:
                    6f:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:51:9C:D1:DB:EF:08:30:97:E8:D3:D7:C1:9D:AB:44:20:7E:AE:BE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/be837a1b-32c4-49b1-9b20-3b8e4d8e0724.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.86.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         44:e4:64:9f:1b:74:97:cc:43:d9:a1:c1:41:f9:58:12:a4:b0:
         bf:1b:34:be:c3:f4:ce:bf:a0:60:0d:41:67:87:43:e8:e5:3c:
         fe:6b:26:36:cd:b5:8f:74:f7:b2:34:2e:f0:88:0d:ea:19:20:
         17:e4:56:74:e5:e8:40:2d:72:63:6e:3c:3d:12:0a:31:a7:90:
         85:e9:40:84:d3:d2:f9:b8:da:97:c2:cb:c4:ff:5d:09:bd:3e:
         6f:05:e6:6e:8d:bf:99:fa:13:68:01:d3:ec:5e:f0:bc:9f:21:
         d3:1f:7e:8b:c3:06:90:0c:90:41:92:46:ca:a8:10:da:9f:03:
         b1:0c:96:0a:97:ce:16:e4:7c:7f:b2:bf:82:83:d3:21:55:6c:
         b4:a1:e0:81:7c:38:cd:5f:fa:6d:18:e5:ca:44:74:a0:08:90:
         df:d4:d7:eb:3b:50:70:4a:63:d8:63:45:ec:c4:88:72:4b:33:
         71:ab:87:48:d1:e4:0c:68:28:ca:21:5a:88:b6:68:6a:5a:12:
         be:c8:1f:a4:e9:66:8c:85:72:48:00:cf:9d:f9:b1:e4:a5:fd:
         1e:17:c3:01:fd:09:1e:7a:68:a5:44:98:6b:3c:1d:32:79:0f:
         65:f2:1a:40:70:1f:ee:25:d4:5d:42:88:9a:44:4e:c7:ca:0c:
         ba:08:a0:f8
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUKMdbvQKujIJCJyZ3+BISJz0bAXIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAxMDA1MTM5WhcNMjUxMjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNTYxZGM4NTAwNGE2MmE2YjM2ZGUwZTFjMTZlZTFhNmZi
YjE2Nzk4NDlmNjE5ZjE5Y2ZjOTJmOGNiNzRhZjc1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcw8c7DsyyuF/EgvJLwizTfgUFGOF+Ba0q/7OmJuKSw53l
DJc0ljd76rQxjjFMnHw9as+LtA3osiMFbydnniwFu2QaBdXno+y2QjelP67po3gU
sodgkdunkLHDFpY1URNQXe5EkQFhlkdYTQMhCrElvdxlmcDRNh6TeDpWUWGehWzF
eDKwUbdCsQw6QFc0qxetZ4yBEh27xjy64prHnDeZXg330qqrRmR2i5vtEgmHiuUR
tuFuibIwPmYCmvH4wnTR6ZSirnUvC0wQOPrCeA1SdkZtZZUnd7WH6QRpFVK6qBpP
sLaCAXFoEtcsLMNZf3OaEECZLBRIG8FQhvuf3W+/AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUtVGc0dvvCDCX6NPXwZ2rRCB+rr4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JlODM3YTFiLTMyYzQtNDliMS05YjIwLTNiOGU0ZDhlMDcyNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwDRVjANBgkqhkiG9w0BAQsFAAOCAQEARORknxt0l8xD2aHBQflYEqSwvxs0
vsP0zr+gYA1BZ4dD6OU8/msmNs21j3T3sjQu8IgN6hkgF+RWdOXoQC1yY248PRIK
MaeQhelAhNPS+bjal8LLxP9dCb0+bwXmbo2/mfoTaAHT7F7wvJ8h0x9+i8MGkAyQ
QZJGyqgQ2p8DsQyWCpfOFuR8f7K/goPTIVVstKHggXw4zV/6bRjlykR0oAiQ39TX
6ztQcEpj2GNF7MSIckszcauHSNHkDGgoyiFaiLZoaloSvsgfpOlmjIVySADPnfmx
5KX9HhfDAf0JHnpopUSYazwdMnkPZfIaQHAf7iXUXUKImkROx8oMugig+A==
-----END CERTIFICATE-----