Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c4b68d99-38f8-4e40-b69d-a58254fd3e25.roa
File:                     c4b68d99-38f8-4e40-b69d-a58254fd3e25.roa (raw, json)
Hash identifier:          /ESosAhM6EFKpTwwl2rnsmbzypUtf7PsiGSibTHPhQ0=
Subject key identifier:   41:AE:FE:3C:11:FB:D5:F0:C1:22:A7:DE:A2:78:86:A2:10:6E:16:A4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       666425971DF8E718E332ED6600A51971C1B770DA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c4b68d99-38f8-4e40-b69d-a58254fd3e25.roa
Signing time:             Wed 05 Nov 2025 00:30:16 +0000
ROA not before:           Wed 05 Nov 2025 00:30:16 +0000
ROA not after:            Wed 10 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.190.145.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:64:25:97:1d:f8:e7:18:e3:32:ed:66:00:a5:19:71:c1:b7:70:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  5 00:30:16 2025 GMT
            Not After : Dec 10 23:59:59 2025 GMT
        Subject: serialNumber=c853787d853019ffed0b1a6617a3c2bb3c82105f8add8556da8836ec2e9f8a66, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:9c:b6:53:f1:11:a9:e5:05:78:3a:61:68:57:
                    78:07:97:de:c1:61:7e:ed:1c:32:3f:89:8f:92:90:
                    6b:53:60:f6:95:c4:46:8b:4c:8c:f9:af:72:17:ca:
                    e4:6a:3e:3f:2f:35:ed:c7:89:9f:34:f4:37:d5:9b:
                    a8:9a:74:3f:32:e6:1d:f4:ab:16:12:4c:0e:63:0b:
                    77:da:ec:5f:2c:be:a3:42:cb:d0:6c:d4:ad:69:63:
                    e3:0c:3f:3a:c9:39:93:12:93:c4:f8:b0:1b:bd:07:
                    5e:fa:2d:bb:e3:83:1b:79:ed:a3:21:49:e2:41:ba:
                    9d:ab:07:fd:0e:27:c2:4c:5e:c1:72:81:9e:8d:92:
                    74:8f:08:88:32:0b:e9:85:f0:54:c5:b5:86:2f:72:
                    b4:e5:03:4e:1f:93:3f:1e:fd:10:fe:98:70:e2:d5:
                    91:3b:4c:10:db:15:82:f6:6d:9b:0c:c7:3f:20:87:
                    77:24:00:56:dc:60:ee:e0:f9:53:40:ac:fc:b6:9c:
                    80:12:83:49:8e:85:51:df:24:5d:c9:b0:96:da:ae:
                    4f:3f:f1:a3:cd:2b:29:27:0f:e0:e2:77:a1:fc:9a:
                    f3:25:50:70:02:be:ea:4c:db:d2:83:1d:e3:fa:f7:
                    42:6c:e7:21:a9:48:77:74:da:44:48:e6:f5:08:2e:
                    74:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:AE:FE:3C:11:FB:D5:F0:C1:22:A7:DE:A2:78:86:A2:10:6E:16:A4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c4b68d99-38f8-4e40-b69d-a58254fd3e25.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.190.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:38:25:14:a6:c3:5d:8c:d1:fa:c5:1f:98:7e:cf:e6:54:d2:
         ea:9b:68:f6:bb:2e:99:98:e1:e0:5d:d8:87:90:c4:7c:fc:27:
         fa:18:59:12:4d:26:06:ec:89:19:2c:9c:66:90:52:dc:62:dc:
         6e:e6:76:f0:52:1d:e9:10:77:f6:a9:49:bc:5a:ec:96:0c:74:
         a7:72:51:63:58:42:6e:d8:ae:cb:0e:3a:63:1e:a8:90:67:75:
         e4:a3:e7:61:b4:7b:54:ef:05:8d:3a:08:4d:20:a1:af:f3:19:
         70:01:2a:89:85:5e:bd:c6:ef:6d:c1:34:cc:f2:98:5e:64:24:
         d4:aa:a4:51:94:8e:be:b4:3b:0b:4c:d2:9a:77:dc:bf:c4:78:
         b2:15:05:52:13:6c:81:51:08:2f:85:a7:b9:a6:9b:a3:d2:b6:
         5b:40:b1:54:a6:f3:b0:18:1d:a4:53:03:65:e2:9b:71:c0:99:
         9e:51:4b:14:f5:73:62:3f:af:61:3c:4b:1c:2e:2a:3c:68:83:
         25:92:74:e4:be:fc:d3:1c:0a:ff:9d:17:36:a1:e3:6e:6a:b2:
         19:e0:aa:4a:0a:07:b3:a7:88:94:d6:94:77:31:56:7a:d6:cc:
         9c:68:e7:c2:0e:89:02:52:7b:e5:6b:bb:74:73:7b:40:58:87:
         89:1c:05:a6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZmQllx345xjjMu1mAKUZccG3cNowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA1MDAzMDE2WhcNMjUxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BjODUzNzg3ZDg1MzAxOWZmZWQwYjFhNjYxN2EzYzJiYjNj
ODIxMDVmOGFkZDg1NTZkYTg4MzZlYzJlOWY4YTY2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwnLZT8RGp5QV4OmFoV3gHl97BYX7tHDI/iY+SkGtTYPaV
xEaLTIz5r3IXyuRqPj8vNe3HiZ809DfVm6iadD8y5h30qxYSTA5jC3fa7F8svqNC
y9Bs1K1pY+MMPzrJOZMSk8T4sBu9B176Lbvjgxt57aMhSeJBup2rB/0OJ8JMXsFy
gZ6NknSPCIgyC+mF8FTFtYYvcrTlA04fkz8e/RD+mHDi1ZE7TBDbFYL2bZsMxz8g
h3ckAFbcYO7g+VNArPy2nIASg0mOhVHfJF3JsJbark8/8aPNKyknD+Did6H8mvMl
UHACvupM29KDHeP690Js5yGpSHd02kRI5vUILnSZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQa7+PBH71fDBIqfeoniGohBuFqQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M0YjY4ZDk5LTM4ZjgtNGU0MC1iNjlkLWE1ODI1NGZkM2UyNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABAvpEwDQYJKoZIhvcNAQELBQADggEBAGQ4JRSmw12M0frFH5h+z+ZU0uqb
aPa7LpmY4eBd2IeQxHz8J/oYWRJNJgbsiRksnGaQUtxi3G7mdvBSHekQd/apSbxa
7JYMdKdyUWNYQm7YrssOOmMeqJBndeSj52G0e1TvBY06CE0goa/zGXABKomFXr3G
723BNMzymF5kJNSqpFGUjr60OwtM0pp33L/EeLIVBVITbIFRCC+Fp7mmm6PStltA
sVSm87AYHaRTA2Xim3HAmZ5RSxT1c2I/r2E8SxwuKjxogyWSdOS+/NMcCv+dFzah
425qshngqkoKB7OniJTWlHcxVnrWzJxo58IOiQJSe+Vru3Rze0BYh4kcBaY=
-----END CERTIFICATE-----