Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb19de45-323a-4e77-a9ad-012c92b7c91d.roa
File:                     cb19de45-323a-4e77-a9ad-012c92b7c91d.roa (raw, json)
Hash identifier:          qVkCxkg30uzAxru11JtPZyaYM2WSRMHdJrTK6WjHUDY=
Subject key identifier:   83:06:B1:EF:14:C4:74:EF:78:89:F9:27:2B:50:B2:4B:DF:C2:FE:E4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3DDD2E1026E5ED38A2C83556F4332B38CB890C35
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb19de45-323a-4e77-a9ad-012c92b7c91d.roa
Signing time:             Sun 26 Oct 2025 00:21:07 +0000
ROA not before:           Sun 26 Oct 2025 00:21:07 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        63.246.118.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:dd:2e:10:26:e5:ed:38:a2:c8:35:56:f4:33:2b:38:cb:89:0c:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 00:21:07 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=ea8ce3dc5c1e346125dada1206b8d3c8ff37dbceeb4a3bd3d1aa502c21160def, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:49:52:0a:03:c7:dd:f2:99:56:ce:0a:cc:e1:
                    cf:09:c1:d7:76:11:ef:d8:99:17:ba:22:4b:e8:8b:
                    3a:4c:28:92:14:f3:21:01:e3:97:69:d6:9a:31:ec:
                    44:d2:dd:48:b0:9e:47:e4:80:80:98:5f:76:7b:e4:
                    8c:22:c2:94:dc:ee:d4:b1:db:ae:75:18:e2:b1:8b:
                    f3:5f:0d:45:35:15:84:06:84:85:68:d2:b0:c9:23:
                    47:85:83:83:45:3b:d8:9b:15:11:52:41:4c:fa:64:
                    97:9b:61:7c:6f:44:f3:56:9e:a2:ab:f4:88:e6:14:
                    b3:73:26:ca:69:76:7e:36:86:ec:b4:fd:54:ec:2b:
                    d8:d6:c1:2e:2c:9e:00:02:9a:f2:8a:58:43:98:08:
                    b1:94:d9:49:6c:01:d4:e8:73:97:24:8e:c7:de:59:
                    5a:c0:79:5b:b4:24:9a:c4:20:9c:6a:3b:2b:de:13:
                    d3:f6:96:f0:48:5b:bb:42:06:cf:79:35:f5:ce:cd:
                    df:8a:bf:c5:01:b7:3b:86:03:43:c4:55:36:37:53:
                    b5:1f:c4:89:7d:d6:2a:d1:39:be:d5:62:30:91:9a:
                    0e:5e:99:d3:b5:57:1a:5a:01:43:50:72:eb:c4:d8:
                    30:90:e3:bc:70:00:e8:9a:86:6b:f5:c9:97:75:63:
                    69:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:06:B1:EF:14:C4:74:EF:78:89:F9:27:2B:50:B2:4B:DF:C2:FE:E4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb19de45-323a-4e77-a9ad-012c92b7c91d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  63.246.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:cc:6a:99:23:37:f9:9e:a1:ae:46:83:9a:67:6f:eb:dc:9d:
         37:d2:e5:49:58:a8:9b:85:cf:5f:16:b4:8e:6b:44:5d:e2:3d:
         bf:e3:f1:cf:a2:5c:8a:bb:fc:b6:25:8d:a9:f7:c3:4c:66:69:
         af:30:0d:cc:1b:54:75:b3:7c:de:e3:d7:ef:29:ee:20:87:57:
         3c:af:dc:db:70:32:7c:27:5a:e8:99:fd:89:be:f9:23:b0:9f:
         5c:e3:05:e6:20:c7:42:e1:47:75:79:07:22:5a:58:d3:f4:9f:
         6f:65:ef:04:e3:31:13:d3:a3:7a:c0:3b:ae:24:bb:2d:c1:97:
         bf:22:b5:6d:d6:50:89:c8:cb:65:e5:24:0a:0b:bf:87:b1:74:
         4e:36:f3:10:93:d4:66:12:14:ce:32:5e:a2:d5:d2:6b:f6:07:
         0e:9b:b1:fa:f9:7b:24:3e:33:21:ee:5c:97:86:2b:5c:ff:c5:
         0e:9b:d8:22:c3:fa:0f:08:10:be:18:3c:39:a9:40:2d:68:df:
         c2:8f:9d:89:7c:24:1c:c8:ed:76:7a:39:b4:17:6f:c8:cd:04:
         3f:6d:26:51:f7:bc:a6:9d:0a:45:e4:a9:01:a4:44:15:a5:5f:
         e0:11:84:15:21:fd:22:30:f1:00:5b:24:1b:ae:70:a2:81:ca:
         0a:e9:1d:59
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPd0uECbl7TiiyDVW9DMrOMuJDDUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDAyMTA3WhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlYThjZTNkYzVjMWUzNDYxMjVkYWRhMTIwNmI4ZDNjOGZm
MzdkYmNlZWI0YTNiZDNkMWFhNTAyYzIxMTYwZGVmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrSVIKA8fd8plWzgrM4c8Jwdd2Ee/YmRe6IkvoizpMKJIU
8yEB45dp1pox7ETS3UiwnkfkgICYX3Z75IwiwpTc7tSx2651GOKxi/NfDUU1FYQG
hIVo0rDJI0eFg4NFO9ibFRFSQUz6ZJebYXxvRPNWnqKr9IjmFLNzJsppdn42huy0
/VTsK9jWwS4sngACmvKKWEOYCLGU2UlsAdToc5ckjsfeWVrAeVu0JJrEIJxqOyve
E9P2lvBIW7tCBs95NfXOzd+Kv8UBtzuGA0PEVTY3U7UfxIl91irROb7VYjCRmg5e
mdO1VxpaAUNQcuvE2DCQ47xwAOiahmv1yZd1Y2kZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgwax7xTEdO94ifknK1CyS9/C/uQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NiMTlkZTQ1LTMyM2EtNGU3Ny1hOWFkLTAxMmM5MmI3YzkxZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA/9nYwDQYJKoZIhvcNAQELBQADggEBACnMapkjN/meoa5Gg5pnb+vcnTfS
5UlYqJuFz18WtI5rRF3iPb/j8c+iXIq7/LYljan3w0xmaa8wDcwbVHWzfN7j1+8p
7iCHVzyv3NtwMnwnWuiZ/Ym++SOwn1zjBeYgx0LhR3V5ByJaWNP0n29l7wTjMRPT
o3rAO64kuy3Bl78itW3WUInIy2XlJAoLv4exdE428xCT1GYSFM4yXqLV0mv2Bw6b
sfr5eyQ+MyHuXJeGK1z/xQ6b2CLD+g8IEL4YPDmpQC1o38KPnYl8JBzI7XZ6ObQX
b8jNBD9tJlH3vKadCkXkqQGkRBWlX+ARhBUh/SIw8QBbJBuucKKBygrpHVk=
-----END CERTIFICATE-----