Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d2526c3a-77ad-4669-af27-f2171d468d2d.roa
File:                     d2526c3a-77ad-4669-af27-f2171d468d2d.roa (raw, json)
Hash identifier:          dIaahQQHmNxL2ZV6l+Wc0WyYzJSdXJFuht1aOw6Uok8=
Subject key identifier:   2B:CF:18:56:DF:F8:3E:5D:8C:2B:41:FC:08:83:17:C0:AF:3A:3F:19
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5E81B37CBD855BA17777ABB0361AF35F4DDFAB43
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d2526c3a-77ad-4669-af27-f2171d468d2d.roa
Signing time:             Wed 22 Oct 2025 00:10:57 +0000
ROA not before:           Wed 22 Oct 2025 00:10:57 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        63.246.116.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:81:b3:7c:bd:85:5b:a1:77:77:ab:b0:36:1a:f3:5f:4d:df:ab:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:10:57 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=05cf5d3b603c16f40c6ae2cd98f5e83e2ddff63eb861eab41923fa0f1f0ec3f8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:42:50:bf:b4:74:73:fb:28:a8:7f:f3:01:c1:
                    52:6b:81:2b:e2:e3:13:db:d8:b7:6e:46:35:ee:2f:
                    89:5f:fe:a3:52:8f:f5:a3:fb:4b:11:b3:03:88:c5:
                    95:17:d9:f0:76:ed:e8:b1:0a:7d:ad:43:10:51:34:
                    37:77:ca:1b:da:1f:ae:78:ed:69:6d:65:59:49:9a:
                    a0:71:4a:15:5c:3d:11:ca:84:3d:1b:3d:9a:68:aa:
                    02:87:f9:38:57:8c:ff:0a:3b:3f:7e:80:bf:dc:76:
                    7a:78:5a:6c:c7:0a:23:1a:29:11:c2:28:08:40:01:
                    df:62:5e:b5:ab:46:49:9f:e1:48:0f:63:eb:c4:b0:
                    f0:75:79:73:fa:06:26:79:15:6d:8d:e9:5d:a7:b0:
                    9e:bf:ea:88:bc:c0:90:df:ad:84:63:d7:d9:64:24:
                    b5:2d:0e:cf:05:39:fa:98:33:75:a4:76:de:f7:58:
                    8d:c5:cf:18:c5:d9:1f:84:a9:96:59:5f:3f:f8:62:
                    c8:87:07:43:b3:24:dd:91:d6:57:29:e3:d3:bd:78:
                    3e:65:f9:3f:de:8b:39:5c:da:af:62:44:80:f0:75:
                    9b:f1:42:bc:ba:a2:a1:e1:7e:dc:c5:9e:3d:de:06:
                    d5:77:e1:0d:6b:f4:db:5e:9e:bd:1d:1f:81:eb:2b:
                    ae:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:CF:18:56:DF:F8:3E:5D:8C:2B:41:FC:08:83:17:C0:AF:3A:3F:19
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d2526c3a-77ad-4669-af27-f2171d468d2d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  63.246.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:1b:bd:57:7a:85:26:75:5a:49:db:70:11:9f:18:7c:4b:9e:
         51:cb:10:01:86:72:ef:0f:2d:15:40:5c:9b:9d:b6:db:7d:0d:
         8b:22:3f:4c:26:20:08:3c:7e:50:66:71:c9:24:49:50:c2:d4:
         de:e2:9c:3a:32:29:41:44:c9:28:1a:3d:b6:73:ff:08:ad:28:
         4a:fe:47:b8:23:66:90:cc:7e:4f:0b:57:5e:39:40:db:30:6f:
         50:54:df:e4:60:4f:1e:64:f9:2b:54:86:3b:9e:b0:7d:81:a6:
         7e:f6:df:17:4b:ff:30:c4:56:be:df:93:da:be:8a:58:38:6c:
         af:47:4b:10:50:f8:96:46:c8:75:26:78:80:1f:1a:19:a5:d4:
         61:4b:c1:76:a5:37:5e:ae:17:55:3a:4d:dc:1b:88:62:20:82:
         02:25:98:b7:a5:70:34:11:d7:66:02:b6:e5:4f:69:8f:29:61:
         58:98:69:ef:31:28:92:72:4b:eb:38:b3:b8:cf:d1:21:80:80:
         a3:f9:fd:43:64:8f:d4:ff:1c:97:c5:39:0b:34:36:3b:27:9b:
         76:a3:6f:79:32:ca:71:1a:4b:89:77:cc:20:21:ef:66:5a:39:
         a2:28:71:1b:44:72:be:cf:63:51:15:ce:12:c9:7a:a5:b9:3f:
         2f:75:e9:fe
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXoGzfL2FW6F3d6uwNhrzX03fq0MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAxMDU3WhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNWNmNWQzYjYwM2MxNmY0MGM2YWUyY2Q5OGY1ZTgzZTJk
ZGZmNjNlYjg2MWVhYjQxOTIzZmEwZjFmMGVjM2Y4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0QlC/tHRz+yiof/MBwVJrgSvi4xPb2LduRjXuL4lf/qNS
j/Wj+0sRswOIxZUX2fB27eixCn2tQxBRNDd3yhvaH6547WltZVlJmqBxShVcPRHK
hD0bPZpoqgKH+ThXjP8KOz9+gL/cdnp4WmzHCiMaKRHCKAhAAd9iXrWrRkmf4UgP
Y+vEsPB1eXP6BiZ5FW2N6V2nsJ6/6oi8wJDfrYRj19lkJLUtDs8FOfqYM3Wkdt73
WI3FzxjF2R+EqZZZXz/4YsiHB0OzJN2R1lcp49O9eD5l+T/eizlc2q9iRIDwdZvx
Qry6oqHhftzFnj3eBtV34Q1r9Ntenr0dH4HrK67HAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUK88YVt/4Pl2MK0H8CIMXwK86PxkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QyNTI2YzNhLTc3YWQtNDY2OS1hZjI3LWYyMTcxZDQ2OGQyZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA/9nQwDQYJKoZIhvcNAQELBQADggEBAHgbvVd6hSZ1WknbcBGfGHxLnlHL
EAGGcu8PLRVAXJudttt9DYsiP0wmIAg8flBmcckkSVDC1N7inDoyKUFEySgaPbZz
/witKEr+R7gjZpDMfk8LV145QNswb1BU3+RgTx5k+StUhjuesH2Bpn723xdL/zDE
Vr7fk9q+ilg4bK9HSxBQ+JZGyHUmeIAfGhml1GFLwXalN16uF1U6TdwbiGIgggIl
mLelcDQR12YCtuVPaY8pYViYae8xKJJyS+s4s7jP0SGAgKP5/UNkj9T/HJfFOQs0
Njsnm3ajb3kyynEaS4l3zCAh72ZaOaIocRtEcr7PY1EVzhLJeqW5Py916f4=
-----END CERTIFICATE-----