Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d3a1c600-199e-451d-b216-427176bb5382.roa
File:                     d3a1c600-199e-451d-b216-427176bb5382.roa (raw, json)
Hash identifier:          vfyNNd6LW1kBj9jPF2E0D1DjPkfAJNrRHMAt2GEshnE=
Subject key identifier:   47:B7:2F:B6:6F:9B:E4:F2:C2:23:C1:9B:31:C2:A6:6B:10:EF:47:73
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7F2F07E7893555B6DDAA21A5F2ADCA268895E2EB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d3a1c600-199e-451d-b216-427176bb5382.roa
Signing time:             Wed 05 Nov 2025 00:31:37 +0000
ROA not before:           Wed 05 Nov 2025 00:31:37 +0000
ROA not after:            Wed 10 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        69.0.220.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:2f:07:e7:89:35:55:b6:dd:aa:21:a5:f2:ad:ca:26:88:95:e2:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  5 00:31:37 2025 GMT
            Not After : Dec 10 23:59:59 2025 GMT
        Subject: serialNumber=77b90a433fa3ba6d99892fedce83949546024c59551c29b8e7b5b986f0dd408c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a9:fd:04:ee:c4:4d:77:40:fc:04:96:4a:ac:
                    a5:04:52:d3:f8:cf:61:c0:e3:04:9d:f4:ff:fb:f8:
                    eb:8c:dd:87:3a:29:65:70:8b:d5:ae:e1:15:f8:b5:
                    a2:2f:eb:90:67:eb:9c:de:e3:98:10:6a:ed:5a:3d:
                    ec:21:6b:5b:2f:82:b3:17:60:c6:59:65:7d:7d:5c:
                    45:b2:b0:79:7e:b1:aa:7c:ba:0e:80:58:80:7a:4b:
                    f2:5d:82:99:dc:26:59:50:a4:89:c7:ea:05:d1:eb:
                    57:2d:d4:7c:f4:c4:9c:b5:22:c9:3b:ab:fa:34:8a:
                    84:6a:bb:b3:df:d9:74:8d:ab:ff:1b:dc:7c:dc:c9:
                    01:e3:69:e2:cd:bd:a6:ff:dc:72:f9:f6:e6:66:57:
                    1c:82:16:56:1b:99:19:68:34:73:74:4e:08:df:9e:
                    78:98:60:46:60:4a:19:26:46:92:67:1b:14:ff:66:
                    c8:0f:a1:72:ea:65:a9:98:67:ab:69:79:24:08:ef:
                    ae:b3:b1:fe:83:4b:56:f4:aa:4a:e4:91:fa:4a:7d:
                    a8:12:33:7d:23:1f:25:60:02:a1:8d:e6:e3:7a:18:
                    d3:84:17:e5:71:74:d8:9a:87:e8:7d:c8:75:2b:99:
                    4e:21:66:d3:7a:12:8d:f3:b5:f0:01:a8:65:7e:ee:
                    1b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:B7:2F:B6:6F:9B:E4:F2:C2:23:C1:9B:31:C2:A6:6B:10:EF:47:73
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d3a1c600-199e-451d-b216-427176bb5382.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.0.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:1a:d4:64:c0:c3:25:7b:25:e1:ac:5e:79:ee:ed:5b:90:80:
         7a:d6:20:e3:84:32:18:95:ae:3a:e3:49:a9:11:c9:7b:ee:b8:
         0d:86:ee:21:fb:e4:10:67:9e:73:df:27:a6:68:39:ee:25:5f:
         46:6c:cd:20:be:f1:93:e1:10:3f:d2:5a:23:2f:e5:e1:fd:45:
         87:13:34:89:9e:49:ed:62:93:8d:7d:ec:f4:93:d8:d1:9e:e2:
         f2:9e:be:15:64:68:f6:da:64:61:76:e4:b4:f1:f9:20:a2:34:
         2d:5c:ed:bd:f3:47:dd:a2:a5:ab:b0:25:ee:e7:0b:64:a5:f8:
         cd:3a:3a:e1:a1:4e:70:e2:f4:01:16:62:bd:e9:f0:e0:2e:8c:
         40:be:9f:6c:53:ca:db:c5:88:59:3e:6f:0c:6c:b6:62:aa:5b:
         d7:6d:75:0a:a3:13:bc:5e:a9:e8:85:f2:81:fb:2b:26:df:3b:
         37:42:4c:a7:7b:aa:59:4e:73:b0:b6:53:c5:93:72:21:f4:4d:
         55:42:9f:74:6e:9f:d7:b8:ea:24:18:20:5e:57:f1:24:a0:a5:
         f0:7f:13:bc:78:64:e0:e4:14:fc:18:52:b9:7d:aa:d6:4c:9f:
         3b:fe:59:bc:f8:8a:84:ad:75:d1:54:15:e7:84:d9:56:7d:02:
         59:65:56:8f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfy8H54k1VbbdqiGl8q3KJoiV4uswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA1MDAzMTM3WhcNMjUxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3N2I5MGE0MzNmYTNiYTZkOTk4OTJmZWRjZTgzOTQ5NTQ2
MDI0YzU5NTUxYzI5YjhlN2I1Yjk4NmYwZGQ0MDhjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvqf0E7sRNd0D8BJZKrKUEUtP4z2HA4wSd9P/7+OuM3Yc6
KWVwi9Wu4RX4taIv65Bn65ze45gQau1aPewha1svgrMXYMZZZX19XEWysHl+sap8
ug6AWIB6S/JdgpncJllQpInH6gXR61ct1Hz0xJy1Isk7q/o0ioRqu7Pf2XSNq/8b
3HzcyQHjaeLNvab/3HL59uZmVxyCFlYbmRloNHN0TgjfnniYYEZgShkmRpJnGxT/
ZsgPoXLqZamYZ6tpeSQI766zsf6DS1b0qkrkkfpKfagSM30jHyVgAqGN5uN6GNOE
F+VxdNiah+h9yHUrmU4hZtN6Eo3ztfABqGV+7hszAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUR7cvtm+b5PLCI8GbMcKmaxDvR3MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QzYTFjNjAwLTE5OWUtNDUxZC1iMjE2LTQyNzE3NmJiNTM4Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJFANwwDQYJKoZIhvcNAQELBQADggEBABUa1GTAwyV7JeGsXnnu7VuQgHrW
IOOEMhiVrjrjSakRyXvuuA2G7iH75BBnnnPfJ6ZoOe4lX0ZszSC+8ZPhED/SWiMv
5eH9RYcTNImeSe1ik4197PST2NGe4vKevhVkaPbaZGF25LTx+SCiNC1c7b3zR92i
pauwJe7nC2Sl+M06OuGhTnDi9AEWYr3p8OAujEC+n2xTytvFiFk+bwxstmKqW9dt
dQqjE7xeqeiF8oH7KybfOzdCTKd7qllOc7C2U8WTciH0TVVCn3Run9e46iQYIF5X
8SSgpfB/E7x4ZODkFPwYUrl9qtZMnzv+Wbz4ioStddFUFeeE2VZ9AlllVo8=
-----END CERTIFICATE-----