Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d3c7c37e-fdc7-46c9-b004-05f7efea867a.roa
File:                     d3c7c37e-fdc7-46c9-b004-05f7efea867a.roa (raw, json)
Hash identifier:          I2+a1RKI+51pVXT5wZjoMzMnTolZiai2Qc9vFwwjHpM=
Subject key identifier:   99:45:D5:A3:17:85:DA:9F:07:FE:29:6E:6C:89:CC:C7:02:C9:F4:10
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       45FDAEE1BABA401D35E95D356D8AA8293218D043
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d3c7c37e-fdc7-46c9-b004-05f7efea867a.roa
Signing time:             Sun 26 Oct 2025 00:30:53 +0000
ROA not before:           Sun 26 Oct 2025 00:30:53 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:fd:ae:e1:ba:ba:40:1d:35:e9:5d:35:6d:8a:a8:29:32:18:d0:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 00:30:53 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=0b90bafb80ece1cf3b0cc19702e11d77c89c9b75791236daf3164dccae744139, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b6:c3:69:c2:f9:b1:20:d6:c0:f6:5f:e3:b2:
                    c8:48:55:0b:55:a4:84:89:13:fe:05:cc:2d:e8:32:
                    b1:28:5a:7c:3e:19:bc:d1:a6:26:1c:7c:55:88:05:
                    d2:01:f4:01:65:00:f4:79:e9:dd:cb:38:fa:6d:4d:
                    ae:95:05:72:33:4c:58:e7:03:1a:99:31:f9:5b:02:
                    9f:6c:6b:19:a7:f7:45:8a:e0:31:f5:e7:17:29:32:
                    3f:d8:f9:e1:b5:72:35:c1:e4:4b:2a:07:6f:e6:0a:
                    4e:68:39:f4:43:c1:a0:94:74:d3:d3:fe:cf:00:c6:
                    5e:40:8e:d3:27:b0:87:03:a0:60:7a:3f:e3:01:21:
                    2a:b3:ef:e4:3c:74:65:1b:39:17:36:8d:83:3f:de:
                    24:53:56:a3:a2:1c:3a:aa:f6:75:ad:39:50:99:d1:
                    0b:43:47:22:34:03:7d:5e:ff:8a:67:b4:88:c6:2d:
                    44:ed:78:5d:d0:5e:e3:b0:23:f1:62:49:9d:d7:c1:
                    1d:61:57:1f:5b:f8:52:22:6c:d9:33:ae:37:90:2b:
                    3e:66:58:06:d8:fe:fa:d7:79:81:ba:36:15:2c:ab:
                    f5:ca:38:50:e1:f4:a3:61:d9:65:65:ca:49:bb:52:
                    fc:3a:3c:7d:6a:00:fd:26:b1:c9:81:9f:ee:9f:cd:
                    47:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:45:D5:A3:17:85:DA:9F:07:FE:29:6E:6C:89:CC:C7:02:C9:F4:10
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d3c7c37e-fdc7-46c9-b004-05f7efea867a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:40:d9:4e:c0:1d:dd:16:0e:63:58:34:e3:8b:29:d3:f0:df:
         a0:6c:63:ba:c4:d8:75:a8:bd:e8:ef:a4:58:6c:3f:3f:7e:15:
         6f:76:cd:4e:48:d0:52:e7:3c:e6:43:7b:bf:16:01:fc:a1:e8:
         4e:04:f4:04:9d:90:f3:82:c0:26:66:56:92:ad:a8:88:72:3e:
         e0:89:59:87:22:ee:76:8d:f9:d4:8b:c0:8d:5f:cd:7b:22:98:
         54:e4:ae:e5:86:84:27:78:ee:9c:1b:26:43:7e:aa:c0:1f:65:
         51:5a:d7:77:c0:2e:10:06:bb:e1:1d:22:13:09:14:82:9a:87:
         cb:5e:dc:94:30:02:35:1c:2a:f2:79:11:98:4e:27:36:62:f3:
         35:94:d0:c7:7a:bd:b2:81:5d:ab:10:1e:04:83:f2:bb:1d:a1:
         a5:3e:8d:44:60:a8:e9:61:60:08:46:9f:27:e1:32:84:11:b0:
         c8:7f:45:fa:99:20:09:8a:f9:8a:1f:0e:10:31:68:7a:74:08:
         49:b7:b3:d8:c7:73:ff:a9:97:0d:e6:df:99:15:a2:09:0f:0b:
         9f:42:f2:00:92:de:5c:d2:e4:94:de:e6:9b:60:85:43:49:fd:
         36:68:90:4c:0d:a0:6d:d7:cb:b4:22:ae:19:5a:47:ca:45:e0:
         6f:2b:35:a7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURf2u4bq6QB016V01bYqoKTIY0EMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDAzMDUzWhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYjkwYmFmYjgwZWNlMWNmM2IwY2MxOTcwMmUxMWQ3N2M4
OWM5Yjc1NzkxMjM2ZGFmMzE2NGRjY2FlNzQ0MTM5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDtsNpwvmxINbA9l/jsshIVQtVpISJE/4FzC3oMrEoWnw+
GbzRpiYcfFWIBdIB9AFlAPR56d3LOPptTa6VBXIzTFjnAxqZMflbAp9saxmn90WK
4DH15xcpMj/Y+eG1cjXB5EsqB2/mCk5oOfRDwaCUdNPT/s8Axl5AjtMnsIcDoGB6
P+MBISqz7+Q8dGUbORc2jYM/3iRTVqOiHDqq9nWtOVCZ0QtDRyI0A31e/4pntIjG
LUTteF3QXuOwI/FiSZ3XwR1hVx9b+FIibNkzrjeQKz5mWAbY/vrXeYG6NhUsq/XK
OFDh9KNh2WVlykm7Uvw6PH1qAP0mscmBn+6fzUenAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmUXVoxeF2p8H/ilubInMxwLJ9BAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QzYzdjMzdlLWZkYzctNDZjOS1iMDA0LTA1ZjdlZmVhODY3YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/HgwDQYJKoZIhvcNAQELBQADggEBAHFA2U7AHd0WDmNYNOOLKdPw36Bs
Y7rE2HWovejvpFhsPz9+FW92zU5I0FLnPOZDe78WAfyh6E4E9ASdkPOCwCZmVpKt
qIhyPuCJWYci7naN+dSLwI1fzXsimFTkruWGhCd47pwbJkN+qsAfZVFa13fALhAG
u+EdIhMJFIKah8te3JQwAjUcKvJ5EZhOJzZi8zWU0Md6vbKBXasQHgSD8rsdoaU+
jURgqOlhYAhGnyfhMoQRsMh/RfqZIAmK+YofDhAxaHp0CEm3s9jHc/+plw3m35kV
ogkPC59C8gCS3lzS5JTe5ptghUNJ/TZokEwNoG3Xy7QirhlaR8pF4G8rNac=
-----END CERTIFICATE-----