Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/de7b8e0a-a109-43f5-8ea8-973c8c0c5cee.roa
File:                     de7b8e0a-a109-43f5-8ea8-973c8c0c5cee.roa (raw, json)
Hash identifier:          dYlU2PPi7OAHQPkLwUcZ4E17V66yd5A0tsh76T2DXXU=
Subject key identifier:   DD:F6:43:6D:E5:14:05:32:9C:39:0B:92:CC:BE:38:AC:1C:64:E1:7A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2FD189A5ABB8F6204DDB1580A34845A6E760E47C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/de7b8e0a-a109-43f5-8ea8-973c8c0c5cee.roa
Signing time:             Sun 26 Oct 2025 00:30:49 +0000
ROA not before:           Sun 26 Oct 2025 00:30:49 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        209.128.128.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:d1:89:a5:ab:b8:f6:20:4d:db:15:80:a3:48:45:a6:e7:60:e4:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 00:30:49 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=a9cea0842705eb9b2b82c8e4129c81aa7141b65cc5475e64f9af94024c19a0fd, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b6:fd:70:fc:bc:8a:37:c7:aa:00:93:b5:c5:
                    25:fc:ad:70:c7:da:6c:94:aa:8e:35:ad:b1:72:c3:
                    88:4a:80:4f:7f:8d:2f:dc:c2:52:05:9a:9d:5b:68:
                    77:f5:83:f3:e1:ff:10:c4:af:4c:81:5e:5e:06:67:
                    98:47:7a:11:bd:78:87:4c:bc:42:79:f3:3c:1d:46:
                    b0:7e:98:87:fa:53:18:6f:d8:60:21:dc:bf:2d:a4:
                    8d:69:06:22:46:01:40:6e:2c:7d:a8:22:ab:05:59:
                    2c:b1:91:ba:b5:bc:6f:11:3e:e2:2b:d2:a4:e9:79:
                    90:4b:d6:35:5d:62:9c:49:01:38:a9:b9:3e:f5:86:
                    ee:45:31:a6:62:8b:fe:78:d1:a2:dc:49:87:25:a2:
                    a1:86:6a:e0:60:98:b0:50:3c:f3:6f:87:11:9d:0b:
                    0a:55:73:1b:a4:aa:9f:db:0f:88:d0:b1:0e:d1:bc:
                    f9:52:a9:41:65:66:97:50:ca:36:e7:bd:b3:a9:2c:
                    7c:94:65:0c:c9:cb:13:7d:e3:43:1f:c1:52:b1:e9:
                    75:ec:d6:ea:1b:6e:f2:a0:50:89:45:f0:7c:11:5d:
                    cd:e1:b0:ad:1f:d5:2d:e7:05:f5:be:90:83:7a:e0:
                    17:7c:a2:ba:fb:89:df:db:b2:f5:71:fe:6f:47:c2:
                    6d:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:F6:43:6D:E5:14:05:32:9C:39:0B:92:CC:BE:38:AC:1C:64:E1:7A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/de7b8e0a-a109-43f5-8ea8-973c8c0c5cee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.128.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         9a:e0:00:7a:4c:d4:68:85:ce:e4:b0:e3:d3:ae:80:46:fb:50:
         d3:c3:bb:8f:1c:67:8b:e6:46:21:c6:13:ef:5c:d0:ef:7b:b4:
         e2:14:1a:66:bd:04:aa:85:13:61:69:76:ff:7a:7b:e5:d4:13:
         fb:c2:48:92:10:65:91:a6:2e:32:c8:25:5a:20:bb:68:8a:bb:
         b5:86:cf:69:9d:2e:e0:d5:c0:0f:04:6f:cd:4c:4a:09:8b:6a:
         72:83:f1:c9:11:02:a9:62:dc:76:00:97:f1:40:e7:59:f5:83:
         4f:28:cc:ae:4f:41:77:cc:61:a9:63:ae:0f:0a:ef:84:52:8e:
         8e:92:ec:5f:6c:66:cb:dd:77:a9:d7:72:d1:ae:e0:ee:15:fe:
         c6:2e:ce:0e:a5:33:6c:6a:15:e8:b8:c1:48:b0:aa:92:25:2b:
         da:21:bb:b6:f0:45:a8:ec:5d:cd:61:63:d7:a6:b1:db:69:ce:
         27:1f:ea:ee:08:02:23:37:99:84:c2:95:44:04:bd:0e:49:af:
         dc:99:a7:8a:3b:84:df:31:df:d8:0a:94:79:c8:da:f7:69:5b:
         8b:62:11:a2:f3:89:98:3b:09:ed:3c:1d:65:55:30:bd:90:d3:
         e0:21:a9:c8:3d:70:8d:5c:a1:84:06:dc:3e:b7:8a:86:f0:2e:
         a0:70:bb:59
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL9GJpau49iBN2xWAo0hFpudg5HwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDAzMDQ5WhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhOWNlYTA4NDI3MDVlYjliMmI4MmM4ZTQxMjljODFhYTcx
NDFiNjVjYzU0NzVlNjRmOWFmOTQwMjRjMTlhMGZkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUtv1w/LyKN8eqAJO1xSX8rXDH2myUqo41rbFyw4hKgE9/
jS/cwlIFmp1baHf1g/Ph/xDEr0yBXl4GZ5hHehG9eIdMvEJ58zwdRrB+mIf6Uxhv
2GAh3L8tpI1pBiJGAUBuLH2oIqsFWSyxkbq1vG8RPuIr0qTpeZBL1jVdYpxJATip
uT71hu5FMaZii/540aLcSYcloqGGauBgmLBQPPNvhxGdCwpVcxukqp/bD4jQsQ7R
vPlSqUFlZpdQyjbnvbOpLHyUZQzJyxN940MfwVKx6XXs1uobbvKgUIlF8HwRXc3h
sK0f1S3nBfW+kIN64Bd8orr7id/bsvVx/m9Hwm1jAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3fZDbeUUBTKcOQuSzL44rBxk4XowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RlN2I4ZTBhLWExMDktNDNmNS04ZWE4LTk3M2M4YzBjNWNlZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAbRgIAwDQYJKoZIhvcNAQELBQADggEBAJrgAHpM1GiFzuSw49OugEb7UNPD
u48cZ4vmRiHGE+9c0O97tOIUGma9BKqFE2Fpdv96e+XUE/vCSJIQZZGmLjLIJVog
u2iKu7WGz2mdLuDVwA8Eb81MSgmLanKD8ckRAqli3HYAl/FA51n1g08ozK5PQXfM
Yaljrg8K74RSjo6S7F9sZsvdd6nXctGu4O4V/sYuzg6lM2xqFei4wUiwqpIlK9oh
u7bwRajsXc1hY9emsdtpzicf6u4IAiM3mYTClUQEvQ5Jr9yZp4o7hN8x39gKlHnI
2vdpW4tiEaLziZg7Ce08HWVVML2Q0+Ahqcg9cI1coYQG3D63iobwLqBwu1k=
-----END CERTIFICATE-----