Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e13db33d-b492-48c9-a7e4-aa878a359fe3.roa
File:                     e13db33d-b492-48c9-a7e4-aa878a359fe3.roa (raw, json)
Hash identifier:          xgbW6XbUznancdjnSLJjVG/AfwdlQBQTxNLbcgEoLSk=
Subject key identifier:   AB:0E:7F:E6:93:0C:E0:98:E0:E7:A4:97:5A:65:9C:A3:45:43:78:AB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3C1412B77E761DD3A4A26F4C6E76E32C758AB72D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e13db33d-b492-48c9-a7e4-aa878a359fe3.roa
Signing time:             Sat 25 Oct 2025 00:01:20 +0000
ROA not before:           Sat 25 Oct 2025 00:01:20 +0000
ROA not after:            Sat 29 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.254.120.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:14:12:b7:7e:76:1d:d3:a4:a2:6f:4c:6e:76:e3:2c:75:8a:b7:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 25 00:01:20 2025 GMT
            Not After : Nov 29 23:59:59 2025 GMT
        Subject: serialNumber=d45c415afb305a6d39854aac1af59284f00800241aae0e2e96bd95d523e799c7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:8c:e4:91:70:93:28:ad:13:f0:e9:a5:62:1e:
                    33:e8:8e:19:45:94:f1:c1:17:40:c0:d8:02:bb:15:
                    73:e2:02:30:35:9b:1e:aa:4b:c9:de:10:8c:a8:7d:
                    5d:83:76:dc:ae:91:dd:70:dc:c8:a1:7f:d9:1b:a2:
                    49:1d:b5:db:e5:c0:99:3a:fa:62:7a:b1:ef:46:b6:
                    bb:3c:43:3b:ae:3e:87:62:1d:74:b1:af:4c:9e:22:
                    af:0e:30:d3:16:eb:69:80:c0:a2:84:07:2f:56:e1:
                    7f:85:38:ec:ec:20:3e:29:0c:b6:0d:93:90:7f:1a:
                    94:1d:d9:16:55:d7:b8:4f:65:01:7e:36:f8:3c:59:
                    9a:d6:cf:88:84:5a:b4:b4:4d:69:d1:7f:02:ec:70:
                    67:8e:e1:b5:93:7d:35:89:e2:6f:67:0d:f0:86:24:
                    89:16:e6:0a:c2:82:69:7b:87:3d:3b:9c:ff:a6:c5:
                    b9:c6:47:1c:be:4c:d5:61:69:22:7d:7c:69:b9:35:
                    48:3e:3f:ec:5f:a1:c8:7b:df:2c:3c:c9:68:92:70:
                    e3:8e:2c:06:e8:fb:78:58:a3:6a:49:a8:f4:96:5a:
                    7c:fb:d8:d1:60:a2:27:f9:01:71:fa:57:90:1d:74:
                    72:ae:f5:33:5d:b1:fe:52:19:af:ff:cf:ab:1b:e6:
                    c0:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:0E:7F:E6:93:0C:E0:98:E0:E7:A4:97:5A:65:9C:A3:45:43:78:AB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e13db33d-b492-48c9-a7e4-aa878a359fe3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.254.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:98:98:af:99:4c:b4:c7:83:b2:1e:02:84:47:a5:77:45:bc:
         88:a9:7f:db:5e:29:7e:a6:87:96:cf:55:85:e4:1f:e5:cb:db:
         28:f4:57:d5:68:f7:38:3b:bc:41:f9:d0:39:c3:f1:2b:2f:a6:
         cf:fe:93:fb:56:99:f3:09:2b:0e:db:e7:91:59:b7:f2:fb:34:
         7b:c0:26:7c:9f:fc:18:2d:c2:fb:ec:c8:67:65:42:68:4e:f7:
         bb:08:aa:71:e4:5c:16:eb:fa:55:d4:f0:50:1d:5c:87:e6:58:
         42:11:4b:d7:39:85:1e:ad:de:56:5e:f1:55:b0:23:5e:de:89:
         05:ca:33:7b:1a:12:8a:9d:d4:ad:ab:e5:cf:e0:81:5c:de:70:
         18:27:06:46:0e:5e:ca:46:41:9d:c2:27:8f:bf:97:db:ad:27:
         19:02:b1:fa:34:bc:fd:c3:16:ad:65:82:3b:47:3b:74:a3:a0:
         f1:72:a3:9b:ff:5e:ad:5a:fc:1c:68:48:a1:13:0a:3d:03:46:
         f4:0a:3a:a7:a6:fb:81:ec:71:e1:b1:cb:df:2e:b3:85:a3:6d:
         33:61:bf:f6:c5:dd:98:33:c4:01:33:cd:85:1c:ad:bb:de:9f:
         25:f9:2b:ed:b2:3c:3f:d3:78:23:21:15:f0:3d:36:ec:4c:95:
         4f:44:0f:c0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPBQSt352HdOkom9MbnbjLHWKty0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI1MDAwMTIwWhcNMjUxMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNDVjNDE1YWZiMzA1YTZkMzk4NTRhYWMxYWY1OTI4NGYw
MDgwMDI0MWFhZTBlMmU5NmJkOTVkNTIzZTc5OWM3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrjOSRcJMorRPw6aViHjPojhlFlPHBF0DA2AK7FXPiAjA1
mx6qS8neEIyofV2Ddtyukd1w3Mihf9kbokkdtdvlwJk6+mJ6se9Gtrs8QzuuPodi
HXSxr0yeIq8OMNMW62mAwKKEBy9W4X+FOOzsID4pDLYNk5B/GpQd2RZV17hPZQF+
Nvg8WZrWz4iEWrS0TWnRfwLscGeO4bWTfTWJ4m9nDfCGJIkW5grCgml7hz07nP+m
xbnGRxy+TNVhaSJ9fGm5NUg+P+xfoch73yw8yWiScOOOLAbo+3hYo2pJqPSWWnz7
2NFgoif5AXH6V5AddHKu9TNdsf5SGa//z6sb5sBTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqw5/5pMM4Jjg56SXWmWco0VDeKswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UxM2RiMzNkLWI0OTItNDhjOS1hN2U0LWFhODc4YTM1OWZlMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIX/ngwDQYJKoZIhvcNAQELBQADggEBAEaYmK+ZTLTHg7IeAoRHpXdFvIip
f9teKX6mh5bPVYXkH+XL2yj0V9Vo9zg7vEH50DnD8Ssvps/+k/tWmfMJKw7b55FZ
t/L7NHvAJnyf/BgtwvvsyGdlQmhO97sIqnHkXBbr+lXU8FAdXIfmWEIRS9c5hR6t
3lZe8VWwI17eiQXKM3saEoqd1K2r5c/ggVzecBgnBkYOXspGQZ3CJ4+/l9utJxkC
sfo0vP3DFq1lgjtHO3SjoPFyo5v/Xq1a/BxoSKETCj0DRvQKOqem+4HsceGxy98u
s4WjbTNhv/bF3ZgzxAEzzYUcrbvenyX5K+2yPD/TeCMhFfA9NuxMlU9ED8A=
-----END CERTIFICATE-----