Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f6be303f-6b48-4c2b-a9e6-b4a5db34818d.roa
File:                     f6be303f-6b48-4c2b-a9e6-b4a5db34818d.roa (raw, json)
Hash identifier:          Md8xKTFqTRaXWAuuPW6eg37az3Id2ojyngFk9irS3ik=
Subject key identifier:   F3:FE:07:96:81:F6:81:E7:5D:38:D1:D1:FD:C8:6B:EA:0F:54:54:CA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       31C18C62D0F289A07681BFF9C2F72891878BD5B9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f6be303f-6b48-4c2b-a9e6-b4a5db34818d.roa
Signing time:             Sun 02 Nov 2025 00:30:39 +0000
ROA not before:           Sun 02 Nov 2025 00:30:39 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        69.53.128.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:c1:8c:62:d0:f2:89:a0:76:81:bf:f9:c2:f7:28:91:87:8b:d5:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:30:39 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=9ef20ca858a9d635d92ab075c64d01fc9646016c622b7f48a53997e47195e5c6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:4b:91:37:f7:29:3f:4f:5f:fb:b3:ca:bd:3e:
                    97:f4:5c:e4:0c:1c:81:15:e4:d2:e2:b8:67:ed:1f:
                    b0:23:ed:b9:45:18:4d:47:e3:41:66:0a:b8:17:a6:
                    c4:dd:61:f8:4b:d0:fa:1d:26:6b:13:7c:d4:65:66:
                    b3:a0:fb:ae:5f:3a:95:fa:0d:dd:a5:21:9d:b6:9d:
                    3b:c3:55:01:a3:21:69:a7:5c:3d:ee:76:44:8c:6a:
                    fa:8b:2b:b0:dc:23:25:b6:e6:ec:37:38:ef:95:a1:
                    e1:56:fd:ea:b9:91:a1:f9:2d:b1:b7:a1:f5:60:41:
                    59:98:c7:39:58:70:2c:31:99:ce:25:18:3c:a1:65:
                    a5:0f:4f:96:0f:9f:80:22:d7:ed:55:39:15:03:f1:
                    3a:be:01:40:4b:11:fb:af:09:8d:29:11:1d:64:04:
                    92:6d:78:0c:4d:60:ac:6b:2f:7e:60:f0:65:48:53:
                    99:68:31:64:4a:24:85:ba:26:7a:e5:f1:f4:a8:af:
                    93:5b:27:13:e7:e0:95:ae:7a:2c:ba:aa:3a:ca:6e:
                    8d:ef:e6:26:43:95:08:db:e0:55:3a:bb:35:4e:f9:
                    4d:10:f3:47:64:3b:24:da:45:4c:34:f6:7f:4b:c1:
                    1d:02:fb:d9:ec:49:b0:67:5b:a2:8c:6d:91:76:70:
                    4f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:FE:07:96:81:F6:81:E7:5D:38:D1:D1:FD:C8:6B:EA:0F:54:54:CA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f6be303f-6b48-4c2b-a9e6-b4a5db34818d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.53.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         27:29:d6:61:37:7d:d2:bd:8b:fb:e2:93:23:42:10:2e:e7:5b:
         1b:16:51:bf:a4:08:0c:ca:0c:a4:c1:75:8b:98:41:0d:65:69:
         12:41:44:5a:8e:8a:ca:df:6e:79:54:7c:23:2f:87:5c:c1:e7:
         70:b2:90:dd:03:a4:9e:3e:10:23:4a:4b:b5:d4:12:d5:9b:79:
         af:3b:c4:ce:e0:a7:c3:3f:8e:21:6f:61:6b:ec:65:d0:da:56:
         da:34:d4:8b:8f:1a:5f:99:2a:39:d9:6a:b8:3a:f5:88:9c:b9:
         d6:02:75:7d:d6:f3:1e:7b:4c:25:7c:cb:c5:58:fb:7f:6b:40:
         6f:c9:da:b6:17:5c:07:6e:c8:4d:86:17:64:66:78:9b:a1:ac:
         2c:2d:71:ef:84:97:8a:a2:bf:dc:34:1b:e2:d7:42:34:70:08:
         ff:d9:5a:03:34:a7:96:23:13:b8:8c:8b:fe:cd:a6:24:23:6b:
         2f:09:e9:5f:17:d9:5e:c4:2a:d0:80:97:8c:74:46:3e:1f:17:
         cf:62:8c:45:cb:6a:ba:43:bc:95:0b:15:20:9e:da:ea:fe:2d:
         16:0c:4c:31:d4:b7:0a:9b:82:c4:98:35:69:09:39:9a:0c:fa:
         5c:4a:89:7e:47:59:38:e7:c0:6b:44:31:3d:b5:29:45:2a:1e:
         ac:2e:0e:1b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMcGMYtDyiaB2gb/5wvcokYeL1bkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDAzMDM5WhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZWYyMGNhODU4YTlkNjM1ZDkyYWIwNzVjNjRkMDFmYzk2
NDYwMTZjNjIyYjdmNDhhNTM5OTdlNDcxOTVlNWM2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3S5E39yk/T1/7s8q9Ppf0XOQMHIEV5NLiuGftH7Aj7blF
GE1H40FmCrgXpsTdYfhL0PodJmsTfNRlZrOg+65fOpX6Dd2lIZ22nTvDVQGjIWmn
XD3udkSMavqLK7DcIyW25uw3OO+VoeFW/eq5kaH5LbG3ofVgQVmYxzlYcCwxmc4l
GDyhZaUPT5YPn4Ai1+1VORUD8Tq+AUBLEfuvCY0pER1kBJJteAxNYKxrL35g8GVI
U5loMWRKJIW6Jnrl8fSor5NbJxPn4JWueiy6qjrKbo3v5iZDlQjb4FU6uzVO+U0Q
80dkOyTaRUw09n9LwR0C+9nsSbBnW6KMbZF2cE+5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8/4HloH2geddONHR/chr6g9UVMowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y2YmUzMDNmLTZiNDgtNGMyYi1hOWU2LWI0YTVkYjM0ODE4ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZFNYAwDQYJKoZIhvcNAQELBQADggEBACcp1mE3fdK9i/vikyNCEC7nWxsW
Ub+kCAzKDKTBdYuYQQ1laRJBRFqOisrfbnlUfCMvh1zB53CykN0DpJ4+ECNKS7XU
EtWbea87xM7gp8M/jiFvYWvsZdDaVto01IuPGl+ZKjnZarg69YicudYCdX3W8x57
TCV8y8VY+39rQG/J2rYXXAduyE2GF2RmeJuhrCwtce+El4qiv9w0G+LXQjRwCP/Z
WgM0p5YjE7iMi/7NpiQjay8J6V8X2V7EKtCAl4x0Rj4fF89ijEXLarpDvJULFSCe
2ur+LRYMTDHUtwqbgsSYNWkJOZoM+lxKiX5HWTjnwGtEMT21KUUqHqwuDhs=
-----END CERTIFICATE-----