Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fbd49bcd-224f-4a8b-93d2-80dc17cdd84c.roa
File:                     fbd49bcd-224f-4a8b-93d2-80dc17cdd84c.roa (raw, json)
Hash identifier:          pe6Q6pvmuxvDy/tkHHix7JFGYuM6vsOvBgw+QTX9zds=
Subject key identifier:   54:D6:73:77:2A:F5:6D:00:82:48:79:4B:CD:A1:12:C7:0D:37:82:52
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       536B0FF8F7F7939924FACE4737A2C2036C3D9A90
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fbd49bcd-224f-4a8b-93d2-80dc17cdd84c.roa
Signing time:             Sun 26 Oct 2025 00:00:08 +0000
ROA not before:           Sun 26 Oct 2025 00:00:08 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        64.252.69.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:6b:0f:f8:f7:f7:93:99:24:fa:ce:47:37:a2:c2:03:6c:3d:9a:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 00:00:08 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=74f75dea31647b12baf48b0d4645827d397f69cf2c13e16b1d4e42945ccd8e00, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d0:7c:50:cd:27:f7:b5:ee:5f:d4:89:7d:0c:
                    75:19:70:e0:31:cc:dd:dd:46:0a:9c:4f:89:6b:c2:
                    2e:b0:be:e1:56:4d:e0:d8:c7:e8:89:c2:05:9f:40:
                    0d:76:73:89:cc:7c:bc:6e:f9:91:12:cb:e9:34:55:
                    b5:5e:68:4b:0c:e8:04:7e:7e:ef:f8:cb:bb:7f:98:
                    56:1c:c0:5b:c3:06:f0:ea:fd:da:65:a3:07:ab:1d:
                    65:76:ee:0b:84:f2:b1:88:d1:46:89:bb:2a:52:ad:
                    aa:b4:88:67:88:5d:ed:40:28:03:08:c1:6f:fb:ae:
                    83:a7:b0:ee:f9:37:7b:d5:f0:ad:06:48:ec:a0:e8:
                    db:79:8a:37:dc:71:29:be:62:d3:81:5a:14:29:21:
                    95:8d:7f:ce:b6:14:81:45:23:2c:06:7f:e3:b2:08:
                    3e:5b:06:98:37:68:ed:6c:79:83:01:62:5e:5e:61:
                    ce:69:09:9e:e7:15:ec:50:8d:c8:ba:f2:6e:54:81:
                    86:b4:23:f6:c8:da:99:b3:6d:37:dc:0c:1f:a1:5f:
                    08:01:9f:67:30:39:14:43:a2:67:66:11:31:b4:6d:
                    70:e5:ff:c5:fa:fd:b9:eb:6a:05:ad:81:f7:7b:18:
                    31:85:d1:4f:3f:a2:c7:a3:75:ba:61:26:04:6f:61:
                    2a:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:D6:73:77:2A:F5:6D:00:82:48:79:4B:CD:A1:12:C7:0D:37:82:52
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fbd49bcd-224f-4a8b-93d2-80dc17cdd84c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:6d:84:64:fa:97:c1:0f:17:8c:9a:75:60:c1:ab:29:9c:ef:
         0d:0e:ff:33:cc:b3:f7:fa:45:d6:8b:16:95:5a:fb:fc:0b:99:
         c4:a0:35:f7:4f:cd:f5:9a:99:57:3d:4e:aa:c3:6b:5d:5e:07:
         ea:5a:47:05:2e:6d:53:d8:ac:7a:b5:29:75:68:5c:87:e4:47:
         5b:8f:03:ae:06:ba:6c:22:51:cb:be:88:12:05:8f:40:be:2d:
         98:fa:8d:26:8c:d6:a8:47:23:b4:87:1a:fd:cf:c8:ff:ac:2c:
         6b:67:17:03:45:07:72:9c:5d:19:6b:39:18:64:13:ba:21:10:
         de:30:6d:61:a7:41:df:5c:33:52:06:8e:bf:92:23:42:7d:7c:
         74:2e:ec:24:f8:19:10:3b:cb:f7:a2:28:f8:3b:ff:60:0f:ca:
         27:92:1f:b5:ce:16:c5:dc:be:d7:0d:9e:13:7c:24:cb:2f:b3:
         63:68:a0:56:ae:16:3e:c8:3c:19:f7:89:7b:e3:05:9c:ce:0c:
         5c:a3:39:48:e1:ad:f0:1d:30:1d:c6:1b:0e:99:c5:bc:e0:66:
         4b:c0:cd:7b:f1:4f:92:3f:ca:02:95:f2:84:35:2d:fa:6f:d7:
         50:15:3e:16:16:8e:47:51:06:89:eb:be:14:da:5e:fb:47:06:
         2a:90:7d:40
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU2sP+Pf3k5kk+s5HN6LCA2w9mpAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDAwMDA4WhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NGY3NWRlYTMxNjQ3YjEyYmFmNDhiMGQ0NjQ1ODI3ZDM5
N2Y2OWNmMmMxM2UxNmIxZDRlNDI5NDVjY2Q4ZTAwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCv0HxQzSf3te5f1Il9DHUZcOAxzN3dRgqcT4lrwi6wvuFW
TeDYx+iJwgWfQA12c4nMfLxu+ZESy+k0VbVeaEsM6AR+fu/4y7t/mFYcwFvDBvDq
/dplowerHWV27guE8rGI0UaJuypSraq0iGeIXe1AKAMIwW/7roOnsO75N3vV8K0G
SOyg6Nt5ijfccSm+YtOBWhQpIZWNf862FIFFIywGf+OyCD5bBpg3aO1seYMBYl5e
Yc5pCZ7nFexQjci68m5UgYa0I/bI2pmzbTfcDB+hXwgBn2cwORRDomdmETG0bXDl
/8X6/bnragWtgfd7GDGF0U8/osejdbphJgRvYSrvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVNZzdyr1bQCCSHlLzaESxw03glIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZiZDQ5YmNkLTIyNGYtNGE4Yi05M2QyLTgwZGMxN2NkZDg0Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/EUwDQYJKoZIhvcNAQELBQADggEBADpthGT6l8EPF4yadWDBqymc7w0O
/zPMs/f6RdaLFpVa+/wLmcSgNfdPzfWamVc9TqrDa11eB+paRwUubVPYrHq1KXVo
XIfkR1uPA64GumwiUcu+iBIFj0C+LZj6jSaM1qhHI7SHGv3PyP+sLGtnFwNFB3Kc
XRlrORhkE7ohEN4wbWGnQd9cM1IGjr+SI0J9fHQu7CT4GRA7y/eiKPg7/2APyieS
H7XOFsXcvtcNnhN8JMsvs2NooFauFj7IPBn3iXvjBZzODFyjOUjhrfAdMB3GGw6Z
xbzgZkvAzXvxT5I/ygKV8oQ1Lfpv11AVPhYWjkdRBonrvhTaXvtHBiqQfUA=
-----END CERTIFICATE-----