Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/00b2d563-9558-42a3-af91-c49abf2fc92c.roa
File:                     00b2d563-9558-42a3-af91-c49abf2fc92c.roa (raw, json)
Hash identifier:          9eRAC+nxhgZh3ochVKHMPi5oeeK+JOSSQsp3UjZNf4Y=
Subject key identifier:   57:45:5E:65:25:81:05:72:A1:F6:99:A9:B4:D5:A7:0A:F6:90:59:4B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       29A74874C5B1C1FC82053013EB7B598D19BB2756
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/00b2d563-9558-42a3-af91-c49abf2fc92c.roa
Signing time:             Tue 18 Nov 2025 00:20:08 +0000
ROA not before:           Tue 18 Nov 2025 00:20:08 +0000
ROA not after:            Mon 16 Feb 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        67.35.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:a7:48:74:c5:b1:c1:fc:82:05:30:13:eb:7b:59:8d:19:bb:27:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 18 00:20:08 2025 GMT
            Not After : Feb 16 23:59:59 2026 GMT
        Subject: serialNumber=c51202be97af38efee8618ce46adef08d73f4b69e875eb9ea8db7cb349f2104e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:3e:34:de:1b:a8:ce:15:14:7c:2f:dc:89:79:
                    5a:a7:d2:2f:cd:fa:11:3b:1f:69:25:6c:31:c4:d2:
                    73:28:5a:76:f1:bf:61:ee:de:dc:6b:05:de:d6:9b:
                    4f:93:f4:53:e3:a5:0c:f0:87:07:c6:1d:16:a5:c1:
                    70:0b:bd:1c:86:67:4a:5a:22:94:93:54:20:30:93:
                    fb:a9:4f:f3:fa:30:c0:26:c0:49:25:57:10:a7:74:
                    e1:72:40:a1:13:43:6f:c1:1a:e0:dc:33:ed:70:4c:
                    ed:5a:0e:a7:8a:e0:0c:cb:4b:7b:07:8d:02:af:1b:
                    a7:7b:62:6f:75:6b:7a:18:b0:5e:5f:57:f4:e8:29:
                    12:24:16:51:89:8e:17:6b:75:bc:37:02:32:8e:12:
                    f5:ce:85:76:fc:f6:0a:3f:c7:38:17:b0:f3:8c:f8:
                    e1:d0:c4:c3:a2:9a:45:7e:44:38:74:b8:f9:bd:51:
                    35:51:76:30:18:15:aa:19:a7:ca:f8:ff:ea:36:3d:
                    1f:6f:83:61:ab:00:20:db:91:dd:68:93:c8:ea:48:
                    2b:08:4c:a6:15:20:9c:4b:19:0d:99:5e:b5:8b:55:
                    bc:01:73:65:f5:8f:4e:7a:0c:ad:26:80:45:7f:9e:
                    f3:90:d5:e7:fe:af:b6:86:ac:5b:e1:58:05:2a:fb:
                    76:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:45:5E:65:25:81:05:72:A1:F6:99:A9:B4:D5:A7:0A:F6:90:59:4B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/00b2d563-9558-42a3-af91-c49abf2fc92c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  67.35.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ab:4a:14:99:fa:6d:fc:36:86:2c:9c:a3:85:fb:5f:67:f4:f7:
         0b:21:16:db:e3:a7:47:df:e8:d7:00:21:9a:12:dd:68:ac:7a:
         ae:af:98:a6:6b:30:e0:c7:16:36:d9:1a:f0:53:4a:be:42:80:
         46:20:2f:c5:a1:d9:e7:6b:11:67:d7:cf:fe:8a:49:23:db:23:
         57:a8:b9:18:18:be:a1:6e:9e:a3:c8:30:b5:69:29:15:42:5b:
         9b:5c:58:9f:a8:29:85:2a:ad:c4:d9:9e:74:75:8e:22:47:09:
         ed:df:45:9b:80:da:6f:d1:ae:69:70:01:28:bd:8e:b2:4f:bf:
         bf:58:28:28:2b:3d:c6:7f:75:a5:90:2d:06:e3:f7:75:64:2f:
         c6:e8:1c:6f:a9:ac:3f:cd:32:38:b8:b2:5b:c1:ba:b4:b5:ed:
         0f:99:bd:30:16:c1:b7:17:cd:71:5e:66:f8:25:51:ea:da:88:
         36:df:ff:f8:43:4c:6f:49:33:5f:78:31:22:40:7b:bf:e5:4d:
         b5:26:3e:e4:e9:0b:f8:ff:85:c2:5c:ae:1c:27:55:7a:e3:6f:
         1d:88:c4:e2:b2:2d:58:d7:6d:af:5c:5d:65:73:e4:23:cd:30:
         72:62:bc:64:90:7d:46:a2:d9:56:6e:b7:48:e8:c5:9b:8c:d0:
         ac:d7:76:d6
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUKadIdMWxwfyCBTAT63tZjRm7J1YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE4MDAyMDA4WhcNMjYwMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BjNTEyMDJiZTk3YWYzOGVmZWU4NjE4Y2U0NmFkZWYwOGQ3
M2Y0YjY5ZTg3NWViOWVhOGRiN2NiMzQ5ZjIxMDRlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTPjTeG6jOFRR8L9yJeVqn0i/N+hE7H2klbDHE0nMoWnbx
v2Hu3txrBd7Wm0+T9FPjpQzwhwfGHRalwXALvRyGZ0paIpSTVCAwk/upT/P6MMAm
wEklVxCndOFyQKETQ2/BGuDcM+1wTO1aDqeK4AzLS3sHjQKvG6d7Ym91a3oYsF5f
V/ToKRIkFlGJjhdrdbw3AjKOEvXOhXb89go/xzgXsPOM+OHQxMOimkV+RDh0uPm9
UTVRdjAYFaoZp8r4/+o2PR9vg2GrACDbkd1ok8jqSCsITKYVIJxLGQ2ZXrWLVbwB
c2X1j056DK0mgEV/nvOQ1ef+r7aGrFvhWAUq+3Y9AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUV0VeZSWBBXKh9pmptNWnCvaQWUswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAwYjJkNTYzLTk1NTgtNDJhMy1hZjkxLWM0OWFiZjJmYzkyYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBDIzANBgkqhkiG9w0BAQsFAAOCAQEAq0oUmfpt/DaGLJyjhftfZ/T3CyEW
2+OnR9/o1wAhmhLdaKx6rq+Ypmsw4McWNtka8FNKvkKARiAvxaHZ52sRZ9fP/opJ
I9sjV6i5GBi+oW6eo8gwtWkpFUJbm1xYn6gphSqtxNmedHWOIkcJ7d9Fm4Dab9Gu
aXABKL2Osk+/v1goKCs9xn91pZAtBuP3dWQvxugcb6msP80yOLiyW8G6tLXtD5m9
MBbBtxfNcV5m+CVR6tqINt//+ENMb0kzX3gxIkB7v+VNtSY+5OkL+P+FwlyuHCdV
euNvHYjE4rItWNdtr1xdZXPkI80wcmK8ZJB9RqLZVm63SOjFm4zQrNd21g==
-----END CERTIFICATE-----