Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03003920-cbea-43f1-870c-84e084be150a.roa
File:                     03003920-cbea-43f1-870c-84e084be150a.roa (raw, json)
Hash identifier:          I2KvnvKZp1PHmluWJwIJ84MHf5FX0A7GSHuxLeB2XXw=
Subject key identifier:   59:3F:37:FE:8C:49:67:E2:46:D5:E0:51:64:B9:31:C4:00:43:F8:73
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       58E552A1FC225A632DFE00AECB8F3DB75B3E0E9C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03003920-cbea-43f1-870c-84e084be150a.roa
Signing time:             Sun 16 Nov 2025 00:01:08 +0000
ROA not before:           Sun 16 Nov 2025 00:01:08 +0000
ROA not after:            Sun 21 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.101.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:e5:52:a1:fc:22:5a:63:2d:fe:00:ae:cb:8f:3d:b7:5b:3e:0e:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 16 00:01:08 2025 GMT
            Not After : Dec 21 23:59:59 2025 GMT
        Subject: serialNumber=14382efc096a4e10eb8485a65bd1c4f6c72e0a2689fade3100f47a15cf68cdad, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b2:a9:b7:06:10:bc:53:92:4f:0b:df:a8:92:
                    49:31:e5:3e:43:ec:71:09:d2:f1:19:b2:67:09:67:
                    bf:ef:90:bd:2f:67:d5:87:f8:4c:4f:b2:f9:77:ef:
                    46:2c:36:5a:6e:19:f9:b2:07:6a:b1:83:5e:ef:ac:
                    35:42:9d:75:44:d9:ab:e3:9c:44:71:f8:e8:b2:40:
                    2a:09:18:2b:3a:78:84:f6:ef:8a:c4:2a:f9:e7:2e:
                    93:9f:de:e6:3b:ff:b8:e2:8b:a3:11:88:60:7a:e6:
                    d4:8b:ce:7c:85:9d:cf:53:82:ec:ea:9f:94:1e:74:
                    a6:fc:03:1b:4f:c3:8f:9c:7b:3d:7e:f4:87:03:8d:
                    55:35:73:60:3e:12:b4:ec:0c:9d:e5:e2:30:f5:de:
                    31:15:82:78:93:cd:0c:ab:b9:3f:27:5d:8a:86:17:
                    66:59:f4:e2:33:09:04:aa:1d:d2:2c:75:a4:00:fe:
                    7b:b8:d3:16:46:24:9a:c8:2b:34:27:6d:a2:6f:ad:
                    20:ae:a3:4f:d0:4e:7c:6c:b2:fc:64:70:9a:08:d6:
                    bf:89:b1:f2:11:ad:46:a1:f4:03:b5:88:34:8b:17:
                    85:93:4e:ab:25:67:e5:15:17:6d:05:6c:52:da:7f:
                    1a:df:ad:48:c8:86:d8:29:cb:27:1d:70:f3:21:99:
                    5f:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:3F:37:FE:8C:49:67:E2:46:D5:E0:51:64:B9:31:C4:00:43:F8:73
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03003920-cbea-43f1-870c-84e084be150a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:7e:d0:a0:90:28:90:0d:94:11:e7:d1:58:b5:20:8d:4a:41:
         e7:29:63:5b:c6:e7:dd:46:6a:15:0b:52:65:cf:f5:e0:1a:55:
         4b:95:49:8f:f2:a4:89:60:27:33:31:9d:12:7f:ad:f9:62:26:
         ff:2e:b7:e6:5f:e9:33:b0:e1:a2:c3:b2:ce:64:17:03:48:31:
         5f:81:b4:58:8e:a7:60:f8:b7:8f:37:d5:1b:50:b0:f7:fb:2f:
         9f:81:93:88:0b:16:fb:15:4d:c2:62:50:23:5e:93:a0:51:5d:
         0c:91:b6:5a:da:14:d4:a3:36:ed:da:8f:3c:49:d9:9a:a0:9b:
         1e:7b:87:30:16:cb:62:12:35:fc:b4:80:be:98:ac:3a:28:95:
         ba:3d:fb:10:11:54:58:89:45:de:22:f6:4a:50:49:d2:88:bb:
         9c:f1:07:d5:cc:85:82:2d:d0:ca:2f:53:ed:80:6b:18:89:75:
         0a:81:91:c8:0b:a5:32:0e:43:14:4f:11:37:8d:95:98:ac:2c:
         e0:d1:61:46:9e:38:00:85:8e:eb:24:f4:20:ec:77:10:b2:15:
         05:2c:91:92:cd:19:82:35:8c:4e:41:b8:ee:b9:6a:26:31:13:
         b8:92:58:ba:7c:4e:30:c9:c0:9f:11:e6:2f:82:92:6d:11:c4:
         bf:8f:1b:46
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWOVSofwiWmMt/gCuy489t1s+DpwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE2MDAwMTA4WhcNMjUxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNDM4MmVmYzA5NmE0ZTEwZWI4NDg1YTY1YmQxYzRmNmM3
MmUwYTI2ODlmYWRlMzEwMGY0N2ExNWNmNjhjZGFkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJsqm3BhC8U5JPC9+okkkx5T5D7HEJ0vEZsmcJZ7/vkL0v
Z9WH+ExPsvl370YsNlpuGfmyB2qxg17vrDVCnXVE2avjnERx+OiyQCoJGCs6eIT2
74rEKvnnLpOf3uY7/7jii6MRiGB65tSLznyFnc9Tguzqn5QedKb8AxtPw4+cez1+
9IcDjVU1c2A+ErTsDJ3l4jD13jEVgniTzQyruT8nXYqGF2ZZ9OIzCQSqHdIsdaQA
/nu40xZGJJrIKzQnbaJvrSCuo0/QTnxssvxkcJoI1r+JsfIRrUah9AO1iDSLF4WT
TqslZ+UVF20FbFLafxrfrUjIhtgpyycdcPMhmV9zAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWT83/oxJZ+JG1eBRZLkxxABD+HMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAzMDAzOTIwLWNiZWEtNDNmMS04NzBjLTg0ZTA4NGJlMTUwYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/GUwDQYJKoZIhvcNAQELBQADggEBAJ9+0KCQKJANlBHn0Vi1II1KQecp
Y1vG591GahULUmXP9eAaVUuVSY/ypIlgJzMxnRJ/rfliJv8ut+Zf6TOw4aLDss5k
FwNIMV+BtFiOp2D4t4831RtQsPf7L5+Bk4gLFvsVTcJiUCNek6BRXQyRtlraFNSj
Nu3ajzxJ2Zqgmx57hzAWy2ISNfy0gL6YrDoolbo9+xARVFiJRd4i9kpQSdKIu5zx
B9XMhYIt0MovU+2AaxiJdQqBkcgLpTIOQxRPETeNlZisLODRYUaeOACFjusk9CDs
dxCyFQUskZLNGYI1jE5BuO65aiYxE7iSWLp8TjDJwJ8R5i+Ckm0RxL+PG0Y=
-----END CERTIFICATE-----