Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/23a53446-cb7a-4e95-8459-59f35aa8088c.roa
File:                     23a53446-cb7a-4e95-8459-59f35aa8088c.roa (raw, json)
Hash identifier:          xfK18D+efrveH06rMN+jrfiMouqkbCRaRr7dh5DFybA=
Subject key identifier:   BF:08:3E:67:E2:1C:AC:99:A7:A7:35:6C:A5:FA:92:8C:D3:F0:26:E6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7C515045A2812BB53255B2AEEBD7416307B26722
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/23a53446-cb7a-4e95-8459-59f35aa8088c.roa
Signing time:             Thu 13 Nov 2025 00:20:11 +0000
ROA not before:           Thu 13 Nov 2025 00:20:11 +0000
ROA not after:            Thu 18 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.0.0.0/14 maxlen: 14
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:51:50:45:a2:81:2b:b5:32:55:b2:ae:eb:d7:41:63:07:b2:67:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 13 00:20:11 2025 GMT
            Not After : Dec 18 23:59:59 2025 GMT
        Subject: serialNumber=23d263d54eefe6a71d4cb102837c60094f15bce1895ac475daaee940965ba573, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:78:d5:a6:25:ca:7e:cc:59:d1:54:5c:3c:2e:
                    b2:e3:ef:9d:8f:4c:4e:70:b0:ae:ca:70:eb:d3:01:
                    90:fc:3d:1f:b9:c2:c8:00:16:32:f9:96:cf:f5:70:
                    c5:5c:64:9c:d8:8f:e9:10:f9:4b:de:c3:a2:c8:c2:
                    58:5b:c6:4d:ce:af:2a:06:7e:dc:36:f1:e9:fb:ab:
                    b0:a6:5b:3d:00:74:b8:79:b1:4b:23:c9:28:05:c9:
                    91:97:85:2a:77:34:f6:53:4d:3c:3d:8d:3f:9b:55:
                    57:b6:9b:87:33:29:c9:c0:fd:2a:6a:32:3b:b1:02:
                    a8:6b:f3:95:49:8e:eb:54:73:95:98:a3:46:b0:66:
                    f3:df:ba:f6:00:f6:fc:31:d6:05:ef:8e:d2:12:2b:
                    b2:2d:0a:22:78:44:72:bc:98:ab:3d:55:43:d6:07:
                    ba:5f:48:66:a9:1a:45:21:7c:4d:27:69:bf:47:ad:
                    92:39:c5:52:32:15:a1:41:d1:47:83:bc:03:46:f2:
                    e4:46:66:09:4d:95:2b:e5:da:dc:66:8c:e4:f2:f0:
                    30:0c:34:35:8e:06:58:7b:d3:02:84:5b:be:bb:f2:
                    63:3b:57:d9:20:5d:87:4d:44:1e:94:e9:ed:c5:10:
                    d1:d8:bc:a8:3f:c4:cf:60:57:a5:83:89:51:87:a4:
                    42:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:08:3E:67:E2:1C:AC:99:A7:A7:35:6C:A5:FA:92:8C:D3:F0:26:E6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/23a53446-cb7a-4e95-8459-59f35aa8088c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.0.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         a3:61:8a:92:b5:eb:d9:26:8f:43:bb:dd:44:40:e7:3a:ae:4a:
         0e:88:9f:89:f5:ab:38:16:8a:2b:c5:3c:da:30:6c:dc:ad:63:
         28:39:30:4c:2d:cb:e5:d6:eb:81:e9:cc:ba:44:2a:27:d6:b4:
         f2:bb:cb:12:4b:5c:df:8d:a8:00:b7:fd:75:76:e9:18:dd:a1:
         e5:8d:d7:c1:e2:c3:7e:ba:0f:77:9d:bd:5a:35:e5:bc:13:d7:
         9f:9c:be:ea:26:a4:c8:ba:e4:e4:23:0d:06:23:8a:bd:f3:c4:
         0b:7a:9f:8e:ff:8f:b4:76:27:c6:9d:79:0f:de:8b:f8:2c:2a:
         e5:75:08:2b:86:1f:8a:c4:38:84:b7:2c:ad:fb:f7:72:5a:82:
         93:c5:87:8c:28:2e:b3:cc:88:47:d4:1a:6b:18:20:e5:38:95:
         72:b2:19:70:8a:5c:fa:25:b7:06:86:6a:1e:c2:35:7c:ca:a8:
         4b:07:46:2c:eb:53:f3:b4:44:2b:0d:1e:66:ec:78:e2:bc:36:
         12:2a:70:05:bc:6e:37:8d:f3:a1:e5:74:6a:e9:9a:ce:bb:b9:
         2f:96:2f:ed:62:e5:02:cc:38:22:87:5c:33:80:6f:6b:9b:62:
         b0:7b:48:50:ad:f7:39:16:69:ff:79:e5:8d:fa:2f:ee:7a:32:
         68:e0:b0:fc
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUfFFQRaKBK7UyVbKu69dBYweyZyIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEzMDAyMDExWhcNMjUxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyM2QyNjNkNTRlZWZlNmE3MWQ0Y2IxMDI4MzdjNjAwOTRm
MTViY2UxODk1YWM0NzVkYWFlZTk0MDk2NWJhNTczMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDpeNWmJcp+zFnRVFw8LrLj752PTE5wsK7KcOvTAZD8PR+5
wsgAFjL5ls/1cMVcZJzYj+kQ+Uvew6LIwlhbxk3OryoGftw28en7q7CmWz0AdLh5
sUsjySgFyZGXhSp3NPZTTTw9jT+bVVe2m4czKcnA/SpqMjuxAqhr85VJjutUc5WY
o0awZvPfuvYA9vwx1gXvjtISK7ItCiJ4RHK8mKs9VUPWB7pfSGapGkUhfE0nab9H
rZI5xVIyFaFB0UeDvANG8uRGZglNlSvl2txmjOTy8DAMNDWOBlh70wKEW7678mM7
V9kgXYdNRB6U6e3FENHYvKg/xM9gV6WDiVGHpEKVAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUvwg+Z+IcrJmnpzVspfqSjNPwJuYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIzYTUzNDQ2LWNiN2EtNGU5NS04NDU5LTU5ZjM1YWE4MDg4Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwJBADANBgkqhkiG9w0BAQsFAAOCAQEAo2GKkrXr2SaPQ7vdREDnOq5KDoif
ifWrOBaKK8U82jBs3K1jKDkwTC3L5dbrgenMukQqJ9a08rvLEktc342oALf9dXbp
GN2h5Y3XweLDfroPd529WjXlvBPXn5y+6iakyLrk5CMNBiOKvfPEC3qfjv+PtHYn
xp15D96L+Cwq5XUIK4YfisQ4hLcsrfv3clqCk8WHjCgus8yIR9Qaaxgg5TiVcrIZ
cIpc+iW3BoZqHsI1fMqoSwdGLOtT87REKw0eZux44rw2EipwBbxuN43zoeV0auma
zru5L5Yv7WLlAsw4IodcM4Bva5tisHtIUK33ORZp/3nljfov7noyaOCw/A==
-----END CERTIFICATE-----