Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/258e6f29-ec78-4849-a049-84a7edb4a611.roa
File:                     258e6f29-ec78-4849-a049-84a7edb4a611.roa (raw, json)
Hash identifier:          DG+mN6tRtp9hRllaP458MiMrUZ6ynPtiHBDB41jVcms=
Subject key identifier:   EE:2C:9F:1A:07:C3:E8:BE:B0:58:69:F9:E8:DB:6D:CE:4E:95:2A:0F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3D19E23DEAEB93215315DCD143CE6753174948F5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/258e6f29-ec78-4849-a049-84a7edb4a611.roa
Signing time:             Thu 13 Nov 2025 00:00:50 +0000
ROA not before:           Thu 13 Nov 2025 00:00:50 +0000
ROA not after:            Thu 18 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        74.190.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:19:e2:3d:ea:eb:93:21:53:15:dc:d1:43:ce:67:53:17:49:48:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 13 00:00:50 2025 GMT
            Not After : Dec 18 23:59:59 2025 GMT
        Subject: serialNumber=8de47d4be5811397cfdfa641fbc45f60b75718c9e4bb3d8c9ceae1c4c4e68a46, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:f0:63:0a:2a:cc:d4:79:a6:14:24:f6:5f:47:
                    d1:0c:42:bd:cf:23:48:1b:b6:15:8c:ac:70:92:cd:
                    11:0a:99:ed:36:a6:33:21:3a:08:c7:39:e4:1a:85:
                    33:4f:f0:98:38:e6:81:c7:f4:c9:10:d0:58:12:1f:
                    dd:4f:b3:b9:3f:69:c5:2d:cf:a4:80:25:ac:02:08:
                    27:7f:5b:88:92:1e:63:dc:24:84:84:ac:cc:ec:80:
                    89:c0:d4:ee:b6:b8:39:35:98:0d:e9:e5:fc:77:5a:
                    22:c2:1b:72:e2:74:be:e8:47:eb:63:66:76:bd:98:
                    ae:f2:b7:63:53:e3:5a:0c:82:fe:36:78:b2:f4:3c:
                    b3:09:63:d6:fb:28:8c:85:b8:cd:9a:95:a4:28:6c:
                    58:9e:7d:8f:77:14:16:b2:c6:0b:7e:6c:20:00:bf:
                    e1:b2:35:a6:d8:b6:8d:a2:67:e2:74:cb:b5:37:0a:
                    d8:aa:09:d0:8a:a1:e6:98:5b:3b:63:5c:1c:24:c8:
                    39:5e:40:cd:b3:4f:e0:b9:ae:bc:ee:4e:b6:0f:08:
                    f7:fa:0a:c9:7f:b1:08:62:b8:fb:f7:27:4e:53:41:
                    f7:5c:c4:ba:a2:8e:b7:c5:9f:d2:8f:da:9c:02:ed:
                    89:39:6c:f0:d3:18:3e:f6:ca:a9:1f:81:e0:64:91:
                    08:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:2C:9F:1A:07:C3:E8:BE:B0:58:69:F9:E8:DB:6D:CE:4E:95:2A:0F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/258e6f29-ec78-4849-a049-84a7edb4a611.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  74.190.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b3:cb:59:20:7f:48:3c:35:15:01:ce:65:92:32:77:d2:5f:e4:
         70:0a:b0:a1:1d:48:5b:55:99:56:49:6a:d9:1c:39:48:fb:4a:
         a6:35:44:0a:5d:2f:53:f7:98:93:f1:04:8e:07:77:a7:fc:55:
         e7:d2:25:50:54:40:14:8f:96:76:0d:4f:0a:78:76:d3:fe:72:
         c9:4d:02:c8:db:9e:f7:c9:6d:cd:e1:4b:df:c2:92:86:05:47:
         32:6a:99:67:97:28:2f:5e:d7:de:b7:d9:8d:f3:0e:83:b1:cb:
         34:5b:1f:35:59:85:65:de:f6:27:0b:60:fb:f4:2b:d8:93:9f:
         b8:42:30:73:04:5c:18:85:86:53:a5:ed:00:39:2f:7b:65:67:
         18:73:de:fe:dc:31:df:2c:1b:9d:15:c8:c7:d2:39:56:c4:99:
         48:ca:c7:a6:5f:a9:71:90:4b:56:8d:d5:0a:4d:e1:44:45:1c:
         7f:74:9f:0b:4f:e7:db:d8:b4:82:7f:b6:43:78:a6:53:50:e8:
         e3:b1:a6:0c:a8:98:43:bf:0f:a6:6b:03:8b:b8:22:d6:bc:76:
         af:e6:87:0c:81:87:a6:89:79:63:c7:50:8c:45:c4:88:8d:61:
         a4:98:3f:05:5c:d2:a6:7a:e5:e8:f5:69:c7:4c:cd:1b:95:e3:
         d9:c8:31:fc
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUPRniPerrkyFTFdzRQ85nUxdJSPUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEzMDAwMDUwWhcNMjUxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZGU0N2Q0YmU1ODExMzk3Y2ZkZmE2NDFmYmM0NWY2MGI3
NTcxOGM5ZTRiYjNkOGM5Y2VhZTFjNGM0ZTY4YTQ2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDp8GMKKszUeaYUJPZfR9EMQr3PI0gbthWMrHCSzREKme02
pjMhOgjHOeQahTNP8Jg45oHH9MkQ0FgSH91Ps7k/acUtz6SAJawCCCd/W4iSHmPc
JISErMzsgInA1O62uDk1mA3p5fx3WiLCG3LidL7oR+tjZna9mK7yt2NT41oMgv42
eLL0PLMJY9b7KIyFuM2alaQobFiefY93FBayxgt+bCAAv+GyNabYto2iZ+J0y7U3
CtiqCdCKoeaYWztjXBwkyDleQM2zT+C5rrzuTrYPCPf6Csl/sQhiuPv3J05TQfdc
xLqijrfFn9KP2pwC7Yk5bPDTGD72yqkfgeBkkQhXAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU7iyfGgfD6L6wWGn56Nttzk6VKg8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI1OGU2ZjI5LWVjNzgtNDg0OS1hMDQ5LTg0YTdlZGI0YTYxMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBKvjANBgkqhkiG9w0BAQsFAAOCAQEAs8tZIH9IPDUVAc5lkjJ30l/kcAqw
oR1IW1WZVklq2Rw5SPtKpjVECl0vU/eYk/EEjgd3p/xV59IlUFRAFI+Wdg1PCnh2
0/5yyU0CyNue98ltzeFL38KShgVHMmqZZ5coL17X3rfZjfMOg7HLNFsfNVmFZd72
Jwtg+/Qr2JOfuEIwcwRcGIWGU6XtADkve2VnGHPe/twx3ywbnRXIx9I5VsSZSMrH
pl+pcZBLVo3VCk3hREUcf3SfC0/n29i0gn+2Q3imU1Do47GmDKiYQ78PpmsDi7gi
1rx2r+aHDIGHpol5Y8dQjEXEiI1hpJg/BVzSpnrl6PVpx0zNG5Xj2cgx/A==
-----END CERTIFICATE-----