Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/292064bd-ead2-4bf2-a375-50f37c4c3521.roa
File:                     292064bd-ead2-4bf2-a375-50f37c4c3521.roa (raw, json)
Hash identifier:          mrXpgzKJbhIEcF7zIlXdyCnv40dEzncUGCUIs/2aQ8k=
Subject key identifier:   89:55:44:D0:B6:85:EF:7C:56:79:54:A1:2B:FF:29:CB:3A:D7:37:19
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       135277D0C0981F8991A781E941BF19838D327728
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/292064bd-ead2-4bf2-a375-50f37c4c3521.roa
Signing time:             Thu 13 Nov 2025 00:20:05 +0000
ROA not before:           Thu 13 Nov 2025 00:20:05 +0000
ROA not after:            Thu 18 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        70.232.92.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:52:77:d0:c0:98:1f:89:91:a7:81:e9:41:bf:19:83:8d:32:77:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 13 00:20:05 2025 GMT
            Not After : Dec 18 23:59:59 2025 GMT
        Subject: serialNumber=045dd04c718f725909bb1d369775c858b98128d2fb42c4117d3e0f1870aa844c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:09:59:72:38:41:15:e8:64:85:e5:23:78:63:
                    a4:8d:6c:6f:9b:dc:52:d1:95:58:a7:f4:08:3a:ab:
                    ea:d5:16:21:3a:1e:d4:04:84:17:45:fe:45:16:cf:
                    f0:42:a4:13:f1:f8:06:7f:fc:10:8e:23:6b:a5:a0:
                    19:31:3b:f4:69:3c:dd:31:69:89:f9:fc:10:e9:67:
                    03:40:60:da:c4:65:6c:5a:40:eb:bb:89:81:0d:33:
                    96:43:b3:90:a2:ca:d0:e1:db:b0:38:d6:26:60:95:
                    1a:af:8d:db:7b:f3:54:81:49:40:e1:aa:23:15:14:
                    31:9f:c6:db:7d:c6:19:82:73:d3:28:bc:a8:f5:27:
                    7f:94:b3:6e:0b:f6:e1:74:01:8e:7d:c0:95:58:7d:
                    c7:1b:64:e9:90:0b:4d:7c:6c:31:0d:29:a8:56:1f:
                    35:4e:3f:5c:9c:42:ce:ae:09:33:bc:35:08:c6:44:
                    5e:d9:e4:99:01:29:f2:87:6a:c4:eb:f7:3c:bc:34:
                    4a:d7:8f:88:39:74:50:4b:a9:6d:f0:4b:2f:62:4a:
                    42:31:c2:5c:2f:60:e2:f0:b5:99:5b:ac:66:9a:0e:
                    15:e7:52:60:5d:65:4c:9a:8f:94:46:27:94:6d:dc:
                    27:20:aa:fb:d0:36:b8:98:77:bd:ac:4e:9d:c2:b7:
                    69:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:55:44:D0:B6:85:EF:7C:56:79:54:A1:2B:FF:29:CB:3A:D7:37:19
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/292064bd-ead2-4bf2-a375-50f37c4c3521.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  70.232.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:d6:1f:72:3b:a8:79:41:47:9f:a2:0a:f4:7c:1e:bc:3a:7c:
         2d:17:6f:e9:80:17:90:ba:72:c4:1c:c9:2e:6f:16:22:82:1a:
         ee:9d:62:9a:c6:70:7e:81:92:1f:1c:05:63:b3:67:eb:2d:a9:
         e7:9c:1b:8a:29:50:16:b7:8c:61:db:62:1d:07:8f:15:5f:eb:
         55:cf:60:a1:f0:c7:ae:9f:38:e6:81:ce:e8:0e:2a:f3:6f:04:
         5a:05:a1:04:99:93:f0:52:bd:b6:6a:88:6a:67:9f:6c:ad:43:
         d6:57:e9:0c:74:c1:4c:a6:b3:c5:e7:b9:d6:13:88:e9:27:c7:
         97:1b:06:76:b1:eb:6b:fb:56:b0:77:4b:13:18:48:ea:f7:58:
         bd:c7:be:6b:7e:f9:93:0a:a3:d3:16:0c:b2:68:ae:d6:5a:5f:
         f5:32:7d:e0:c0:89:a4:f3:07:a4:9d:0e:a2:ac:35:54:e8:fe:
         b4:f7:af:ba:cd:3d:10:1c:99:7e:c4:11:67:04:89:48:c8:e1:
         7a:94:a1:6b:08:3c:8d:e4:5a:cc:87:b1:c2:04:f9:28:42:b2:
         cf:38:eb:43:11:a2:ac:89:6d:c5:b2:be:86:47:44:9b:81:ed:
         72:23:05:75:09:ff:bd:3c:6d:18:85:2e:02:c4:f0:cc:b3:de:
         21:b4:f9:3d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUE1J30MCYH4mRp4HpQb8Zg40ydygwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEzMDAyMDA1WhcNMjUxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNDVkZDA0YzcxOGY3MjU5MDliYjFkMzY5Nzc1Yzg1OGI5
ODEyOGQyZmI0MmM0MTE3ZDNlMGYxODcwYWE4NDRjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYCVlyOEEV6GSF5SN4Y6SNbG+b3FLRlVin9Ag6q+rVFiE6
HtQEhBdF/kUWz/BCpBPx+AZ//BCOI2uloBkxO/RpPN0xaYn5/BDpZwNAYNrEZWxa
QOu7iYENM5ZDs5CiytDh27A41iZglRqvjdt781SBSUDhqiMVFDGfxtt9xhmCc9Mo
vKj1J3+Us24L9uF0AY59wJVYfccbZOmQC018bDENKahWHzVOP1ycQs6uCTO8NQjG
RF7Z5JkBKfKHasTr9zy8NErXj4g5dFBLqW3wSy9iSkIxwlwvYOLwtZlbrGaaDhXn
UmBdZUyaj5RGJ5Rt3CcgqvvQNriYd72sTp3Ct2m/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiVVE0LaF73xWeVShK/8pyzrXNxkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI5MjA2NGJkLWVhZDItNGJmMi1hMzc1LTUwZjM3YzRjMzUyMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJG6FwwDQYJKoZIhvcNAQELBQADggEBAIXWH3I7qHlBR5+iCvR8Hrw6fC0X
b+mAF5C6csQcyS5vFiKCGu6dYprGcH6Bkh8cBWOzZ+stqeecG4opUBa3jGHbYh0H
jxVf61XPYKHwx66fOOaBzugOKvNvBFoFoQSZk/BSvbZqiGpnn2ytQ9ZX6Qx0wUym
s8XnudYTiOknx5cbBnax62v7VrB3SxMYSOr3WL3Hvmt++ZMKo9MWDLJortZaX/Uy
feDAiaTzB6SdDqKsNVTo/rT3r7rNPRAcmX7EEWcEiUjI4XqUoWsIPI3kWsyHscIE
+ShCss8460MRoqyJbcWyvoZHRJuB7XIjBXUJ/708bRiFLgLE8Myz3iG0+T0=
-----END CERTIFICATE-----