Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ab45e62-7d44-4885-a10e-81a21539a820.roa
File:                     2ab45e62-7d44-4885-a10e-81a21539a820.roa (raw, json)
Hash identifier:          MXE/oiNa3bARgk17OfczGiXFzokzXoSEw5qDqDTTng0=
Subject key identifier:   79:5B:CA:5A:DF:5F:0D:AE:A0:7E:9E:94:20:FD:A4:9A:C6:B8:D4:6E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       696EF0ABF3EC51296A47AA91F60AD5791DC353AB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ab45e62-7d44-4885-a10e-81a21539a820.roa
Signing time:             Wed 12 Nov 2025 00:20:43 +0000
ROA not before:           Wed 12 Nov 2025 00:20:43 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.23.72.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:6e:f0:ab:f3:ec:51:29:6a:47:aa:91:f6:0a:d5:79:1d:c3:53:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 00:20:43 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=9f77610acd45608638691c5660293c9578c57115fd74cf67262da635f2811953, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f0:e0:52:54:ce:dd:4a:f6:85:2a:18:e5:5c:
                    39:6e:89:ec:d5:34:0d:20:b7:46:5f:82:d2:6a:9c:
                    f2:6d:bc:21:b6:2f:b5:68:c0:2e:bc:72:97:c3:51:
                    75:8c:ff:d3:09:2e:5c:d3:c4:bb:8b:4f:c3:92:85:
                    72:1e:a1:fa:fb:1d:77:e2:77:40:58:5d:aa:10:7a:
                    30:60:86:a5:6b:fc:90:78:f5:a1:51:33:b5:3a:a3:
                    dd:70:ba:ff:a9:43:38:03:b7:e4:b1:c7:02:11:d3:
                    60:47:a5:b9:34:82:d4:48:c3:87:14:5c:b2:c2:db:
                    13:2f:9d:5d:5d:88:45:e3:76:59:9e:82:4a:7a:14:
                    71:c7:78:17:9d:89:5c:a2:f1:df:68:f9:fc:d9:02:
                    ab:5e:5c:ce:96:a1:95:49:fd:b4:0a:94:79:ec:03:
                    d4:f4:aa:fe:7e:0e:10:4a:70:dd:c9:d8:b8:18:ee:
                    f2:78:96:41:38:32:3b:7d:da:2b:7b:f7:ff:86:23:
                    3f:1d:90:38:79:32:dd:2c:f8:f3:ed:e7:25:e5:10:
                    10:61:c3:40:ac:5e:77:ef:79:db:05:10:0f:53:8f:
                    ae:5b:e1:86:02:45:1f:e1:66:f3:5c:bf:6a:7a:32:
                    da:25:62:a2:47:62:52:15:d8:ff:45:de:c0:75:8a:
                    a7:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:5B:CA:5A:DF:5F:0D:AE:A0:7E:9E:94:20:FD:A4:9A:C6:B8:D4:6E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ab45e62-7d44-4885-a10e-81a21539a820.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.23.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         84:ff:38:d3:d0:e9:10:15:c0:36:d1:3e:e5:e9:67:dd:ab:c8:
         24:bf:5d:0f:60:46:39:ab:14:f9:44:91:cd:f7:6b:8d:8d:b0:
         a6:d1:38:5e:80:4d:06:c0:47:a9:5e:fe:86:1f:be:a5:02:7f:
         99:33:29:9c:30:20:c0:db:1e:8c:0b:c0:ce:f9:c1:ee:60:cd:
         df:dd:9a:cb:9b:52:43:b5:66:45:dc:a4:9e:45:c5:29:8b:6c:
         18:9c:15:53:ae:db:04:be:36:38:21:67:0f:b7:9e:c5:02:c0:
         32:48:cc:78:55:f9:ac:54:79:30:e6:55:f8:04:d4:42:e3:ec:
         a2:2c:14:39:b1:22:da:69:14:38:ea:c7:eb:16:99:cf:0a:50:
         51:2a:dd:29:ab:13:f6:99:64:c4:5c:2f:73:ad:f1:fc:1b:c2:
         9b:b6:66:1a:f2:e9:d5:91:e9:3d:14:c5:f7:62:4f:86:9c:34:
         ed:46:a1:97:60:21:ba:7c:de:86:f4:83:9f:3a:4f:9d:a3:27:
         67:f9:8e:9f:b6:59:99:99:e0:7f:e6:ec:2c:ed:96:dc:4a:ff:
         99:6f:8c:f8:20:b4:2e:c7:6b:0a:1a:07:e9:70:3f:2b:da:02:
         d2:e8:81:be:5e:23:91:d1:65:a5:36:b8:81:b2:cd:e5:e3:55:
         99:3b:4e:5d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaW7wq/PsUSlqR6qR9grVeR3DU6swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDAyMDQzWhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5Zjc3NjEwYWNkNDU2MDg2Mzg2OTFjNTY2MDI5M2M5NTc4
YzU3MTE1ZmQ3NGNmNjcyNjJkYTYzNWYyODExOTUzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC48OBSVM7dSvaFKhjlXDluiezVNA0gt0ZfgtJqnPJtvCG2
L7VowC68cpfDUXWM/9MJLlzTxLuLT8OShXIeofr7HXfid0BYXaoQejBghqVr/JB4
9aFRM7U6o91wuv+pQzgDt+SxxwIR02BHpbk0gtRIw4cUXLLC2xMvnV1diEXjdlme
gkp6FHHHeBediVyi8d9o+fzZAqteXM6WoZVJ/bQKlHnsA9T0qv5+DhBKcN3J2LgY
7vJ4lkE4Mjt92it79/+GIz8dkDh5Mt0s+PPt5yXlEBBhw0CsXnfvedsFEA9Tj65b
4YYCRR/hZvNcv2p6MtolYqJHYlIV2P9F3sB1iqeNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeVvKWt9fDa6gfp6UIP2kmsa41G4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJhYjQ1ZTYyLTdkNDQtNDg4NS1hMTBlLTgxYTIxNTM5YTgyMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIXF0gwDQYJKoZIhvcNAQELBQADggEBAIT/ONPQ6RAVwDbRPuXpZ92ryCS/
XQ9gRjmrFPlEkc33a42NsKbROF6ATQbAR6le/oYfvqUCf5kzKZwwIMDbHowLwM75
we5gzd/dmsubUkO1ZkXcpJ5FxSmLbBicFVOu2wS+NjghZw+3nsUCwDJIzHhV+axU
eTDmVfgE1ELj7KIsFDmxItppFDjqx+sWmc8KUFEq3SmrE/aZZMRcL3Ot8fwbwpu2
Zhry6dWR6T0UxfdiT4acNO1GoZdgIbp83ob0g586T52jJ2f5jp+2WZmZ4H/m7Czt
ltxK/5lvjPggtC7HawoaB+lwPyvaAtLogb5eI5HRZaU2uIGyzeXjVZk7Tl0=
-----END CERTIFICATE-----