Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3defa9e3-2d3f-47d8-99cd-631d15fa9397.roa
File:                     3defa9e3-2d3f-47d8-99cd-631d15fa9397.roa (raw, json)
Hash identifier:          U8uvmB50LDZlRsnpSDBP8+lGzGKz5a79eJ1sMxuAYz0=
Subject key identifier:   8B:55:E7:F5:50:70:52:1E:4D:10:72:ED:A2:C8:92:F8:EB:3C:5D:AF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       70F34F12F30DC40E63210C04387F768928FA0A5D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3defa9e3-2d3f-47d8-99cd-631d15fa9397.roa
Signing time:             Wed 12 Nov 2025 02:30:57 +0000
ROA not before:           Wed 12 Nov 2025 02:30:57 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.254.0.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:f3:4f:12:f3:0d:c4:0e:63:21:0c:04:38:7f:76:89:28:fa:0a:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 02:30:57 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=b8c131cfeb8e9f7932867d46e630f781acc17ca1756ddb1e430cb7aa2bc3e980, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:4d:9c:a3:98:e5:23:9c:5c:39:ba:48:cc:60:
                    1b:27:e1:62:fb:e6:fd:f3:56:12:1c:20:ad:65:98:
                    2a:20:92:41:11:d2:cb:2a:07:97:f0:88:21:3a:a2:
                    f9:86:4f:4f:76:38:2b:6f:c6:69:e1:9e:21:af:b9:
                    29:ec:32:9c:ca:bc:14:38:f5:23:a9:e7:9c:8b:91:
                    e3:ca:cf:b9:e5:7e:cf:e3:86:12:28:7a:07:19:15:
                    f5:12:f9:17:8a:f0:bc:ac:69:f6:2b:e9:0d:ee:ef:
                    de:74:1b:40:2b:4f:1c:36:a5:93:02:20:c2:59:c1:
                    53:06:45:0a:c7:70:f7:dd:ab:46:cc:ef:21:a5:36:
                    f1:25:e0:9b:c5:6b:a0:c0:76:d9:b5:80:4b:c6:a9:
                    7a:b1:7c:f0:16:97:d7:48:56:0c:fa:e1:84:a5:b3:
                    db:91:8b:52:0b:e8:2a:61:21:71:c2:79:28:0c:aa:
                    fb:2f:15:51:08:2e:13:5d:d0:cb:0b:a2:5a:11:b7:
                    38:3c:03:56:f9:1a:f6:3e:27:65:bc:f4:a7:84:bf:
                    bd:1f:3a:c6:ec:2c:4e:9e:2b:1a:68:7c:c0:00:8f:
                    3a:06:52:c1:12:59:31:36:7b:d2:6d:0b:b0:e4:00:
                    1a:65:b0:8b:c7:78:08:9d:b5:f9:d1:a0:7a:0e:d8:
                    19:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:55:E7:F5:50:70:52:1E:4D:10:72:ED:A2:C8:92:F8:EB:3C:5D:AF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3defa9e3-2d3f-47d8-99cd-631d15fa9397.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.254.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a2:6f:9b:4f:50:da:e9:24:56:54:55:ea:bf:19:4a:6c:51:82:
         f5:69:b3:4e:ad:03:dc:bb:65:6e:1f:e1:e8:d0:1f:16:4a:64:
         57:56:45:aa:87:d7:3e:ef:03:89:29:4e:91:26:67:2e:5e:7b:
         ca:45:3a:dc:21:5b:fa:b5:9e:0b:60:29:44:6f:25:17:bb:5b:
         73:04:cb:81:71:4c:c8:bb:4c:3c:ec:9d:01:18:c7:e5:9e:5a:
         a4:b1:c4:5b:3e:95:17:09:07:28:20:f6:46:bb:c8:bf:14:48:
         da:23:0b:c9:7e:cc:a7:67:35:d9:4d:c3:5a:84:dd:c8:03:05:
         0a:8b:f3:61:93:11:3d:1d:83:e6:eb:e9:26:23:ae:eb:33:2b:
         3b:2a:b6:43:c1:39:53:da:b1:25:b5:f9:d7:d5:64:f7:8b:6a:
         4c:d5:5b:b8:5f:4e:dc:b3:ba:17:ba:6a:09:9e:b2:29:84:5d:
         ca:32:db:76:d9:36:1f:7d:85:8c:80:db:70:f1:fe:0c:68:57:
         f7:64:89:c2:97:46:26:2c:72:04:7f:25:9d:59:3b:ac:66:ac:
         b2:37:54:0d:7f:e3:a2:b5:bf:81:29:8e:d8:c2:74:8b:00:55:
         cd:38:75:f8:8b:72:31:23:09:8a:5e:eb:c0:2d:42:a6:ee:d9:
         c5:a1:e4:55
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcPNPEvMNxA5jIQwEOH92iSj6Cl0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDIzMDU3WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiOGMxMzFjZmViOGU5Zjc5MzI4NjdkNDZlNjMwZjc4MWFj
YzE3Y2ExNzU2ZGRiMWU0MzBjYjdhYTJiYzNlOTgwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDhTZyjmOUjnFw5ukjMYBsn4WL75v3zVhIcIK1lmCogkkER
0ssqB5fwiCE6ovmGT092OCtvxmnhniGvuSnsMpzKvBQ49SOp55yLkePKz7nlfs/j
hhIoegcZFfUS+ReK8LysafYr6Q3u7950G0ArTxw2pZMCIMJZwVMGRQrHcPfdq0bM
7yGlNvEl4JvFa6DAdtm1gEvGqXqxfPAWl9dIVgz64YSls9uRi1IL6CphIXHCeSgM
qvsvFVEILhNd0MsLoloRtzg8A1b5GvY+J2W89KeEv70fOsbsLE6eKxpofMAAjzoG
UsESWTE2e9JtC7DkABplsIvHeAidtfnRoHoO2BntAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUi1Xn9VBwUh5NEHLtosiS+Os8Xa8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNkZWZhOWUzLTJkM2YtNDdkOC05OWNkLTYzMWQxNWZhOTM5Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIX/gAwDQYJKoZIhvcNAQELBQADggEBAKJvm09Q2ukkVlRV6r8ZSmxRgvVp
s06tA9y7ZW4f4ejQHxZKZFdWRaqH1z7vA4kpTpEmZy5ee8pFOtwhW/q1ngtgKURv
JRe7W3MEy4FxTMi7TDzsnQEYx+WeWqSxxFs+lRcJBygg9ka7yL8USNojC8l+zKdn
NdlNw1qE3cgDBQqL82GTET0dg+br6SYjruszKzsqtkPBOVPasSW1+dfVZPeLakzV
W7hfTtyzuhe6agmesimEXcoy23bZNh99hYyA23Dx/gxoV/dkicKXRiYscgR/JZ1Z
O6xmrLI3VA1/46K1v4EpjtjCdIsAVc04dfiLcjEjCYpe68AtQqbu2cWh5FU=
-----END CERTIFICATE-----