Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/537c046e-5a56-4195-932d-8cb70983c76c.roa
File:                     537c046e-5a56-4195-932d-8cb70983c76c.roa (raw, json)
Hash identifier:          Ysa2MdC2j8Xux5thO1YaSK4U80o9XFOussIfoVj9TV0=
Subject key identifier:   72:FF:7B:CF:67:96:46:5C:C2:7C:C8:44:69:E8:0C:41:3F:7D:9A:36
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1989CDB2E3E47041DD533E86E53939AD11C1F3A7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/537c046e-5a56-4195-932d-8cb70983c76c.roa
Signing time:             Wed 12 Nov 2025 02:21:23 +0000
ROA not before:           Wed 12 Nov 2025 02:21:23 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.254.8.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:89:cd:b2:e3:e4:70:41:dd:53:3e:86:e5:39:39:ad:11:c1:f3:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 02:21:23 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=64bad6d7112bd0c9c60c5cbb4205d3afbb5ccf92de10af89d06b556682c20552, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:58:c9:f9:fa:10:43:ef:71:4b:88:d2:db:bb:
                    e5:ef:fd:d4:8c:a5:76:2f:74:08:2b:a9:85:58:5f:
                    91:37:d1:a5:6e:3d:5d:69:fd:65:3a:d7:62:82:81:
                    52:78:4b:61:b7:db:04:46:3b:22:f2:ad:77:3d:b7:
                    a9:a1:0c:11:1c:db:ca:ba:6f:de:06:ec:ee:ba:f8:
                    12:b3:9f:25:d7:f0:4d:16:12:b7:e5:c8:8d:f0:f2:
                    70:fa:61:6b:54:77:28:59:85:e8:77:d8:a9:9c:29:
                    dd:b8:a9:fa:aa:e2:c1:58:dc:df:d5:4e:ab:2a:9f:
                    d0:54:05:35:19:32:cc:33:be:f1:02:7a:fb:7c:0a:
                    fd:f8:aa:50:c0:5e:d5:f9:9a:0c:9c:64:59:ee:36:
                    5a:8c:85:33:bd:81:11:fb:38:ac:c9:94:0b:fa:74:
                    40:1e:93:66:92:6f:db:ba:0d:cd:5f:81:dd:7b:29:
                    9d:55:90:04:1b:3c:3d:0a:95:ad:cf:6b:0d:fb:7f:
                    8a:f8:b8:63:54:4f:5b:65:4c:6d:1a:ce:1c:46:da:
                    4a:a0:41:53:5f:5d:ef:d9:a1:a2:41:ae:55:2b:c9:
                    68:6b:70:4c:b4:3f:28:97:f8:96:ad:56:a4:7e:18:
                    bf:e3:e3:b4:b6:81:3a:44:09:70:fc:ba:77:61:24:
                    15:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:FF:7B:CF:67:96:46:5C:C2:7C:C8:44:69:E8:0C:41:3F:7D:9A:36
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/537c046e-5a56-4195-932d-8cb70983c76c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.254.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:ef:22:70:f6:56:fb:83:86:9a:6f:02:b8:2d:7e:b8:31:1a:
         3b:25:49:8e:a3:e9:a7:24:d5:27:b6:3e:49:40:9e:b5:f0:f7:
         b2:eb:57:b1:32:b8:54:1b:ea:79:54:1c:a9:02:dd:08:b1:98:
         7b:b6:43:df:38:84:bf:86:63:0c:c3:a0:91:25:ed:81:c1:b1:
         12:06:c4:ac:f6:f1:59:7b:27:3a:69:9f:7c:7c:86:40:2b:c9:
         aa:b9:d7:4f:54:83:8c:ed:9f:ab:6c:20:bb:18:f7:fc:ca:5a:
         29:2d:09:0b:5d:a8:01:75:6b:7f:b4:66:c8:13:f3:8f:a0:73:
         46:b2:b0:22:2c:3a:04:d4:90:5a:3e:fe:82:04:ca:c4:17:fa:
         15:bb:1b:51:0b:5b:d4:e1:1b:66:e2:8a:03:21:af:9d:36:ca:
         77:56:45:13:f9:d4:d0:62:6f:86:46:13:94:fa:11:41:cf:27:
         66:b2:77:87:4c:73:1a:4b:aa:c6:2a:a1:47:7b:1d:35:0a:74:
         1e:d7:78:96:5c:bc:ec:d8:72:ed:89:9a:35:01:0b:43:92:9e:
         4b:5a:68:a4:a8:bb:c6:f8:b5:9b:1c:47:07:3f:4f:1c:91:54:
         6d:29:06:9d:b0:47:2e:82:d6:98:43:1c:7a:34:b6:a1:bd:ea:
         8a:ed:bf:f5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGYnNsuPkcEHdUz6G5Tk5rRHB86cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDIyMTIzWhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NGJhZDZkNzExMmJkMGM5YzYwYzVjYmI0MjA1ZDNhZmJi
NWNjZjkyZGUxMGFmODlkMDZiNTU2NjgyYzIwNTUyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoWMn5+hBD73FLiNLbu+Xv/dSMpXYvdAgrqYVYX5E30aVu
PV1p/WU612KCgVJ4S2G32wRGOyLyrXc9t6mhDBEc28q6b94G7O66+BKznyXX8E0W
ErflyI3w8nD6YWtUdyhZheh32KmcKd24qfqq4sFY3N/VTqsqn9BUBTUZMswzvvEC
evt8Cv34qlDAXtX5mgycZFnuNlqMhTO9gRH7OKzJlAv6dEAek2aSb9u6Dc1fgd17
KZ1VkAQbPD0Kla3Paw37f4r4uGNUT1tlTG0azhxG2kqgQVNfXe/ZoaJBrlUryWhr
cEy0PyiX+JatVqR+GL/j47S2gTpECXD8undhJBUXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcv97z2eWRlzCfMhEaegMQT99mjYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzUzN2MwNDZlLTVhNTYtNDE5NS05MzJkLThjYjcwOTgzYzc2Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIX/ggwDQYJKoZIhvcNAQELBQADggEBACbvInD2VvuDhppvArgtfrgxGjsl
SY6j6ack1Se2PklAnrXw97LrV7EyuFQb6nlUHKkC3QixmHu2Q984hL+GYwzDoJEl
7YHBsRIGxKz28Vl7Jzppn3x8hkAryaq5109Ug4ztn6tsILsY9/zKWiktCQtdqAF1
a3+0ZsgT84+gc0aysCIsOgTUkFo+/oIEysQX+hW7G1ELW9ThG2biigMhr502yndW
RRP51NBib4ZGE5T6EUHPJ2ayd4dMcxpLqsYqoUd7HTUKdB7XeJZcvOzYcu2JmjUB
C0OSnktaaKSou8b4tZscRwc/TxyRVG0pBp2wRy6C1phDHHo0tqG96ortv/U=
-----END CERTIFICATE-----