Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5b89ddc1-d111-41bb-9344-342f1446c197.roa
File:                     5b89ddc1-d111-41bb-9344-342f1446c197.roa (raw, json)
Hash identifier:          IJ4V+zr9Hyp5iksqDy0+gfoOAON9fiv6N4F8FMZq830=
Subject key identifier:   50:6F:0C:99:AA:40:14:8A:E8:F2:50:3F:97:01:E2:C7:87:9C:9C:A8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0D627345134F3AD20B51AFEFE60A12AF1B7BC666
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5b89ddc1-d111-41bb-9344-342f1446c197.roa
Signing time:             Fri 07 Nov 2025 01:00:09 +0000
ROA not before:           Fri 07 Nov 2025 01:00:09 +0000
ROA not after:            Fri 12 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.91.14.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:62:73:45:13:4f:3a:d2:0b:51:af:ef:e6:0a:12:af:1b:7b:c6:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  7 01:00:09 2025 GMT
            Not After : Dec 12 23:59:59 2025 GMT
        Subject: serialNumber=156ca45aae800a0e137ce6faf71afa413ba2bf27ea3f160d3bcbfa60d44983b2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f7:5e:8c:a3:91:97:7f:71:96:b1:73:37:c1:
                    ce:bb:c8:19:62:98:2c:1e:23:99:76:86:1c:7c:8c:
                    24:dc:8a:a6:43:ac:58:7e:36:3c:6b:33:32:5f:90:
                    27:82:41:02:de:98:1a:11:ae:18:ce:7b:e3:be:a5:
                    26:ff:a0:8b:c6:4c:8a:25:f5:86:ec:16:e5:d3:1c:
                    d6:49:f4:14:d1:e6:cd:be:c2:21:43:a5:dc:dc:8e:
                    0f:35:20:26:ef:d9:e2:51:20:c4:b1:9e:74:19:7b:
                    b3:20:4b:68:41:d1:24:6c:d3:65:16:10:58:6b:95:
                    29:5e:61:3f:61:d7:66:1b:3b:5f:b0:53:00:4b:8f:
                    86:f1:98:88:80:a8:b5:c3:c5:55:fe:9e:2a:d1:4a:
                    cb:4e:d4:5f:73:eb:39:5a:3f:c0:fe:83:b0:62:15:
                    f8:ce:bc:eb:35:f0:7f:9a:97:12:8b:77:a6:2f:2f:
                    e8:91:1e:8b:8b:77:63:a1:ee:e8:9b:93:f9:83:d1:
                    94:0b:c2:20:62:e3:66:51:3b:94:95:01:0a:31:ff:
                    30:97:35:e5:82:ea:fa:9e:07:61:c3:39:93:8b:07:
                    f6:36:67:27:a9:f6:c1:05:98:98:17:9f:dd:48:d3:
                    41:04:57:81:a9:0f:ee:75:b9:e6:63:5f:62:84:c5:
                    db:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:6F:0C:99:AA:40:14:8A:E8:F2:50:3F:97:01:E2:C7:87:9C:9C:A8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5b89ddc1-d111-41bb-9344-342f1446c197.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.91.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:ca:db:e9:05:bb:11:d4:d7:5d:80:17:6f:cf:f1:42:19:c5:
         19:8a:19:d5:26:a4:87:04:52:35:af:0e:f7:33:de:c0:6c:70:
         bc:89:ea:d9:e7:bc:ee:14:90:07:32:39:69:d7:84:55:e3:15:
         87:ed:4c:a2:cf:7f:ce:fb:84:5d:72:7d:f5:94:a8:45:c0:b4:
         ad:2a:a1:9f:a8:11:d7:6e:47:e6:57:91:8f:0f:7a:db:63:56:
         3b:97:de:6d:c4:3f:28:32:07:35:d3:cd:9f:ed:e7:d3:78:89:
         11:c8:4b:52:5b:64:1a:c4:77:25:b8:74:17:9e:6c:4e:c1:1f:
         7a:4e:b8:89:9a:2f:d8:27:03:dc:be:54:4d:ac:47:db:44:97:
         c2:58:b0:76:c3:2a:16:17:ae:c3:30:ec:a5:04:9d:36:6d:1c:
         7f:50:aa:e7:9f:78:5f:54:85:8d:6c:10:c5:04:06:09:44:a2:
         98:e6:50:f5:77:b2:a1:71:61:6d:4c:d3:22:30:8d:0c:27:ed:
         ea:94:a9:f9:db:19:05:42:13:1e:09:87:60:8c:01:72:8c:9c:
         cd:92:5d:13:ea:1b:f4:43:47:ab:6a:b2:76:d3:b0:1e:67:32:
         ec:56:5e:51:97:77:c1:e4:e7:d8:35:b6:dd:3d:44:40:b9:e7:
         93:7c:d4:79
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDWJzRRNPOtILUa/v5goSrxt7xmYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA3MDEwMDA5WhcNMjUxMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNTZjYTQ1YWFlODAwYTBlMTM3Y2U2ZmFmNzFhZmE0MTNi
YTJiZjI3ZWEzZjE2MGQzYmNiZmE2MGQ0NDk4M2IyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDH916Mo5GXf3GWsXM3wc67yBlimCweI5l2hhx8jCTciqZD
rFh+NjxrMzJfkCeCQQLemBoRrhjOe+O+pSb/oIvGTIol9YbsFuXTHNZJ9BTR5s2+
wiFDpdzcjg81ICbv2eJRIMSxnnQZe7MgS2hB0SRs02UWEFhrlSleYT9h12YbO1+w
UwBLj4bxmIiAqLXDxVX+nirRSstO1F9z6zlaP8D+g7BiFfjOvOs18H+alxKLd6Yv
L+iRHouLd2Oh7uibk/mD0ZQLwiBi42ZRO5SVAQox/zCXNeWC6vqeB2HDOZOLB/Y2
Zyep9sEFmJgXn91I00EEV4GpD+51ueZjX2KExduXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUG8MmapAFIro8lA/lwHix4ecnKgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzViODlkZGMxLWQxMTEtNDFiYi05MzQ0LTM0MmYxNDQ2YzE5Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAXWw4wDQYJKoZIhvcNAQELBQADggEBAKnK2+kFuxHU112AF2/P8UIZxRmK
GdUmpIcEUjWvDvcz3sBscLyJ6tnnvO4UkAcyOWnXhFXjFYftTKLPf877hF1yffWU
qEXAtK0qoZ+oEdduR+ZXkY8PettjVjuX3m3EPygyBzXTzZ/t59N4iRHIS1JbZBrE
dyW4dBeebE7BH3pOuImaL9gnA9y+VE2sR9tEl8JYsHbDKhYXrsMw7KUEnTZtHH9Q
quefeF9UhY1sEMUEBglEopjmUPV3sqFxYW1M0yIwjQwn7eqUqfnbGQVCEx4Jh2CM
AXKMnM2SXRPqG/RDR6tqsnbTsB5nMuxWXlGXd8Hk59g1tt09REC555N81Hk=
-----END CERTIFICATE-----