Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/63d5de50-53d9-4075-9a99-2b4ef676f544.roa
File:                     63d5de50-53d9-4075-9a99-2b4ef676f544.roa (raw, json)
Hash identifier:          XoQWYQDz2hrAo0Fi90c7NPMJ7CetS930bVQgOTABWdM=
Subject key identifier:   C5:7B:B7:AB:35:C4:1D:9D:3F:5C:EB:08:F8:A1:9A:FD:59:96:87:4F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3F76C5191EE707CC3C1379BD73A73C7CA2759337
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/63d5de50-53d9-4075-9a99-2b4ef676f544.roa
Signing time:             Mon 22 Sep 2025 16:11:23 +0000
ROA not before:           Mon 22 Sep 2025 16:11:23 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        174.129.48.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:76:c5:19:1e:e7:07:cc:3c:13:79:bd:73:a7:3c:7c:a2:75:93:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 22 16:11:23 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=4ed8911058ab54cf4861e7b44dbbcec635b27ad938e77b44141f2e2de0c7020a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e8:bc:b4:ec:22:5f:b4:ee:2a:1e:80:48:df:
                    7d:f0:be:a9:10:7c:eb:e1:08:c5:84:e8:09:1e:49:
                    1a:53:e4:b4:59:01:39:22:ea:e5:9e:12:21:0f:78:
                    83:b2:32:f9:77:52:6c:7f:9e:23:08:c4:90:90:23:
                    af:80:06:91:be:9d:bd:78:c8:21:be:4a:90:55:7f:
                    a3:b3:10:47:b4:c6:85:86:fc:16:5c:1b:f5:00:c8:
                    41:30:66:2b:f0:08:2e:d0:28:66:27:bf:8a:db:7e:
                    f0:6b:59:31:92:fe:b1:bb:47:33:9c:86:7d:49:81:
                    c9:2d:c8:5c:c7:51:01:cc:d8:13:a2:92:65:ee:14:
                    2d:57:ab:8d:e1:0d:06:8b:d1:19:39:84:d2:21:12:
                    83:e1:39:e7:46:b1:13:46:2f:ec:50:1a:fa:5a:46:
                    4e:8b:9a:98:3b:33:eb:52:a6:e6:ff:76:4c:74:ed:
                    76:15:79:88:c9:aa:cb:04:19:41:dd:f1:ac:67:26:
                    d7:0b:39:01:71:f3:e0:ad:4b:8f:91:80:97:80:30:
                    86:cd:f9:d5:c4:22:75:35:ab:8c:28:25:d9:f4:8b:
                    d2:45:68:fc:85:97:36:33:58:de:9e:bc:d3:5e:e5:
                    47:5e:6d:57:7e:8a:fc:8d:21:19:19:f0:9d:6f:d8:
                    b3:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:7B:B7:AB:35:C4:1D:9D:3F:5C:EB:08:F8:A1:9A:FD:59:96:87:4F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/63d5de50-53d9-4075-9a99-2b4ef676f544.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  174.129.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         57:c7:ad:50:09:27:a3:7f:7c:06:e7:38:d4:07:5d:30:f6:39:
         77:63:de:4c:e6:e5:77:10:e9:68:ec:86:eb:8d:30:f6:df:00:
         94:47:2a:b8:28:b3:4f:9a:d2:29:5e:a0:26:b2:7e:44:2f:74:
         1f:61:96:6c:43:15:3e:da:41:4f:a8:ca:e3:47:07:f4:f3:9d:
         4d:45:21:b2:01:fd:f2:d6:c2:6b:c0:a4:5c:12:38:61:c3:32:
         59:3f:3e:b0:11:f8:30:57:a8:d1:d8:64:98:98:9e:16:80:29:
         2a:73:69:9d:5f:24:5e:3a:be:99:15:ab:e1:71:19:98:c3:90:
         7f:32:25:10:d4:60:51:a9:40:29:05:09:cd:ac:1c:01:0d:07:
         af:af:97:fe:c1:de:b8:fc:1e:9f:b2:74:29:89:11:f0:5c:0c:
         ba:6e:35:b9:3a:6d:11:8c:d4:9a:a6:01:a7:a9:1d:b9:eb:e7:
         2f:92:4e:97:ee:b6:0b:16:4c:fc:7e:83:46:09:53:2d:0b:d0:
         d2:73:9b:be:1a:25:e4:68:93:2c:67:d3:87:af:6f:56:40:a8:
         14:3e:45:f3:fd:f6:40:22:ba:2b:79:9e:e9:ad:48:28:dc:ec:
         e9:60:f1:98:7c:12:c0:12:2f:af:e0:ed:7a:9f:bb:8a:f1:a4:
         6b:8d:74:2e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUP3bFGR7nB8w8E3m9c6c8fKJ1kzcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTIyMTYxMTIzWhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZWQ4OTExMDU4YWI1NGNmNDg2MWU3YjQ0ZGJiY2VjNjM1
YjI3YWQ5MzhlNzdiNDQxNDFmMmUyZGUwYzcwMjBhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCw6Ly07CJftO4qHoBI333wvqkQfOvhCMWE6AkeSRpT5LRZ
ATki6uWeEiEPeIOyMvl3Umx/niMIxJCQI6+ABpG+nb14yCG+SpBVf6OzEEe0xoWG
/BZcG/UAyEEwZivwCC7QKGYnv4rbfvBrWTGS/rG7RzOchn1JgcktyFzHUQHM2BOi
kmXuFC1Xq43hDQaL0Rk5hNIhEoPhOedGsRNGL+xQGvpaRk6Lmpg7M+tSpub/dkx0
7XYVeYjJqssEGUHd8axnJtcLOQFx8+CtS4+RgJeAMIbN+dXEInU1q4woJdn0i9JF
aPyFlzYzWN6evNNe5UdebVd+ivyNIRkZ8J1v2LNlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxXu3qzXEHZ0/XOsI+KGa/VmWh08wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYzZDVkZTUwLTUzZDktNDA3NS05YTk5LTJiNGVmNjc2ZjU0NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBASugTAwDQYJKoZIhvcNAQELBQADggEBAFfHrVAJJ6N/fAbnONQHXTD2OXdj
3kzm5XcQ6WjshuuNMPbfAJRHKrgos0+a0ileoCayfkQvdB9hlmxDFT7aQU+oyuNH
B/TznU1FIbIB/fLWwmvApFwSOGHDMlk/PrAR+DBXqNHYZJiYnhaAKSpzaZ1fJF46
vpkVq+FxGZjDkH8yJRDUYFGpQCkFCc2sHAENB6+vl/7B3rj8Hp+ydCmJEfBcDLpu
Nbk6bRGM1JqmAaepHbnr5y+STpfutgsWTPx+g0YJUy0L0NJzm74aJeRokyxn04ev
b1ZAqBQ+RfP99kAiuit5numtSCjc7Olg8Zh8EsASL6/g7Xqfu4rxpGuNdC4=
-----END CERTIFICATE-----