Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64416939-e386-4747-9efd-e38b0c06dbeb.roa
File:                     64416939-e386-4747-9efd-e38b0c06dbeb.roa (raw, json)
Hash identifier:          PJgMWvXm6tlZToBus6W6ifSYcHYo9ZC5OHKj+dNQ088=
Subject key identifier:   4A:F0:0D:D1:0C:A1:B4:03:E0:58:ED:C7:9A:89:2A:85:4F:F8:43:84
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4384E663C858AB1A33E4202CB344AC156D6EB8B7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64416939-e386-4747-9efd-e38b0c06dbeb.roa
Signing time:             Thu 13 Nov 2025 00:40:58 +0000
ROA not before:           Thu 13 Nov 2025 00:40:58 +0000
ROA not after:            Thu 18 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        207.202.128.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:84:e6:63:c8:58:ab:1a:33:e4:20:2c:b3:44:ac:15:6d:6e:b8:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 13 00:40:58 2025 GMT
            Not After : Dec 18 23:59:59 2025 GMT
        Subject: serialNumber=8fc37773fdd1e61a9c8be3e0f7e1cdf3f623f0989c9c1ce084f420491fde6b80, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:88:77:37:78:89:8d:42:61:7c:c9:be:3f:ec:
                    75:fe:da:ec:b2:03:ca:31:38:28:ca:73:8c:9c:1e:
                    0c:c0:56:3e:c4:70:dc:bf:89:8c:53:00:01:ca:76:
                    58:df:fe:8a:6b:77:e3:12:57:a6:2e:9d:e8:d0:e0:
                    b3:d4:a8:b8:dc:62:85:27:f4:0e:4f:d2:3c:37:8d:
                    6f:0e:bb:85:8a:23:f3:5e:df:fa:3e:b5:50:53:66:
                    2f:dd:d4:27:95:10:73:d4:83:be:cc:13:62:82:d0:
                    92:65:b8:46:87:7a:0a:75:a2:d8:9c:fa:0d:77:cb:
                    24:2e:34:9a:66:ca:b4:28:94:c5:96:2e:5d:99:2b:
                    28:60:be:6e:fb:95:8f:a7:6f:3f:4f:1c:eb:b8:ca:
                    ee:40:8c:69:6a:6d:a0:1f:3d:9f:34:c0:73:75:f9:
                    f4:82:d3:4d:cb:af:fe:6f:4d:be:35:e6:3a:f8:ff:
                    b5:f4:ac:c8:e2:f3:2e:a0:a2:5e:e5:96:d5:ee:8b:
                    f2:1c:4f:bc:3e:68:10:74:89:db:63:c3:d0:a3:bb:
                    02:ed:23:26:fe:e7:dc:42:b0:4a:cf:77:bb:f9:95:
                    bf:3e:4c:c4:38:93:2e:8b:90:d0:f7:2b:62:23:d7:
                    33:42:84:28:07:47:51:21:00:46:63:84:a5:db:bd:
                    4d:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:F0:0D:D1:0C:A1:B4:03:E0:58:ED:C7:9A:89:2A:85:4F:F8:43:84
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64416939-e386-4747-9efd-e38b0c06dbeb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.202.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         aa:6d:04:1c:b4:29:d6:99:fb:23:90:16:d7:c6:21:01:c4:5b:
         da:c9:20:88:01:29:5b:c4:76:f4:83:3d:df:63:68:07:71:1f:
         15:8b:b2:81:42:b7:67:60:8d:c9:22:2b:7f:a5:c1:16:3a:1f:
         5b:2a:8b:6e:11:4c:f3:91:b5:de:4e:72:10:42:89:01:09:8d:
         92:d8:5e:6b:b8:27:21:a4:6b:67:63:7c:2a:6b:0f:48:ce:d4:
         e6:35:e3:2c:54:c2:4d:88:e8:ce:39:1d:71:1a:cc:c8:2c:43:
         f7:9a:29:ec:b2:44:60:94:2e:d5:00:79:d7:17:55:9a:35:04:
         c6:1a:cc:fc:cd:1f:c6:e5:d9:cf:57:ff:db:de:ad:c1:ec:f9:
         58:ef:19:f3:a2:d6:81:64:fa:2a:36:94:73:a7:f2:c1:0e:5c:
         1e:ed:95:7d:d4:7c:2e:6d:7f:c6:54:42:5d:ee:18:d1:23:c3:
         f8:2e:0d:25:2f:5b:aa:d4:11:bc:55:d4:e1:94:d2:8f:04:06:
         af:e5:b3:90:e5:61:7d:43:55:50:18:5f:b2:e6:e9:75:e0:10:
         59:a0:bd:2f:57:63:85:49:1f:f8:61:72:fe:35:51:59:bc:fe:
         dd:fb:65:ab:2b:58:b9:3a:ca:38:d8:12:92:84:8b:40:d6:6f:
         12:f4:60:80
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQ4TmY8hYqxoz5CAss0SsFW1uuLcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEzMDA0MDU4WhcNMjUxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZmMzNzc3M2ZkZDFlNjFhOWM4YmUzZTBmN2UxY2RmM2Y2
MjNmMDk4OWM5YzFjZTA4NGY0MjA0OTFmZGU2YjgwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUiHc3eImNQmF8yb4/7HX+2uyyA8oxOCjKc4ycHgzAVj7E
cNy/iYxTAAHKdljf/oprd+MSV6YunejQ4LPUqLjcYoUn9A5P0jw3jW8Ou4WKI/Ne
3/o+tVBTZi/d1CeVEHPUg77ME2KC0JJluEaHegp1otic+g13yyQuNJpmyrQolMWW
Ll2ZKyhgvm77lY+nbz9PHOu4yu5AjGlqbaAfPZ80wHN1+fSC003Lr/5vTb415jr4
/7X0rMji8y6gol7lltXui/IcT7w+aBB0idtjw9CjuwLtIyb+59xCsErPd7v5lb8+
TMQ4ky6LkND3K2Ij1zNChCgHR1EhAEZjhKXbvU1NAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSvAN0QyhtAPgWO3HmokqhU/4Q4QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY0NDE2OTM5LWUzODYtNDc0Ny05ZWZkLWUzOGIwYzA2ZGJlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAfPyoAwDQYJKoZIhvcNAQELBQADggEBAKptBBy0KdaZ+yOQFtfGIQHEW9rJ
IIgBKVvEdvSDPd9jaAdxHxWLsoFCt2dgjckiK3+lwRY6H1sqi24RTPORtd5OchBC
iQEJjZLYXmu4JyGka2djfCprD0jO1OY14yxUwk2I6M45HXEazMgsQ/eaKeyyRGCU
LtUAedcXVZo1BMYazPzNH8bl2c9X/9vercHs+VjvGfOi1oFk+io2lHOn8sEOXB7t
lX3UfC5tf8ZUQl3uGNEjw/guDSUvW6rUEbxV1OGU0o8EBq/ls5DlYX1DVVAYX7Lm
6XXgEFmgvS9XY4VJH/hhcv41UVm8/t37ZasrWLk6yjjYEpKEi0DWbxL0YIA=
-----END CERTIFICATE-----