Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9b85564a-7b8e-482c-82f2-955d84a48b12.roa
File:                     9b85564a-7b8e-482c-82f2-955d84a48b12.roa (raw, json)
Hash identifier:          ZJb866eRt22guEv9kE+LimTZEWZV281n4VZDQP0VhyY=
Subject key identifier:   D0:AE:A0:F8:8E:2D:8D:0F:68:B6:D3:AB:81:41:E1:31:FF:A7:88:3B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7B157DF6A92E6D9CCAFF4FEDEAF746E8F901C39A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9b85564a-7b8e-482c-82f2-955d84a48b12.roa
Signing time:             Wed 12 Nov 2025 02:40:10 +0000
ROA not before:           Wed 12 Nov 2025 02:40:10 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        32.247.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:15:7d:f6:a9:2e:6d:9c:ca:ff:4f:ed:ea:f7:46:e8:f9:01:c3:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 02:40:10 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=0772a44249e09b9e8aaaba1c255def80bc2b673e2c56525c373b46437681851e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:80:d1:d1:40:78:e2:80:c6:6f:29:ce:e9:b0:
                    ad:04:f9:98:0f:e6:89:d6:25:63:e7:4c:36:b0:49:
                    10:79:12:92:be:38:e2:d4:0c:4c:f6:2a:9f:e8:c0:
                    db:03:0f:ef:cf:66:4a:5e:ed:38:b2:f5:37:01:65:
                    74:0e:75:1c:31:6b:54:5d:9c:51:01:8d:c5:2b:1d:
                    08:c0:dc:c4:96:9b:01:76:1b:55:d8:c9:a0:83:ee:
                    cd:8e:74:04:6b:66:e9:4b:65:63:57:87:55:d2:27:
                    82:58:9b:64:4d:70:96:37:d7:f4:90:e5:d7:02:5a:
                    e1:26:c7:35:b0:8c:92:17:53:82:7a:31:41:98:cf:
                    4b:7e:a0:ca:ae:95:a6:68:68:8f:f8:97:89:80:93:
                    bb:7c:91:76:c1:1d:8a:e5:7d:65:db:2b:ed:99:b9:
                    fe:30:46:d3:f1:37:26:1c:2b:a8:57:73:8d:36:f5:
                    c2:8a:a5:d4:11:62:8d:da:03:8c:e8:51:58:e9:2b:
                    23:bf:0c:1c:55:c1:a8:27:5c:4b:ec:53:8a:ef:44:
                    72:27:d4:c3:24:6e:d9:11:75:2d:9b:cb:29:c6:d2:
                    75:81:d6:d7:f9:9c:9b:fa:82:db:ca:8b:f0:78:c3:
                    e6:a8:db:2f:86:8a:6b:c7:84:23:e0:16:21:96:db:
                    d1:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:AE:A0:F8:8E:2D:8D:0F:68:B6:D3:AB:81:41:E1:31:FF:A7:88:3B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9b85564a-7b8e-482c-82f2-955d84a48b12.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  32.247.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         11:8c:a1:e5:47:cb:18:28:d3:45:ef:81:27:8f:7e:8c:80:43:
         cb:85:ae:f8:d4:50:8b:c3:9f:25:14:c0:6e:a7:b3:83:0b:5a:
         5d:f0:0f:54:96:92:93:a4:b1:20:9c:03:dd:73:08:d7:78:c9:
         9c:f2:5c:7e:e2:3f:bf:b5:bd:85:11:a6:99:ca:cc:0a:6b:08:
         52:3c:1a:42:35:be:53:ee:74:7f:7e:47:f4:1d:04:c5:df:a3:
         51:64:5c:74:01:46:bf:bb:65:f4:5b:dc:ca:82:17:0a:8a:68:
         6b:40:fb:02:7c:1f:00:bd:9d:c7:37:15:2a:eb:4b:70:f7:21:
         b0:ff:c9:c5:99:76:d1:14:16:b4:c4:da:81:57:af:bf:15:6e:
         2b:37:b4:b5:ef:42:e0:da:36:07:2b:0c:4f:df:5b:de:eb:d5:
         4c:38:44:7e:65:12:73:d6:2c:2a:12:10:d9:5d:12:83:0e:26:
         43:9b:9a:94:2c:a5:45:f2:6b:b5:c8:7d:6b:3a:d0:ce:02:b3:
         cb:fe:db:d8:3d:af:0b:ca:3f:55:ec:4c:f1:9c:c5:aa:33:b6:
         be:16:95:72:4e:93:27:ac:bf:ef:78:b6:bd:05:ba:fd:3a:45:
         d0:bc:77:06:b9:33:2f:50:e7:8e:a3:18:4c:c5:f9:1c:67:10:
         2d:79:fb:55
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUexV99qkubZzK/0/t6vdG6PkBw5owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDI0MDEwWhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNzcyYTQ0MjQ5ZTA5YjllOGFhYWJhMWMyNTVkZWY4MGJj
MmI2NzNlMmM1NjUyNWMzNzNiNDY0Mzc2ODE4NTFlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1gNHRQHjigMZvKc7psK0E+ZgP5onWJWPnTDawSRB5EpK+
OOLUDEz2Kp/owNsDD+/PZkpe7Tiy9TcBZXQOdRwxa1RdnFEBjcUrHQjA3MSWmwF2
G1XYyaCD7s2OdARrZulLZWNXh1XSJ4JYm2RNcJY31/SQ5dcCWuEmxzWwjJIXU4J6
MUGYz0t+oMqulaZoaI/4l4mAk7t8kXbBHYrlfWXbK+2Zuf4wRtPxNyYcK6hXc402
9cKKpdQRYo3aA4zoUVjpKyO/DBxVwagnXEvsU4rvRHIn1MMkbtkRdS2byynG0nWB
1tf5nJv6gtvKi/B4w+ao2y+GimvHhCPgFiGW29FlAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU0K6g+I4tjQ9ottOrgUHhMf+niDswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzliODU1NjRhLTdiOGUtNDgyYy04MmYyLTk1NWQ4NGE0OGIxMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAg9zANBgkqhkiG9w0BAQsFAAOCAQEAEYyh5UfLGCjTRe+BJ49+jIBDy4Wu
+NRQi8OfJRTAbqezgwtaXfAPVJaSk6SxIJwD3XMI13jJnPJcfuI/v7W9hRGmmcrM
CmsIUjwaQjW+U+50f35H9B0Exd+jUWRcdAFGv7tl9FvcyoIXCopoa0D7AnwfAL2d
xzcVKutLcPchsP/JxZl20RQWtMTagVevvxVuKze0te9C4No2BysMT99b3uvVTDhE
fmUSc9YsKhIQ2V0Sgw4mQ5ualCylRfJrtch9azrQzgKzy/7b2D2vC8o/VexM8ZzF
qjO2vhaVck6TJ6y/73i2vQW6/TpF0Lx3BrkzL1DnjqMYTMX5HGcQLXn7VQ==
-----END CERTIFICATE-----