Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ff2feae-89d7-4a29-8db6-044c0900186d.roa
File:                     9ff2feae-89d7-4a29-8db6-044c0900186d.roa (raw, json)
Hash identifier:          G1JY4BDZk5ywo9JHeZBXgJ1LdY1r2qPTAW6Y8aYQyRY=
Subject key identifier:   6E:1C:20:21:1D:EA:6C:6A:AA:25:4A:FF:93:56:E1:8B:A5:9D:6A:7A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       317C5C035FE4882D6A9226D0DE163DBF957E955B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ff2feae-89d7-4a29-8db6-044c0900186d.roa
Signing time:             Fri 07 Nov 2025 01:00:05 +0000
ROA not before:           Fri 07 Nov 2025 01:00:05 +0000
ROA not after:            Fri 12 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.91.10.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:7c:5c:03:5f:e4:88:2d:6a:92:26:d0:de:16:3d:bf:95:7e:95:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  7 01:00:05 2025 GMT
            Not After : Dec 12 23:59:59 2025 GMT
        Subject: serialNumber=f6e256e2ca6569a7f853a834bf30e6719e47c1f667c88b2c5e30bd2fd82f524b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:9c:21:59:00:98:b3:15:0a:0b:a9:7f:fb:9f:
                    6a:eb:5e:ef:38:f9:0b:90:ed:58:3e:29:f6:b3:c7:
                    73:24:20:13:c9:b7:45:05:bf:b7:2c:7f:80:52:17:
                    75:3b:19:9e:d5:33:6b:bc:02:94:6b:e1:55:1b:33:
                    86:ce:57:cf:8d:3d:fe:20:c5:f1:27:64:33:7e:56:
                    e4:31:79:c6:9b:5f:36:2c:67:62:32:d5:b7:e7:a2:
                    76:d8:e5:a2:f0:94:be:4e:b2:dd:cb:10:cd:67:09:
                    f1:66:0e:c4:02:7b:48:d2:af:e6:b0:97:88:66:52:
                    b7:73:a8:df:6f:ff:27:ec:62:99:e5:c8:9d:37:83:
                    3e:02:dc:44:7f:95:72:bd:f1:13:8d:c4:6a:c7:e0:
                    00:b8:da:15:45:49:ab:ae:a0:b7:f7:c7:ce:fc:5c:
                    27:36:c4:3e:90:e0:d8:20:65:c8:0e:a0:8c:42:a2:
                    9a:75:80:95:df:31:75:e3:73:a2:68:f6:f6:5a:10:
                    14:69:29:13:d6:4a:a7:a7:d4:aa:7e:eb:fa:32:be:
                    56:c3:47:9c:2c:ad:ac:91:3a:78:77:ce:17:6d:15:
                    09:cc:36:d3:39:d2:9c:44:24:d7:dd:e2:4f:41:ed:
                    df:7b:b5:74:68:fc:b8:28:9e:11:5e:e2:3d:9b:75:
                    7d:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:1C:20:21:1D:EA:6C:6A:AA:25:4A:FF:93:56:E1:8B:A5:9D:6A:7A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ff2feae-89d7-4a29-8db6-044c0900186d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.91.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:10:ee:5a:c3:55:b6:d6:21:19:f5:f9:77:c1:c0:b1:ab:df:
         48:be:13:a0:3d:46:79:3d:bb:16:44:2f:a0:ac:52:11:33:77:
         f9:2a:b7:38:be:05:44:fe:03:6b:85:7b:40:42:ae:86:21:e0:
         17:17:2e:75:6b:b6:58:4b:72:e9:af:cd:7f:c5:a9:a2:4b:70:
         23:fb:18:67:08:39:4b:90:77:cd:63:38:b3:99:11:ae:27:df:
         3f:1c:b1:71:02:65:5f:19:ec:62:94:48:f9:1c:51:cc:56:75:
         0f:99:45:f4:92:fc:38:4e:92:25:49:ae:9b:97:ed:41:74:01:
         35:f5:13:6a:7d:36:71:12:c0:47:a2:15:90:05:f3:b0:de:cc:
         3b:5d:a9:86:62:94:43:f7:3e:57:c1:73:90:43:2c:18:dc:0a:
         b2:9f:47:23:1d:69:b6:c0:57:fd:2c:e8:e8:53:09:52:e7:ff:
         d9:8f:10:cf:0c:aa:9b:53:25:b5:46:df:3a:bb:96:d8:ca:53:
         8f:19:d2:ee:97:47:4a:46:ed:a7:db:53:27:75:86:7e:bc:40:
         83:52:77:a9:39:f4:9e:08:15:0d:76:26:be:e5:d9:a2:48:cc:
         ee:54:cf:17:c3:be:c9:df:36:49:bd:8e:b4:96:71:26:db:87:
         4d:c5:85:a2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMXxcA1/kiC1qkibQ3hY9v5V+lVswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA3MDEwMDA1WhcNMjUxMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNmUyNTZlMmNhNjU2OWE3Zjg1M2E4MzRiZjMwZTY3MTll
NDdjMWY2NjdjODhiMmM1ZTMwYmQyZmQ4MmY1MjRiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1nCFZAJizFQoLqX/7n2rrXu84+QuQ7Vg+Kfazx3MkIBPJ
t0UFv7csf4BSF3U7GZ7VM2u8ApRr4VUbM4bOV8+NPf4gxfEnZDN+VuQxecabXzYs
Z2Iy1bfnonbY5aLwlL5Ost3LEM1nCfFmDsQCe0jSr+awl4hmUrdzqN9v/yfsYpnl
yJ03gz4C3ER/lXK98RONxGrH4AC42hVFSauuoLf3x878XCc2xD6Q4NggZcgOoIxC
opp1gJXfMXXjc6Jo9vZaEBRpKRPWSqen1Kp+6/oyvlbDR5wsrayROnh3zhdtFQnM
NtM50pxEJNfd4k9B7d97tXRo/LgonhFe4j2bdX13AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbhwgIR3qbGqqJUr/k1bhi6WdanowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlmZjJmZWFlLTg5ZDctNGEyOS04ZGI2LTA0NGMwOTAwMTg2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAXWwowDQYJKoZIhvcNAQELBQADggEBADoQ7lrDVbbWIRn1+XfBwLGr30i+
E6A9Rnk9uxZEL6CsUhEzd/kqtzi+BUT+A2uFe0BCroYh4BcXLnVrtlhLcumvzX/F
qaJLcCP7GGcIOUuQd81jOLOZEa4n3z8csXECZV8Z7GKUSPkcUcxWdQ+ZRfSS/DhO
kiVJrpuX7UF0ATX1E2p9NnESwEeiFZAF87DezDtdqYZilEP3PlfBc5BDLBjcCrKf
RyMdabbAV/0s6OhTCVLn/9mPEM8MqptTJbVG3zq7ltjKU48Z0u6XR0pG7afbUyd1
hn68QINSd6k59J4IFQ12Jr7l2aJIzO5UzxfDvsnfNkm9jrSWcSbbh03FhaI=
-----END CERTIFICATE-----