Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bc318b70-5b88-4bf7-8b6c-9a26cee65109.roa
File:                     bc318b70-5b88-4bf7-8b6c-9a26cee65109.roa (raw, json)
Hash identifier:          nKBTq1GVPzHx4+moeyYdA/UoISj1uEdktjgOjhvLVck=
Subject key identifier:   34:69:5E:D5:D1:EA:52:A3:F5:93:54:E1:2E:8C:9A:3B:91:78:1A:83
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       74064C02146B458FBDEA9239B2EE08DFE1A4F0D4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bc318b70-5b88-4bf7-8b6c-9a26cee65109.roa
Signing time:             Sun 16 Nov 2025 00:11:07 +0000
ROA not before:           Sun 16 Nov 2025 00:11:07 +0000
ROA not after:            Sun 21 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        72.44.64.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:06:4c:02:14:6b:45:8f:bd:ea:92:39:b2:ee:08:df:e1:a4:f0:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 16 00:11:07 2025 GMT
            Not After : Dec 21 23:59:59 2025 GMT
        Subject: serialNumber=f81f55289d6624fa83b65d9ff4914442a764013fb4660cd1c894dd70ca4c6c2c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:bc:b2:ad:44:4b:5f:5c:62:48:a3:f5:05:23:
                    9e:c7:f7:fe:87:c3:1f:af:35:07:19:9a:80:ae:24:
                    b5:95:14:f9:13:c5:54:10:94:fe:73:d4:a9:69:51:
                    1d:ae:a4:b3:31:3e:6a:f8:f5:a0:e2:8a:47:56:81:
                    91:5a:b8:69:42:cd:5b:f1:4d:fe:b4:63:e6:c9:60:
                    cc:69:15:8f:27:f3:f7:12:a6:43:bb:75:d4:7d:4e:
                    88:0a:10:8f:5a:df:49:b5:fc:bc:5a:4f:be:ae:78:
                    6e:e2:fc:24:bf:ee:f0:b2:6d:48:1a:55:c8:cf:02:
                    60:1a:82:47:2a:87:5e:28:04:7b:e6:2b:c0:3d:34:
                    1b:ca:70:0d:63:85:24:62:67:df:e5:27:c9:96:39:
                    10:40:2f:86:0d:e0:4e:fa:95:f0:97:82:e5:8b:40:
                    ed:31:60:66:7a:80:0f:1f:f3:da:46:ad:c8:76:56:
                    e4:1c:0f:6f:e6:ba:c1:03:90:8a:dd:47:3f:f1:b0:
                    f6:17:10:2d:72:40:b4:16:20:34:00:fc:13:20:bd:
                    90:df:c9:71:ec:8e:e0:54:50:49:17:be:9f:5c:21:
                    b9:df:81:17:fe:8b:c3:80:7a:92:95:85:8b:68:13:
                    0b:9f:a0:53:37:38:6d:0d:71:ee:d2:45:b9:85:b4:
                    e6:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:69:5E:D5:D1:EA:52:A3:F5:93:54:E1:2E:8C:9A:3B:91:78:1A:83
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bc318b70-5b88-4bf7-8b6c-9a26cee65109.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.44.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a9:e8:2b:ba:e3:ec:10:9c:66:04:14:ea:2b:de:4b:1e:3a:d9:
         b7:32:45:58:ea:d6:64:9a:10:0d:bc:f2:70:18:0c:b3:35:47:
         c7:7c:8f:ff:99:36:3b:84:bb:28:cd:b0:c4:02:84:86:e1:06:
         4e:06:ac:1d:05:25:93:9d:d0:54:18:be:8f:14:ed:a4:81:7e:
         2e:dd:ee:d4:d2:e3:21:b2:b0:19:8b:db:af:18:91:f4:cc:e6:
         2a:31:53:fc:b0:8c:a0:33:6e:e1:85:c5:cc:ee:c2:d0:f4:86:
         a8:25:22:31:b2:2b:8a:e9:2a:64:0b:f1:1e:bb:96:c8:38:1f:
         7f:e6:e8:14:1c:26:fd:a8:0d:cb:c8:9e:c4:b6:00:b8:38:b5:
         3b:fa:3f:c9:6d:5f:4a:f5:b2:72:f7:b4:d9:d6:ef:93:58:66:
         34:14:ab:43:48:71:d3:2f:03:01:70:02:14:41:be:da:53:26:
         de:12:46:0d:f1:8e:2e:58:1c:17:42:ed:80:61:4b:68:34:34:
         8b:6a:a9:6e:c8:ea:19:0c:36:6c:6e:8f:6c:72:10:9b:f6:ca:
         f4:60:25:da:57:f2:89:8b:05:8a:28:15:2b:7a:d8:79:ac:05:
         a6:af:16:5c:b8:a3:04:7a:39:6e:75:3f:f0:8c:35:d3:ca:c9:
         61:6a:9e:19
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdAZMAhRrRY+96pI5su4I3+Gk8NQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE2MDAxMTA3WhcNMjUxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmODFmNTUyODlkNjYyNGZhODNiNjVkOWZmNDkxNDQ0MmE3
NjQwMTNmYjQ2NjBjZDFjODk0ZGQ3MGNhNGM2YzJjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnvLKtREtfXGJIo/UFI57H9/6Hwx+vNQcZmoCuJLWVFPkT
xVQQlP5z1KlpUR2upLMxPmr49aDiikdWgZFauGlCzVvxTf60Y+bJYMxpFY8n8/cS
pkO7ddR9TogKEI9a30m1/LxaT76ueG7i/CS/7vCybUgaVcjPAmAagkcqh14oBHvm
K8A9NBvKcA1jhSRiZ9/lJ8mWORBAL4YN4E76lfCXguWLQO0xYGZ6gA8f89pGrch2
VuQcD2/musEDkIrdRz/xsPYXEC1yQLQWIDQA/BMgvZDfyXHsjuBUUEkXvp9cIbnf
gRf+i8OAepKVhYtoEwufoFM3OG0Nce7SRbmFtOZbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNGle1dHqUqP1k1ThLoyaO5F4GoMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JjMzE4YjcwLTViODgtNGJmNy04YjZjLTlhMjZjZWU2NTEwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARILEAwDQYJKoZIhvcNAQELBQADggEBAKnoK7rj7BCcZgQU6iveSx462bcy
RVjq1mSaEA288nAYDLM1R8d8j/+ZNjuEuyjNsMQChIbhBk4GrB0FJZOd0FQYvo8U
7aSBfi7d7tTS4yGysBmL268YkfTM5ioxU/ywjKAzbuGFxczuwtD0hqglIjGyK4rp
KmQL8R67lsg4H3/m6BQcJv2oDcvInsS2ALg4tTv6P8ltX0r1snL3tNnW75NYZjQU
q0NIcdMvAwFwAhRBvtpTJt4SRg3xji5YHBdC7YBhS2g0NItqqW7I6hkMNmxuj2xy
EJv2yvRgJdpX8omLBYooFSt62HmsBaavFly4owR6OW51P/CMNdPKyWFqnhk=
-----END CERTIFICATE-----