Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6f85961-ca25-49f8-acb4-411306bae795.roa
File:                     d6f85961-ca25-49f8-acb4-411306bae795.roa (raw, json)
Hash identifier:          2p3/Ijw5FTNTKnIuN/M+7OYSCbJnZxnWgPlEnrfpirs=
Subject key identifier:   69:D9:EB:49:EF:B1:4E:8F:D6:5D:8E:BE:F3:5C:E0:11:6C:C5:95:85
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3BB12072871377394FC75D63D56E5500584F2474
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6f85961-ca25-49f8-acb4-411306bae795.roa
Signing time:             Tue 18 Nov 2025 00:10:04 +0000
ROA not before:           Tue 18 Nov 2025 00:10:04 +0000
ROA not after:            Mon 16 Feb 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        65.9.176.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:b1:20:72:87:13:77:39:4f:c7:5d:63:d5:6e:55:00:58:4f:24:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 18 00:10:04 2025 GMT
            Not After : Feb 16 23:59:59 2026 GMT
        Subject: serialNumber=94782aa6cef6d3870591d563b839e6962658aca3cc116afb99ddb840f32644b0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fd:b1:1f:fd:7d:f7:51:91:7a:63:c6:63:bb:ec:
                    35:01:22:88:60:b4:40:14:4c:78:bf:a7:02:25:ae:
                    bb:51:21:48:72:53:58:53:d2:1b:bf:9c:45:e8:0e:
                    6a:8c:94:3d:11:78:50:c7:4c:e3:4e:9c:eb:35:15:
                    c5:1e:55:5e:cf:03:83:8c:40:e3:d7:ad:e6:e0:aa:
                    22:2d:11:bc:05:ff:93:62:96:45:f7:90:6b:8f:6d:
                    53:89:6e:6f:aa:ee:34:22:a0:01:f1:bb:51:20:40:
                    79:bd:3c:ac:50:f1:dc:7a:91:ef:61:67:e2:22:36:
                    80:8b:14:99:41:db:ea:a6:96:0f:0e:db:fa:9b:41:
                    9e:9e:11:b1:e9:58:cf:79:36:25:a1:54:f2:4e:bd:
                    37:bc:79:69:ee:7d:da:74:49:b3:f4:fe:49:b5:a8:
                    29:a3:fd:ed:19:cb:d3:03:86:c5:14:a4:8c:1a:7d:
                    62:5d:07:c0:0c:d1:80:0e:f1:f8:a8:ab:d6:bb:ca:
                    80:9a:1a:85:43:e8:38:e1:0f:f3:87:a9:81:87:93:
                    8f:e5:ba:f2:1c:b5:cd:90:f1:81:e4:b3:2c:99:76:
                    e8:89:7b:bb:ef:c4:af:de:f0:b5:c2:da:95:af:79:
                    7e:a1:5f:46:d2:5b:63:4a:27:4e:f8:ea:e8:3b:c4:
                    c7:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:D9:EB:49:EF:B1:4E:8F:D6:5D:8E:BE:F3:5C:E0:11:6C:C5:95:85
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6f85961-ca25-49f8-acb4-411306bae795.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.9.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         36:1e:46:a0:ae:37:99:99:7d:a7:25:11:a0:e1:e2:68:ed:57:
         13:57:dc:64:b1:96:1d:c5:1d:5f:69:21:46:22:b7:d1:10:c6:
         7f:b4:ae:2c:50:b8:b3:17:2a:ff:13:36:8c:f4:a1:07:40:32:
         b9:5d:64:85:92:e8:f0:a9:d5:81:ae:db:b5:0f:cd:25:47:90:
         36:e8:51:0a:5d:0b:1f:9e:0c:6b:2f:aa:ab:4d:84:c3:72:b4:
         ca:8b:3c:b1:01:3b:65:cd:57:b9:20:57:c9:70:dc:0a:ba:3c:
         3f:7e:ae:80:17:0c:f5:9f:31:65:21:a0:2b:ea:27:51:23:25:
         b3:4a:fe:3d:bd:15:39:11:09:b3:68:1e:d5:b9:7f:5e:51:f4:
         63:fe:88:b5:b3:3e:89:f4:9a:27:73:fb:a1:bb:cd:c4:ad:76:
         91:0c:81:f8:e1:e5:97:d0:91:30:03:2b:45:03:5a:51:b4:ea:
         68:15:7e:1c:8a:aa:b9:80:9e:12:58:81:ac:53:7f:39:d0:65:
         03:04:91:ac:da:32:e5:8a:42:63:92:6a:61:85:be:11:b6:c6:
         ed:66:2f:4a:5b:2a:b7:12:ee:f0:82:f5:02:30:cc:27:6d:be:
         1d:83:61:ea:41:d4:0c:82:a3:96:f2:8c:5c:9e:c0:84:5c:91:
         4f:d9:c5:f7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUO7EgcocTdzlPx11j1W5VAFhPJHQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE4MDAxMDA0WhcNMjYwMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NDc4MmFhNmNlZjZkMzg3MDU5MWQ1NjNiODM5ZTY5NjI2
NThhY2EzY2MxMTZhZmI5OWRkYjg0MGYzMjY0NGIwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD9sR/9ffdRkXpjxmO77DUBIohgtEAUTHi/pwIlrrtRIUhy
U1hT0hu/nEXoDmqMlD0ReFDHTONOnOs1FcUeVV7PA4OMQOPXrebgqiItEbwF/5Ni
lkX3kGuPbVOJbm+q7jQioAHxu1EgQHm9PKxQ8dx6ke9hZ+IiNoCLFJlB2+qmlg8O
2/qbQZ6eEbHpWM95NiWhVPJOvTe8eWnufdp0SbP0/km1qCmj/e0Zy9MDhsUUpIwa
fWJdB8AM0YAO8fioq9a7yoCaGoVD6DjhD/OHqYGHk4/luvIctc2Q8YHksyyZduiJ
e7vvxK/e8LXC2pWveX6hX0bSW2NKJ0746ug7xMfXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUadnrSe+xTo/WXY6+81zgEWzFlYUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q2Zjg1OTYxLWNhMjUtNDlmOC1hY2I0LTQxMTMwNmJhZTc5NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANBCbAwDQYJKoZIhvcNAQELBQADggEBADYeRqCuN5mZfaclEaDh4mjtVxNX
3GSxlh3FHV9pIUYit9EQxn+0rixQuLMXKv8TNoz0oQdAMrldZIWS6PCp1YGu27UP
zSVHkDboUQpdCx+eDGsvqqtNhMNytMqLPLEBO2XNV7kgV8lw3Aq6PD9+roAXDPWf
MWUhoCvqJ1EjJbNK/j29FTkRCbNoHtW5f15R9GP+iLWzPon0midz+6G7zcStdpEM
gfjh5ZfQkTADK0UDWlG06mgVfhyKqrmAnhJYgaxTfznQZQMEkazaMuWKQmOSamGF
vhG2xu1mL0pbKrcS7vCC9QIwzCdtvh2DYepB1AyCo5byjFyewIRckU/Zxfc=
-----END CERTIFICATE-----