Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d729aa1c-ba17-4368-947b-9641c99e709e.roa
File:                     d729aa1c-ba17-4368-947b-9641c99e709e.roa (raw, json)
Hash identifier:          ANJLQHf9f98JtdCbPT9PHqJeHN8zsMnLPCi29duAb8U=
Subject key identifier:   46:B1:0D:25:A1:91:29:8D:8F:CE:B8:D8:5D:5C:CD:BB:AF:10:56:FB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7191EB65E2A45C9A18BE5FA067E28C85C11885CE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d729aa1c-ba17-4368-947b-9641c99e709e.roa
Signing time:             Tue 23 Sep 2025 16:40:55 +0000
ROA not before:           Tue 23 Sep 2025 16:40:55 +0000
ROA not after:            Tue 28 Oct 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.25.20.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:91:eb:65:e2:a4:5c:9a:18:be:5f:a0:67:e2:8c:85:c1:18:85:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 23 16:40:55 2025 GMT
            Not After : Oct 28 23:59:59 2025 GMT
        Subject: serialNumber=6fd4c7bf834f4a87f06e580447e332413e66ea4c5c5f82f9f9cc10e2cbb64944, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:2c:49:29:0d:d4:f1:01:97:4b:ef:d0:74:93:
                    04:13:76:08:9a:8e:6d:55:ab:ab:42:73:14:b0:45:
                    1f:2a:47:3f:ad:64:71:5e:6f:45:f1:a2:1a:44:c4:
                    75:01:3a:63:29:36:21:da:86:66:81:93:a7:00:16:
                    9b:bd:65:11:c8:96:98:8f:e5:5d:d1:27:a4:7f:36:
                    99:32:a6:54:01:80:ad:a8:00:20:94:da:2b:51:fc:
                    81:1b:ca:6d:85:bc:75:97:c6:e0:bc:76:d0:16:34:
                    80:05:86:78:09:31:1a:c9:25:5b:ae:e0:48:f8:0d:
                    f9:9c:89:72:31:9b:5e:be:60:99:cf:d2:c4:c7:84:
                    a2:1b:d3:d1:68:ad:03:3b:ff:3f:f6:f1:77:fc:f1:
                    29:b7:ae:10:7d:05:7f:27:ec:e8:83:ae:3c:f4:28:
                    58:54:4e:6b:b3:44:bd:13:f6:0e:54:dd:a6:60:6e:
                    bd:00:b1:33:49:d6:3e:0d:5b:42:6d:3b:50:27:d7:
                    d5:2a:36:dc:1a:10:5c:04:d7:17:6d:81:f6:b4:0b:
                    4a:81:a7:c9:72:88:b4:b7:0b:55:6f:07:31:de:66:
                    8f:70:25:6b:4d:b4:75:66:d1:d7:9f:8f:8e:ad:2f:
                    3d:5b:33:05:67:0b:59:d2:2b:d5:dd:96:9e:de:f3:
                    6d:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:B1:0D:25:A1:91:29:8D:8F:CE:B8:D8:5D:5C:CD:BB:AF:10:56:FB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d729aa1c-ba17-4368-947b-9641c99e709e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.25.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:46:83:bf:e8:a5:5e:20:4e:2f:82:d7:39:9e:b5:ca:65:f3:
         d6:a8:1e:1e:11:dd:0f:27:ed:9d:9a:96:a6:3a:7c:71:51:4a:
         be:90:2e:2a:e6:18:90:11:44:15:f0:71:b9:b6:b2:5c:ef:11:
         47:d9:d9:9d:81:55:da:9f:93:ae:09:ea:44:89:d7:a6:30:ce:
         a0:fa:a6:c2:37:6d:4d:7a:a4:82:be:bf:a4:62:0c:60:fe:7d:
         5b:03:f4:28:3a:aa:97:99:56:cb:87:8a:da:0f:b4:70:c5:c9:
         0f:ef:9e:17:8b:ad:c2:cd:79:d5:c1:18:18:ce:e5:be:54:3a:
         f2:e5:79:d6:3b:a8:3d:2b:ee:aa:61:c3:cc:a8:63:ab:36:8d:
         cb:94:b7:29:1b:54:90:4b:ee:4a:4b:c5:63:ed:b2:00:c5:1f:
         d9:c7:1e:df:36:a0:5c:9d:2e:86:4b:1d:2b:87:68:7c:a0:a1:
         4e:78:15:8c:ee:66:2f:dd:28:38:ae:a4:ab:27:dc:4e:d2:0a:
         bb:74:34:55:d0:c8:49:5e:4a:20:15:bd:bc:f0:e4:e6:10:9c:
         20:84:59:7a:e7:fc:58:dd:dc:ec:4d:8e:62:d0:db:8f:04:5e:
         d8:2f:2e:fd:b1:3e:6a:da:21:1f:f3:ea:9a:20:fc:6c:f8:b9:
         29:b3:2d:82
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcZHrZeKkXJoYvl+gZ+KMhcEYhc4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTIzMTY0MDU1WhcNMjUxMDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZmQ0YzdiZjgzNGY0YTg3ZjA2ZTU4MDQ0N2UzMzI0MTNl
NjZlYTRjNWM1ZjgyZjlmOWNjMTBlMmNiYjY0OTQ0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDaLEkpDdTxAZdL79B0kwQTdgiajm1Vq6tCcxSwRR8qRz+t
ZHFeb0XxohpExHUBOmMpNiHahmaBk6cAFpu9ZRHIlpiP5V3RJ6R/NpkyplQBgK2o
ACCU2itR/IEbym2FvHWXxuC8dtAWNIAFhngJMRrJJVuu4Ej4DfmciXIxm16+YJnP
0sTHhKIb09ForQM7/z/28Xf88Sm3rhB9BX8n7OiDrjz0KFhUTmuzRL0T9g5U3aZg
br0AsTNJ1j4NW0JtO1An19UqNtwaEFwE1xdtgfa0C0qBp8lyiLS3C1VvBzHeZo9w
JWtNtHVm0defj46tLz1bMwVnC1nSK9Xdlp7e820NAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURrENJaGRKY2PzrjYXVzNu68QVvswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q3MjlhYTFjLWJhMTctNDM2OC05NDdiLTk2NDFjOTllNzA5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2GRQwDQYJKoZIhvcNAQELBQADggEBAK9Gg7/opV4gTi+C1zmetcpl89ao
Hh4R3Q8n7Z2alqY6fHFRSr6QLirmGJARRBXwcbm2slzvEUfZ2Z2BVdqfk64J6kSJ
16YwzqD6psI3bU16pIK+v6RiDGD+fVsD9Cg6qpeZVsuHitoPtHDFyQ/vnheLrcLN
edXBGBjO5b5UOvLledY7qD0r7qphw8yoY6s2jcuUtykbVJBL7kpLxWPtsgDFH9nH
Ht82oFydLoZLHSuHaHygoU54FYzuZi/dKDiupKsn3E7SCrt0NFXQyEleSiAVvbzw
5OYQnCCEWXrn/Fjd3OxNjmLQ248EXtgvLv2xPmraIR/z6pog/Gz4uSmzLYI=
-----END CERTIFICATE-----