Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e261c24b-13a0-4019-b3b3-0562e86aea2f.roa
File:                     e261c24b-13a0-4019-b3b3-0562e86aea2f.roa (raw, json)
Hash identifier:          UFgRnL3mRAVGsfmEf9XYiNzP7uA1Q/1uB9XyMcM0Wn8=
Subject key identifier:   22:4F:FE:41:44:93:2D:2A:C1:2B:B1:5F:1A:C3:4A:0A:81:D6:95:24
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       68D3C78C402AA0C546383412F2F5DB40ECF1C698
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e261c24b-13a0-4019-b3b3-0562e86aea2f.roa
Signing time:             Sun 16 Nov 2025 00:01:05 +0000
ROA not before:           Sun 16 Nov 2025 00:01:05 +0000
ROA not after:            Sun 21 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        68.223.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:d3:c7:8c:40:2a:a0:c5:46:38:34:12:f2:f5:db:40:ec:f1:c6:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 16 00:01:05 2025 GMT
            Not After : Dec 21 23:59:59 2025 GMT
        Subject: serialNumber=3bac48a6be285c5252e172b492b1e7772e1a6158e792bec04de24353b8d23ceb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:90:ce:f2:07:30:be:59:98:8f:b9:6c:ce:19:
                    3f:9e:50:aa:ee:de:5a:ae:de:d8:7e:c6:e4:78:22:
                    50:7c:ad:4e:99:0a:8f:db:40:ff:ea:28:3e:7e:50:
                    f3:b8:a8:50:4b:d9:8a:c9:b1:fd:a7:0c:75:66:a9:
                    d9:b3:20:21:fb:3d:38:fd:89:36:9a:48:51:41:ca:
                    ae:4c:33:29:72:bf:67:ab:64:76:e4:7c:9c:99:48:
                    0d:8e:87:a0:dc:83:2c:59:2b:67:fc:ea:5e:53:10:
                    89:59:e1:ad:e1:8d:24:bd:4f:06:53:54:5e:d1:22:
                    25:40:9f:3d:4f:63:89:e5:23:85:23:c8:bd:c9:a5:
                    0a:b3:8b:68:ec:d2:d1:29:8e:05:dd:0f:20:b2:69:
                    73:c7:5a:75:ae:eb:50:4e:9a:24:3d:de:cb:c6:a2:
                    0f:46:81:27:05:27:fd:c5:2b:c3:5b:c6:0a:65:46:
                    83:40:d3:32:f4:78:f1:dc:f9:01:29:2c:17:06:11:
                    f5:d2:fb:d4:7f:01:db:7b:ba:45:a2:e0:28:0f:fb:
                    8f:3a:06:d7:98:21:9e:9d:a7:94:20:ac:8f:9a:b7:
                    5f:f3:b3:a0:83:c6:56:00:d7:18:ac:ea:d5:fc:f5:
                    01:d6:74:e1:bb:31:58:3d:99:c6:66:0e:a5:8b:75:
                    4b:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:4F:FE:41:44:93:2D:2A:C1:2B:B1:5F:1A:C3:4A:0A:81:D6:95:24
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e261c24b-13a0-4019-b3b3-0562e86aea2f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  68.223.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b4:94:1c:86:d7:d4:06:cb:40:1f:dc:94:ee:bb:e1:fc:40:97:
         4f:44:bb:25:69:53:4f:6b:7b:61:30:d9:3d:01:5b:36:7e:ea:
         15:6b:d8:69:9d:86:1c:95:29:af:fa:f0:3b:ea:31:40:30:db:
         35:24:d9:8c:47:33:8c:73:ac:63:3c:af:2f:ca:e2:90:25:b2:
         b3:c8:96:f3:94:67:0b:af:44:01:24:f0:47:5d:0b:62:a5:24:
         d7:a2:e2:86:9a:a5:4b:f0:59:19:4b:77:00:cf:b8:c5:3d:fa:
         25:20:23:57:fd:07:d1:7b:76:6a:59:a9:3f:0d:f2:6f:80:fa:
         57:b2:71:c8:ab:75:d7:13:b1:b0:5e:57:8d:d8:35:d5:0d:a1:
         dc:31:1d:a3:2b:cf:e8:1b:65:94:c1:53:9a:67:9d:29:4b:a9:
         5b:f4:e0:90:ed:08:a9:97:a0:01:10:32:b1:87:96:5a:08:89:
         12:9d:28:15:48:51:d6:0a:dd:ce:19:e0:3e:98:8b:63:b3:9f:
         ed:90:6a:6a:42:c1:b6:54:a4:e8:d9:df:db:c5:87:d8:28:ef:
         ff:bf:a0:1f:6a:47:f2:b9:78:ff:fd:6a:ae:c8:37:ac:18:a1:
         50:a8:a2:ab:ab:9b:29:5b:2d:5e:8e:fc:1a:42:29:05:db:95:
         3d:89:c6:41
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUaNPHjEAqoMVGODQS8vXbQOzxxpgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE2MDAwMTA1WhcNMjUxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYmFjNDhhNmJlMjg1YzUyNTJlMTcyYjQ5MmIxZTc3NzJl
MWE2MTU4ZTc5MmJlYzA0ZGUyNDM1M2I4ZDIzY2ViMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5kM7yBzC+WZiPuWzOGT+eUKru3lqu3th+xuR4IlB8rU6Z
Co/bQP/qKD5+UPO4qFBL2YrJsf2nDHVmqdmzICH7PTj9iTaaSFFByq5MMylyv2er
ZHbkfJyZSA2Oh6DcgyxZK2f86l5TEIlZ4a3hjSS9TwZTVF7RIiVAnz1PY4nlI4Uj
yL3JpQqzi2js0tEpjgXdDyCyaXPHWnWu61BOmiQ93svGog9GgScFJ/3FK8Nbxgpl
RoNA0zL0ePHc+QEpLBcGEfXS+9R/Adt7ukWi4CgP+486BteYIZ6dp5QgrI+at1/z
s6CDxlYA1xis6tX89QHWdOG7MVg9mcZmDqWLdUu/AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUIk/+QUSTLSrBK7FfGsNKCoHWlSQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UyNjFjMjRiLTEzYTAtNDAxOS1iM2IzLTA1NjJlODZhZWEyZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBE3zANBgkqhkiG9w0BAQsFAAOCAQEAtJQchtfUBstAH9yU7rvh/ECXT0S7
JWlTT2t7YTDZPQFbNn7qFWvYaZ2GHJUpr/rwO+oxQDDbNSTZjEczjHOsYzyvL8ri
kCWys8iW85RnC69EASTwR10LYqUk16LihpqlS/BZGUt3AM+4xT36JSAjV/0H0Xt2
almpPw3yb4D6V7JxyKt11xOxsF5Xjdg11Q2h3DEdoyvP6BtllMFTmmedKUupW/Tg
kO0IqZegARAysYeWWgiJEp0oFUhR1grdzhngPpiLY7Of7ZBqakLBtlSk6Nnf28WH
2Cjv/7+gH2pH8rl4//1qrsg3rBihUKiiq6ubKVstXo78GkIpBduVPYnGQQ==
-----END CERTIFICATE-----