Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e42ca712-62cd-4c87-afcf-7cd35a0bf852.roa
File:                     e42ca712-62cd-4c87-afcf-7cd35a0bf852.roa (raw, json)
Hash identifier:          B4fm76V0SyqW4KwQfk2rTvsXcDmfop5vQH0eEN0xvOA=
Subject key identifier:   9C:39:C1:BC:71:B2:53:AF:5B:C8:76:54:02:78:7B:84:11:04:A0:56
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7EF60D09C56691E27A58BAE4A2DA96A9CF2FD1AA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e42ca712-62cd-4c87-afcf-7cd35a0bf852.roa
Signing time:             Fri 07 Nov 2025 01:00:04 +0000
ROA not before:           Fri 07 Nov 2025 01:00:04 +0000
ROA not after:            Fri 12 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.91.0.0/19 maxlen: 19
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:f6:0d:09:c5:66:91:e2:7a:58:ba:e4:a2:da:96:a9:cf:2f:d1:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  7 01:00:04 2025 GMT
            Not After : Dec 12 23:59:59 2025 GMT
        Subject: serialNumber=cb5ebd8280b9ac023f4bbf8e186fc33b48b21a5813ef624cd16660bb18ede997, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e6:1e:d1:66:2c:5d:2f:00:ba:ef:28:5f:43:
                    b3:7e:4a:62:2f:68:63:ce:44:d7:8d:6e:4f:31:e5:
                    6c:88:f2:0e:74:2c:6a:51:26:60:bd:5c:d6:34:09:
                    24:3f:2a:ce:3f:ab:e0:27:aa:92:dc:c6:4f:6d:a9:
                    32:77:4e:87:3e:11:cf:0d:36:22:fe:99:9f:00:75:
                    97:e7:cc:0d:18:06:27:b1:a1:ab:12:95:ee:c9:d6:
                    28:d3:06:c5:e3:41:36:31:62:59:41:af:ec:48:07:
                    07:3a:e3:8a:6f:43:89:88:0d:9a:04:92:39:e3:4e:
                    98:56:14:8a:9a:b4:ec:86:02:b3:5c:ec:2b:c7:29:
                    45:e9:ea:12:c0:79:8c:c3:f3:85:e0:09:6d:0e:68:
                    84:c1:10:cb:f6:0b:e3:94:7a:2e:12:5f:00:86:58:
                    13:8b:c5:64:b3:93:f4:2b:fd:39:39:bb:cc:d6:01:
                    0b:e0:40:de:83:63:ae:f7:b5:3a:08:06:55:b1:99:
                    78:33:4b:d6:27:f1:ee:86:61:6b:17:aa:2b:ca:0f:
                    2b:1c:dd:a8:24:0d:26:61:2c:db:ff:87:94:50:66:
                    59:61:aa:9a:8d:42:6a:bf:a9:25:0b:13:6d:4e:91:
                    80:cc:77:02:44:06:c1:a0:58:93:c7:0a:bc:22:90:
                    01:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:39:C1:BC:71:B2:53:AF:5B:C8:76:54:02:78:7B:84:11:04:A0:56
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e42ca712-62cd-4c87-afcf-7cd35a0bf852.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.91.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         c3:b0:52:8c:08:5f:6f:3a:35:15:5f:86:84:5f:30:39:e8:bd:
         48:a2:9a:37:de:41:25:20:84:6b:bf:20:18:ba:44:f2:6b:cb:
         91:0f:31:cb:9f:15:ee:fa:44:88:da:94:74:21:5b:50:c3:a3:
         01:f4:c7:40:6d:a7:6c:c3:65:b8:58:a1:b6:85:5d:10:33:5c:
         18:da:31:27:ef:f4:81:64:18:15:0f:51:0b:d2:17:8e:24:28:
         1b:5b:45:74:8e:13:39:97:85:94:13:57:5f:55:e7:d3:bb:5c:
         03:e9:ec:7d:a6:10:e0:48:75:a3:fa:13:c4:2d:3b:5f:e0:74:
         df:f3:3f:46:9b:09:72:8f:40:8e:08:48:af:63:c7:5d:2c:39:
         0e:af:b6:fe:1f:29:94:5f:6c:01:5b:f7:50:c8:6f:38:7a:78:
         61:00:3a:04:3b:19:96:f4:1c:8a:cc:70:9a:90:60:6f:d6:81:
         b1:d2:34:b1:7c:17:27:2a:ed:5c:54:11:a0:8e:c0:ff:ef:3c:
         3a:9e:6b:3e:03:86:04:6f:6c:0f:b0:61:9d:f8:b0:cb:ca:2a:
         15:71:a1:4d:f3:1f:39:4f:28:55:ec:45:dd:13:d8:87:24:bc:
         1c:d5:14:ba:33:30:a2:96:34:99:df:15:e2:e2:2f:77:cc:ca:
         e8:b3:26:d5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfvYNCcVmkeJ6WLrkotqWqc8v0aowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA3MDEwMDA0WhcNMjUxMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BjYjVlYmQ4MjgwYjlhYzAyM2Y0YmJmOGUxODZmYzMzYjQ4
YjIxYTU4MTNlZjYyNGNkMTY2NjBiYjE4ZWRlOTk3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCv5h7RZixdLwC67yhfQ7N+SmIvaGPORNeNbk8x5WyI8g50
LGpRJmC9XNY0CSQ/Ks4/q+AnqpLcxk9tqTJ3Toc+Ec8NNiL+mZ8AdZfnzA0YBiex
oasSle7J1ijTBsXjQTYxYllBr+xIBwc644pvQ4mIDZoEkjnjTphWFIqatOyGArNc
7CvHKUXp6hLAeYzD84XgCW0OaITBEMv2C+OUei4SXwCGWBOLxWSzk/Qr/Tk5u8zW
AQvgQN6DY673tToIBlWxmXgzS9Yn8e6GYWsXqivKDysc3agkDSZhLNv/h5RQZllh
qpqNQmq/qSULE21OkYDMdwJEBsGgWJPHCrwikAFRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnDnBvHGyU69byHZUAnh7hBEEoFYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U0MmNhNzEyLTYyY2QtNGM4Ny1hZmNmLTdjZDM1YTBiZjg1Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAUXWwAwDQYJKoZIhvcNAQELBQADggEBAMOwUowIX286NRVfhoRfMDnovUii
mjfeQSUghGu/IBi6RPJry5EPMcufFe76RIjalHQhW1DDowH0x0Btp2zDZbhYobaF
XRAzXBjaMSfv9IFkGBUPUQvSF44kKBtbRXSOEzmXhZQTV19V59O7XAPp7H2mEOBI
daP6E8QtO1/gdN/zP0abCXKPQI4ISK9jx10sOQ6vtv4fKZRfbAFb91DIbzh6eGEA
OgQ7GZb0HIrMcJqQYG/WgbHSNLF8Fycq7VxUEaCOwP/vPDqeaz4DhgRvbA+wYZ34
sMvKKhVxoU3zHzlPKFXsRd0T2IckvBzVFLozMKKWNJnfFeLiL3fMyuizJtU=
-----END CERTIFICATE-----