Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e9170a2b-7253-4011-a88f-b01d6a0bd1b1.roa
File:                     e9170a2b-7253-4011-a88f-b01d6a0bd1b1.roa (raw, json)
Hash identifier:          TR3q2tmW0xKAyxN0/cZHc2jyuBpS9C2YhIZzk99O+14=
Subject key identifier:   78:C8:B1:96:5B:E6:F1:8C:EA:03:4A:C0:BC:47:A4:A7:81:A4:59:03
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       607ED2D62D36AF39A83FDD07FBCF8E7E5AC09FFF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e9170a2b-7253-4011-a88f-b01d6a0bd1b1.roa
Signing time:             Fri 07 Nov 2025 00:50:04 +0000
ROA not before:           Fri 07 Nov 2025 00:50:04 +0000
ROA not after:            Fri 12 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.91.1.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:7e:d2:d6:2d:36:af:39:a8:3f:dd:07:fb:cf:8e:7e:5a:c0:9f:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  7 00:50:04 2025 GMT
            Not After : Dec 12 23:59:59 2025 GMT
        Subject: serialNumber=46cf19b8133e6f8d477698c3d4f528e4e8d85aac9db91dae625aeb7cbedf4f05, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:55:73:53:c5:c1:49:2c:e4:1a:e8:68:7e:00:
                    f4:6b:4f:81:b5:30:ea:e3:9e:24:cf:8a:3c:b5:0c:
                    b1:fd:97:81:31:8a:a8:bf:b9:10:12:03:61:83:48:
                    38:f6:54:e6:cd:53:48:9f:02:af:90:f1:bf:8f:b7:
                    42:a5:6a:f5:1e:88:c7:b7:2f:20:d0:45:10:c8:86:
                    82:26:4c:bb:85:05:b0:3d:03:06:94:e8:ce:2f:da:
                    06:02:6d:0d:78:55:3b:a9:5b:30:45:70:c1:df:29:
                    6b:7a:2c:58:75:63:fb:11:a2:13:87:17:32:c8:92:
                    aa:11:96:6f:2f:46:d9:29:e7:61:3b:f3:62:fb:55:
                    55:e5:8d:9e:06:5d:1f:96:d0:76:f8:36:8b:dd:db:
                    5a:71:c6:0e:06:81:89:0c:b3:aa:05:c8:f3:19:c7:
                    b8:46:7f:81:76:13:98:2d:67:72:11:b9:98:02:58:
                    11:03:1c:f8:41:ae:19:f5:e2:f6:1f:ec:2a:eb:a4:
                    bf:82:28:eb:0f:0e:2b:af:62:8d:c8:47:1d:4f:51:
                    0d:0a:27:64:3c:ac:5f:79:ab:e0:01:7a:31:71:78:
                    ff:6d:9a:47:fc:a8:34:20:d5:8a:e1:d2:3f:42:da:
                    fd:cc:5a:ec:b2:00:ca:9f:d9:1b:ee:6e:65:85:74:
                    b0:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:C8:B1:96:5B:E6:F1:8C:EA:03:4A:C0:BC:47:A4:A7:81:A4:59:03
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e9170a2b-7253-4011-a88f-b01d6a0bd1b1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.91.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:ee:95:ef:1e:b9:c2:cc:e8:51:50:1c:8f:4a:11:9b:7c:c2:
         72:e3:97:90:92:70:5a:68:c3:c1:65:5c:94:30:a4:4d:92:d9:
         cf:97:2f:3e:71:a3:bc:04:b2:e0:de:22:34:20:e2:97:c5:8c:
         2f:da:5b:00:2f:d8:fe:7e:a3:f3:05:80:8c:f1:5f:0a:74:e2:
         45:cd:69:36:ba:ca:00:da:08:20:a9:d3:72:ab:ed:7d:e3:ed:
         b6:c8:c4:62:d4:27:d6:11:29:47:30:87:24:dd:03:ca:26:7c:
         9a:5a:3c:f1:de:84:a9:de:1a:6a:bf:39:07:e5:2b:35:04:87:
         bb:d9:70:8e:9f:90:9f:b5:dc:47:28:78:a9:7b:cc:59:1a:7a:
         1e:f3:0a:a2:27:23:ca:87:4a:80:60:cb:f8:61:6a:46:bd:ca:
         8c:1a:0a:ce:b1:d7:47:70:5b:2d:67:a4:aa:0d:e2:a0:85:3f:
         ee:9e:88:a4:25:10:bb:99:3b:80:47:c9:9a:74:9f:19:c2:e4:
         2b:8d:b0:ff:d4:8c:be:98:76:57:0c:dc:94:b1:ce:56:66:ed:
         a3:12:ca:1d:68:d7:bc:b0:a8:c7:a9:3d:98:c3:4e:14:cc:cb:
         5f:0c:2d:66:95:f4:1e:d3:be:87:71:9c:57:3e:18:ac:07:2a:
         4b:d4:31:8f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYH7S1i02rzmoP90H+8+OflrAn/8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA3MDA1MDA0WhcNMjUxMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NmNmMTliODEzM2U2ZjhkNDc3Njk4YzNkNGY1MjhlNGU4
ZDg1YWFjOWRiOTFkYWU2MjVhZWI3Y2JlZGY0ZjA1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkVXNTxcFJLOQa6Gh+APRrT4G1MOrjniTPijy1DLH9l4Ex
iqi/uRASA2GDSDj2VObNU0ifAq+Q8b+Pt0KlavUeiMe3LyDQRRDIhoImTLuFBbA9
AwaU6M4v2gYCbQ14VTupWzBFcMHfKWt6LFh1Y/sRohOHFzLIkqoRlm8vRtkp52E7
82L7VVXljZ4GXR+W0Hb4Novd21pxxg4GgYkMs6oFyPMZx7hGf4F2E5gtZ3IRuZgC
WBEDHPhBrhn14vYf7CrrpL+CKOsPDiuvYo3IRx1PUQ0KJ2Q8rF95q+ABejFxeP9t
mkf8qDQg1Yrh0j9C2v3MWuyyAMqf2RvubmWFdLD3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeMixllvm8YzqA0rAvEekp4GkWQMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U5MTcwYTJiLTcyNTMtNDAxMS1hODhmLWIwMWQ2YTBiZDFiMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAXWwEwDQYJKoZIhvcNAQELBQADggEBAJLule8eucLM6FFQHI9KEZt8wnLj
l5CScFpow8FlXJQwpE2S2c+XLz5xo7wEsuDeIjQg4pfFjC/aWwAv2P5+o/MFgIzx
Xwp04kXNaTa6ygDaCCCp03Kr7X3j7bbIxGLUJ9YRKUcwhyTdA8omfJpaPPHehKne
Gmq/OQflKzUEh7vZcI6fkJ+13EcoeKl7zFkaeh7zCqInI8qHSoBgy/hhaka9yowa
Cs6x10dwWy1npKoN4qCFP+6eiKQlELuZO4BHyZp0nxnC5CuNsP/UjL6YdlcM3JSx
zlZm7aMSyh1o17ywqMepPZjDThTMy18MLWaV9B7TvodxnFc+GKwHKkvUMY8=
-----END CERTIFICATE-----