Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/20cff8ef-58d4-41ca-b3a8-a17cb6933ce0.roa
File:                     20cff8ef-58d4-41ca-b3a8-a17cb6933ce0.roa (raw, json)
Hash identifier:          X3HFJID1kFEypt0BUZ35g7Rjij+TD8f5Fw1kqb0dUkk=
Subject key identifier:   DE:BB:3E:AF:11:47:2F:03:99:AA:54:9E:CF:78:C8:B9:55:7C:1E:69
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       23C2511D8C5514F3DB9990684E3CC844A42DB9AC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/20cff8ef-58d4-41ca-b3a8-a17cb6933ce0.roa
Signing time:             Tue 28 Oct 2025 01:01:54 +0000
ROA not before:           Tue 28 Oct 2025 01:01:54 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.104.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:c2:51:1d:8c:55:14:f3:db:99:90:68:4e:3c:c8:44:a4:2d:b9:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 01:01:54 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=fe6680aad6ce344d095b1b2a2691e63bec93fe4a1861bd1315815e57f93a8642, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:06:a0:62:1e:a4:17:a8:cc:6d:b0:80:59:95:
                    b7:2b:80:d7:b2:c1:ff:c4:6a:9e:91:67:f5:56:e8:
                    4c:ca:b1:e0:8d:ce:46:0e:54:18:35:8d:ec:a3:a9:
                    0b:5b:19:7a:e2:c2:7e:34:56:5d:d4:cc:9b:39:d3:
                    d1:2a:3a:45:40:8d:fe:a8:11:4b:ef:eb:dc:38:18:
                    87:c9:82:71:25:c0:e5:ed:fc:18:54:85:3b:33:bc:
                    2b:5e:52:f7:43:27:07:e6:62:c8:f0:61:07:70:f0:
                    cd:45:68:81:75:2a:aa:c6:67:5b:c2:d3:23:22:a4:
                    9f:b7:f4:65:bd:a2:57:b9:76:90:b0:1d:01:57:3c:
                    ef:7e:64:3d:aa:ed:80:a5:ca:56:b5:74:13:c4:5f:
                    4a:18:da:21:54:d5:f4:4a:e9:75:cf:f3:7b:5a:a5:
                    4f:5a:90:c5:c2:df:02:9d:31:24:ed:a0:76:1b:af:
                    68:b3:fc:d8:2c:48:49:77:a9:34:2a:40:c9:e1:47:
                    6b:33:a6:20:ed:6e:dd:c7:19:3d:2a:63:f2:8f:ce:
                    bb:e5:11:d3:b1:77:a9:84:e9:7f:9d:4a:6a:81:07:
                    7b:53:e4:85:f0:57:51:b6:ed:ba:dd:cb:39:38:48:
                    81:93:0c:e1:13:16:18:37:e6:ac:cd:4a:f4:01:22:
                    f3:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:BB:3E:AF:11:47:2F:03:99:AA:54:9E:CF:78:C8:B9:55:7C:1E:69
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/20cff8ef-58d4-41ca-b3a8-a17cb6933ce0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:43:12:83:83:3b:b2:6a:b6:42:d2:ad:55:b7:06:3a:56:83:
         91:6a:a5:9f:60:91:45:5a:14:29:f6:86:3f:7c:64:3e:5c:fc:
         01:98:05:b8:d6:73:02:32:86:0c:c4:47:9e:12:5f:bc:c8:2f:
         03:85:b8:41:76:32:3c:9a:c7:1c:cc:bc:db:25:66:78:e4:e9:
         94:57:f6:da:c9:d1:77:c3:30:62:02:1b:ea:8a:49:15:00:a0:
         72:e2:c6:ca:7e:e3:6a:49:e3:cf:83:83:35:89:c1:ac:69:a4:
         cc:96:69:ab:c9:37:d0:06:17:e4:77:9f:16:e9:9a:f2:97:55:
         f8:f2:12:17:34:cc:62:ad:14:7a:b9:4d:28:db:25:5b:4a:97:
         c4:88:48:5a:27:12:b8:d3:36:15:6e:d8:ab:39:0c:b9:1e:a1:
         cf:82:06:11:31:b8:b6:2d:dc:76:bb:f3:86:f5:34:3f:51:b4:
         f6:8c:84:60:a9:2b:7b:7a:7c:a9:39:e7:49:d2:b6:ec:5b:f5:
         bc:d7:d7:76:97:a6:ad:f8:63:54:7b:30:00:9a:7d:ea:b5:45:
         90:7c:4b:29:84:77:03:38:6a:2d:90:97:2d:e2:62:d2:70:0c:
         7a:23:9c:7e:3c:89:ae:16:1c:4f:43:cb:cd:4d:8f:b9:0e:9f:
         a7:e9:04:87
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUI8JRHYxVFPPbmZBoTjzIRKQtuawwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDEwMTU0WhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BmZTY2ODBhYWQ2Y2UzNDRkMDk1YjFiMmEyNjkxZTYzYmVj
OTNmZTRhMTg2MWJkMTMxNTgxNWU1N2Y5M2E4NjQyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbBqBiHqQXqMxtsIBZlbcrgNeywf/Eap6RZ/VW6EzKseCN
zkYOVBg1jeyjqQtbGXriwn40Vl3UzJs509EqOkVAjf6oEUvv69w4GIfJgnElwOXt
/BhUhTszvCteUvdDJwfmYsjwYQdw8M1FaIF1KqrGZ1vC0yMipJ+39GW9ole5dpCw
HQFXPO9+ZD2q7YClyla1dBPEX0oY2iFU1fRK6XXP83tapU9akMXC3wKdMSTtoHYb
r2iz/NgsSEl3qTQqQMnhR2szpiDtbt3HGT0qY/KPzrvlEdOxd6mE6X+dSmqBB3tT
5IXwV1G27brdyzk4SIGTDOETFhg35qzNSvQBIvO9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3rs+rxFHLwOZqlSez3jIuVV8HmkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIwY2ZmOGVmLTU4ZDQtNDFjYS1iM2E4LWExN2NiNjkzM2NlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/GgwDQYJKoZIhvcNAQELBQADggEBAChDEoODO7JqtkLSrVW3BjpWg5Fq
pZ9gkUVaFCn2hj98ZD5c/AGYBbjWcwIyhgzER54SX7zILwOFuEF2MjyaxxzMvNsl
Znjk6ZRX9trJ0XfDMGICG+qKSRUAoHLixsp+42pJ48+DgzWJwaxppMyWaavJN9AG
F+R3nxbpmvKXVfjyEhc0zGKtFHq5TSjbJVtKl8SISFonErjTNhVu2Ks5DLkeoc+C
BhExuLYt3Ha784b1ND9RtPaMhGCpK3t6fKk550nStuxb9bzX13aXpq34Y1R7MACa
feq1RZB8SymEdwM4ai2Qly3iYtJwDHojnH48ia4WHE9Dy81Nj7kOn6fpBIc=
-----END CERTIFICATE-----