Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4d24938e-ac5b-41c3-8585-e373d43da0ee.roa
File:                     4d24938e-ac5b-41c3-8585-e373d43da0ee.roa (raw, json)
Hash identifier:          GT5QzrGSHknlQvtdwotUM4BLYXH5yi9aoocaesdRjgY=
Subject key identifier:   DF:1E:88:1D:77:21:4E:B5:DB:07:B1:E2:1D:DD:8D:3B:A4:5A:57:D1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4748EC0128D774B44ECB9B9891B30DC691C3B6E2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4d24938e-ac5b-41c3-8585-e373d43da0ee.roa
Signing time:             Tue 14 Oct 2025 17:11:20 +0000
ROA not before:           Tue 14 Oct 2025 17:11:20 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        70.132.1.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:48:ec:01:28:d7:74:b4:4e:cb:9b:98:91:b3:0d:c6:91:c3:b6:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 17:11:20 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=fe8223f38d3d26e867a19872016a53623ba1b3bb2ac7599a8072e8cec74e8a73, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b3:7d:8d:ba:42:6e:f2:81:95:b0:1e:c5:9e:
                    f2:70:11:89:ac:d8:5b:51:07:fa:f2:77:2f:8f:5b:
                    6b:57:81:4b:15:80:bc:3e:94:41:08:79:b2:30:56:
                    69:29:eb:a1:f5:9e:b0:45:b2:c6:da:a2:c8:58:7f:
                    8a:1a:d3:ba:04:f3:f7:ef:a3:1d:8c:92:bb:67:d5:
                    98:91:64:7e:b1:dd:ae:a1:17:3a:f1:7f:ee:d0:bb:
                    bd:64:0e:1a:d4:99:fb:13:f5:86:50:8a:19:a8:19:
                    e5:6a:90:a7:77:56:0d:6c:49:3f:b1:5e:93:59:8a:
                    56:fb:36:ea:b6:98:93:65:58:df:d1:39:ec:7e:86:
                    47:ff:c6:3f:65:cb:b9:27:25:55:c3:eb:50:6f:c0:
                    aa:14:8e:f0:fb:8c:bf:1d:6e:fe:36:5e:d6:86:04:
                    bc:de:eb:60:01:d4:c2:c1:be:a1:e0:22:8b:4b:59:
                    be:72:d8:f8:0b:3a:d8:0d:65:67:71:60:64:d1:0e:
                    25:5d:38:ea:27:02:99:c1:71:bf:b8:52:26:cd:48:
                    27:2a:b0:f4:7a:5e:3d:8e:15:46:2d:67:a7:a0:db:
                    b3:b3:9f:7e:30:99:f4:ab:99:8c:14:b8:ab:2a:f8:
                    02:03:6d:98:a4:3b:8c:62:f6:6b:55:1f:21:71:44:
                    89:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:1E:88:1D:77:21:4E:B5:DB:07:B1:E2:1D:DD:8D:3B:A4:5A:57:D1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4d24938e-ac5b-41c3-8585-e373d43da0ee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  70.132.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:dd:00:04:a8:a9:6e:02:a9:7d:e1:73:41:33:b9:4b:81:d7:
         31:f3:21:46:33:ad:6f:d6:cf:ad:a2:06:9e:bf:27:32:1c:49:
         82:18:81:69:be:c0:3c:fd:e7:13:26:cf:26:0c:d4:b9:da:9a:
         7c:6c:97:70:ef:4c:db:bf:88:5a:c4:8a:57:09:66:bd:b6:e4:
         60:8a:52:59:72:15:5e:ce:db:cb:3c:ef:8b:76:fb:49:87:b1:
         c4:54:58:5d:98:43:4f:47:f0:99:06:90:e8:80:70:4e:09:8a:
         66:d6:88:24:b9:23:55:09:c0:53:db:76:42:76:ff:30:99:43:
         9a:c9:a2:0f:81:64:d6:1b:14:b7:38:81:a1:2e:05:70:d8:d8:
         45:77:83:8e:11:b2:fd:96:8a:39:57:ed:58:40:05:ae:2d:a7:
         a2:6c:f4:07:a5:73:a6:ef:00:b8:74:46:30:8c:9e:40:1c:8b:
         fc:24:a1:cf:cd:09:2f:24:65:d4:36:55:93:8f:1b:37:77:e0:
         58:db:b9:16:cc:a8:a0:d9:fd:84:ca:63:b1:07:8b:ec:72:ad:
         dd:51:a7:56:fd:b8:fa:f9:89:80:ac:d8:0a:17:c7:a5:e4:55:
         51:b8:9f:a1:1d:85:05:c2:62:e4:b4:85:5e:fe:c9:8f:06:a3:
         1f:2d:d9:f6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUR0jsASjXdLROy5uYkbMNxpHDtuIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTcxMTIwWhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZTgyMjNmMzhkM2QyNmU4NjdhMTk4NzIwMTZhNTM2MjNi
YTFiM2JiMmFjNzU5OWE4MDcyZThjZWM3NGU4YTczMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCds32NukJu8oGVsB7FnvJwEYms2FtRB/rydy+PW2tXgUsV
gLw+lEEIebIwVmkp66H1nrBFssbaoshYf4oa07oE8/fvox2Mkrtn1ZiRZH6x3a6h
Fzrxf+7Qu71kDhrUmfsT9YZQihmoGeVqkKd3Vg1sST+xXpNZilb7Nuq2mJNlWN/R
Oex+hkf/xj9ly7knJVXD61BvwKoUjvD7jL8dbv42XtaGBLze62AB1MLBvqHgIotL
Wb5y2PgLOtgNZWdxYGTRDiVdOOonApnBcb+4UibNSCcqsPR6Xj2OFUYtZ6eg27Oz
n34wmfSrmYwUuKsq+AIDbZikO4xi9mtVHyFxRIkBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3x6IHXchTrXbB7HiHd2NO6RaV9EwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRkMjQ5MzhlLWFjNWItNDFjMy04NTg1LWUzNzNkNDNkYTBlZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABGhAEwDQYJKoZIhvcNAQELBQADggEBABzdAASoqW4CqX3hc0EzuUuB1zHz
IUYzrW/Wz62iBp6/JzIcSYIYgWm+wDz95xMmzyYM1Lnamnxsl3DvTNu/iFrEilcJ
Zr225GCKUllyFV7O28s874t2+0mHscRUWF2YQ09H8JkGkOiAcE4JimbWiCS5I1UJ
wFPbdkJ2/zCZQ5rJog+BZNYbFLc4gaEuBXDY2EV3g44Rsv2WijlX7VhABa4tp6Js
9Aelc6bvALh0RjCMnkAci/wkoc/NCS8kZdQ2VZOPGzd34FjbuRbMqKDZ/YTKY7EH
i+xyrd1Rp1b9uPr5iYCs2AoXx6XkVVG4n6EdhQXCYuS0hV7+yY8Gox8t2fY=
-----END CERTIFICATE-----