Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/655d9c54-1648-4b17-915a-5b868df7eca4.roa
File:                     655d9c54-1648-4b17-915a-5b868df7eca4.roa (raw, json)
Hash identifier:          riHNcglJ3iaASoFYS+kRHUswGu14LCBRQRPC9RBeNxw=
Subject key identifier:   A5:3B:2E:22:02:73:06:EA:3B:30:CB:B1:DC:4F:A8:87:64:FE:3D:23
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6FF1D7A970D65F088EBA75540BAE247803C57A54
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/655d9c54-1648-4b17-915a-5b868df7eca4.roa
Signing time:             Sun 26 Oct 2025 00:30:57 +0000
ROA not before:           Sun 26 Oct 2025 00:30:57 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        75.79.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:f1:d7:a9:70:d6:5f:08:8e:ba:75:54:0b:ae:24:78:03:c5:7a:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 00:30:57 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=0835f41f2e1aad04291d71e2612873333a5c0a2ea2f444c607e616a140f5863a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a7:7d:88:d7:6a:a0:4e:07:2a:58:34:04:8b:
                    54:58:48:bd:a0:f4:d9:7a:7f:9b:c2:5b:0d:52:4d:
                    37:c6:80:3c:b6:50:ac:4d:8e:20:de:32:2d:8e:26:
                    6c:ae:fc:86:08:91:78:88:1b:7a:b6:d6:81:9c:b2:
                    4d:36:4f:98:c2:27:9e:64:ae:ca:fa:76:7b:8d:fb:
                    f1:9d:8b:18:d0:d4:63:1e:79:04:1c:34:88:c8:36:
                    7f:f8:9d:70:1c:43:af:a4:54:d2:98:3d:6f:14:b2:
                    ba:cd:59:36:42:be:c1:77:a0:4c:23:41:cc:b2:aa:
                    9f:e3:2d:33:dc:40:33:bc:3f:c1:4f:a0:ca:2e:4a:
                    49:90:6a:fe:dd:9a:ba:4c:a9:71:07:34:f6:dd:58:
                    89:be:5f:f2:34:88:54:2f:3a:bc:b8:9a:ff:a3:06:
                    ec:09:51:f1:26:2b:3a:84:c7:07:23:ba:d2:18:75:
                    a2:56:32:ee:51:f5:52:d0:f8:05:57:ff:3e:36:f9:
                    dc:9a:75:dd:2f:e2:b8:3c:c4:27:90:50:4d:49:13:
                    94:4c:21:ca:1a:f8:a9:e4:7b:4d:a8:46:f8:b6:f2:
                    c3:70:35:5e:59:48:65:2a:de:cb:e4:25:60:70:5e:
                    c1:65:fa:0a:84:13:ec:2b:19:3e:85:94:df:d3:e6:
                    f3:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:3B:2E:22:02:73:06:EA:3B:30:CB:B1:DC:4F:A8:87:64:FE:3D:23
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/655d9c54-1648-4b17-915a-5b868df7eca4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  75.79.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c3:e6:3b:96:27:6e:78:e0:5a:50:2f:63:1a:d2:f5:f5:29:be:
         a8:1d:12:67:d5:19:cf:44:fb:61:2f:a1:a1:59:db:eb:8c:30:
         30:32:5f:dc:53:d3:4e:77:62:30:29:57:0a:a8:3c:8f:68:97:
         84:a5:e3:ef:d4:5d:c6:13:99:47:7d:c5:e3:22:71:61:8b:2d:
         67:74:e9:fb:5b:68:7d:6e:0a:ad:7a:15:86:29:a3:d6:73:94:
         ff:2b:3b:27:66:f8:93:03:92:76:36:4e:25:26:31:3f:25:2e:
         e2:b5:1f:63:f7:75:64:e4:17:9b:4f:57:da:a2:cc:32:be:cc:
         d8:26:ac:92:17:29:ce:9a:2b:6a:97:14:02:42:d4:52:bb:8e:
         a0:02:aa:89:a5:bc:8e:03:9f:0a:77:02:42:28:67:1a:fb:ad:
         e7:36:39:fe:0d:ff:bf:43:6a:b7:c3:28:2e:9d:a6:e9:63:fa:
         b2:73:83:99:7a:20:4c:07:eb:f1:95:60:37:09:f2:be:73:7e:
         76:41:b0:98:8f:45:f0:1b:99:c3:7f:7d:59:b0:f0:7a:6b:0c:
         f1:b5:f1:d5:bb:4f:23:f7:f7:d3:04:07:bf:85:6f:ab:e0:cd:
         d5:bd:2a:ce:0c:7a:2a:87:d7:e4:f0:90:66:ac:69:cd:8f:8b:
         0b:14:28:3b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUb/HXqXDWXwiOunVUC64keAPFelQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDAzMDU3WhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwODM1ZjQxZjJlMWFhZDA0MjkxZDcxZTI2MTI4NzMzMzNh
NWMwYTJlYTJmNDQ0YzYwN2U2MTZhMTQwZjU4NjNhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIp32I12qgTgcqWDQEi1RYSL2g9Nl6f5vCWw1STTfGgDy2
UKxNjiDeMi2OJmyu/IYIkXiIG3q21oGcsk02T5jCJ55krsr6dnuN+/GdixjQ1GMe
eQQcNIjINn/4nXAcQ6+kVNKYPW8UsrrNWTZCvsF3oEwjQcyyqp/jLTPcQDO8P8FP
oMouSkmQav7dmrpMqXEHNPbdWIm+X/I0iFQvOry4mv+jBuwJUfEmKzqExwcjutIY
daJWMu5R9VLQ+AVX/z42+dyadd0v4rg8xCeQUE1JE5RMIcoa+Knke02oRvi28sNw
NV5ZSGUq3svkJWBwXsFl+gqEE+wrGT6FlN/T5vP7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUpTsuIgJzBuo7MMux3E+oh2T+PSMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY1NWQ5YzU0LTE2NDgtNGIxNy05MTVhLTViODY4ZGY3ZWNhNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBLTzANBgkqhkiG9w0BAQsFAAOCAQEAw+Y7lidueOBaUC9jGtL19Sm+qB0S
Z9UZz0T7YS+hoVnb64wwMDJf3FPTTndiMClXCqg8j2iXhKXj79RdxhOZR33F4yJx
YYstZ3Tp+1tofW4KrXoVhimj1nOU/ys7J2b4kwOSdjZOJSYxPyUu4rUfY/d1ZOQX
m09X2qLMMr7M2CaskhcpzporapcUAkLUUruOoAKqiaW8jgOfCncCQihnGvut5zY5
/g3/v0Nqt8MoLp2m6WP6snODmXogTAfr8ZVgNwnyvnN+dkGwmI9F8BuZw399WbDw
emsM8bXx1btPI/f30wQHv4Vvq+DN1b0qzgx6KofX5PCQZqxpzY+LCxQoOw==
-----END CERTIFICATE-----