Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6df6b394-3ba9-4e70-a4af-b3fb4b7217de.roa
File:                     6df6b394-3ba9-4e70-a4af-b3fb4b7217de.roa (raw, json)
Hash identifier:          WagpenC8Av3nkCokT3GBmd+gg2GzF0/czRJFgMVmebA=
Subject key identifier:   33:A0:A3:3B:AB:1F:B4:9B:44:BF:C3:62:7B:2B:B7:B7:2C:32:DF:4A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       72BE8B175C58240A18CFC9057A9276EF15A20ECC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6df6b394-3ba9-4e70-a4af-b3fb4b7217de.roa
Signing time:             Sat 18 Oct 2025 03:50:13 +0000
ROA not before:           Sat 18 Oct 2025 03:50:13 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.9.26.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:be:8b:17:5c:58:24:0a:18:cf:c9:05:7a:92:76:ef:15:a2:0e:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 03:50:13 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=24a1dd3ecc5f41f3ebc178e9fd4dd401c42d5540b7021eea1316c7829f8e980c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:23:2d:2c:46:be:d6:56:2d:c5:2e:d9:70:31:
                    ff:b1:a5:0d:bd:1f:fd:90:54:0e:41:3b:24:fc:41:
                    b9:26:c1:af:87:a5:f9:64:13:a5:e2:11:fe:f5:46:
                    24:cc:d5:8d:e4:12:98:1e:d8:eb:d4:e0:f8:08:d7:
                    e8:b7:dd:e3:13:b7:8d:10:ba:f6:4a:2b:e9:cd:93:
                    58:14:67:ef:01:7c:6f:23:74:f7:ec:75:59:8b:2f:
                    ae:a9:c5:07:dd:d1:93:b0:61:b7:81:1e:31:12:91:
                    ee:60:cc:93:60:45:ce:9d:ca:75:1c:08:3b:35:27:
                    9f:80:a3:af:0b:7c:b6:4a:d3:ef:b0:d9:ea:71:f6:
                    61:93:54:5e:d3:d0:c2:bf:59:44:39:43:7c:dd:6f:
                    07:82:8e:d6:7a:b9:e8:49:e5:98:76:21:d8:31:04:
                    73:ad:7b:57:3a:41:66:cc:9b:ff:b7:06:52:5d:bf:
                    ec:8b:3b:f4:8e:bd:5c:34:e7:00:5b:ac:d9:09:e0:
                    0a:f1:44:8d:ec:0a:43:71:3e:05:71:eb:e2:94:33:
                    19:31:2f:be:fd:8a:59:b4:5f:d4:6f:12:4b:50:13:
                    b6:e7:81:45:34:78:f5:d6:f1:de:ac:6a:40:8c:2f:
                    b9:6e:f4:87:6d:72:c4:0d:ba:1f:40:1b:1f:39:e0:
                    04:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:A0:A3:3B:AB:1F:B4:9B:44:BF:C3:62:7B:2B:B7:B7:2C:32:DF:4A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6df6b394-3ba9-4e70-a4af-b3fb4b7217de.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.9.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:55:45:17:3a:55:ce:4d:40:35:0d:9b:6f:47:c0:ec:a8:5e:
         20:26:67:9d:df:d3:08:33:66:c5:53:cb:be:7c:e3:68:5f:91:
         4e:61:76:38:b7:60:dc:2e:85:39:de:93:82:86:d5:11:47:26:
         79:ed:42:8b:24:e7:ad:3e:f4:3f:48:5b:d8:7c:4d:ec:46:ad:
         cd:40:03:9e:33:56:1a:21:00:59:d1:09:82:99:92:56:ca:aa:
         b6:60:d5:9a:64:38:f6:b0:bf:b0:9c:27:fa:4e:bb:4f:44:42:
         49:eb:eb:c9:3c:da:eb:a3:05:47:71:07:50:43:5c:74:e8:fe:
         54:53:6e:ab:67:86:c2:7f:e2:e4:61:1c:15:28:9a:bb:70:df:
         e5:f5:a6:9a:de:36:f5:60:4c:5d:5a:36:74:80:9c:a8:e3:a1:
         86:16:ea:17:cf:6d:bc:13:95:fd:9a:06:2a:64:3a:c0:98:ca:
         97:38:ad:69:21:f4:38:9d:05:66:25:cd:c7:89:e4:69:0b:53:
         11:3e:05:1a:a8:5f:61:7d:4c:a4:1f:77:5b:6d:58:e7:56:dd:
         d1:5d:1f:21:cb:d2:9d:2c:9f:50:5f:81:d9:60:b2:e8:e3:86:
         2e:e7:89:6e:18:42:2e:e4:63:7f:87:b6:60:c2:41:cf:b1:a1:
         f2:d6:21:e8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcr6LF1xYJAoYz8kFepJ27xWiDswwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDM1MDEzWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNGExZGQzZWNjNWY0MWYzZWJjMTc4ZTlmZDRkZDQwMWM0
MmQ1NTQwYjcwMjFlZWExMzE2Yzc4MjlmOGU5ODBjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3Iy0sRr7WVi3FLtlwMf+xpQ29H/2QVA5BOyT8Qbkmwa+H
pflkE6XiEf71RiTM1Y3kEpge2OvU4PgI1+i33eMTt40QuvZKK+nNk1gUZ+8BfG8j
dPfsdVmLL66pxQfd0ZOwYbeBHjESke5gzJNgRc6dynUcCDs1J5+Ao68LfLZK0++w
2epx9mGTVF7T0MK/WUQ5Q3zdbweCjtZ6uehJ5Zh2IdgxBHOte1c6QWbMm/+3BlJd
v+yLO/SOvVw05wBbrNkJ4ArxRI3sCkNxPgVx6+KUMxkxL779ilm0X9RvEktQE7bn
gUU0ePXW8d6sakCML7lu9IdtcsQNuh9AGx854ARNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUM6CjO6sftJtEv8Nieyu3tywy30owHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZkZjZiMzk0LTNiYTktNGU3MC1hNGFmLWIzZmI0YjcyMTdkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFBCRowDQYJKoZIhvcNAQELBQADggEBAHJVRRc6Vc5NQDUNm29HwOyoXiAm
Z53f0wgzZsVTy75842hfkU5hdji3YNwuhTnek4KG1RFHJnntQosk560+9D9IW9h8
TexGrc1AA54zVhohAFnRCYKZklbKqrZg1ZpkOPawv7CcJ/pOu09EQknr68k82uuj
BUdxB1BDXHTo/lRTbqtnhsJ/4uRhHBUomrtw3+X1ppreNvVgTF1aNnSAnKjjoYYW
6hfPbbwTlf2aBipkOsCYypc4rWkh9DidBWYlzceJ5GkLUxE+BRqoX2F9TKQfd1tt
WOdW3dFdHyHL0p0sn1Bfgdlgsujjhi7niW4YQi7kY3+HtmDCQc+xofLWIeg=
-----END CERTIFICATE-----