Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6fcd84a1-3134-4005-9224-b48d476c9564.roa
File:                     6fcd84a1-3134-4005-9224-b48d476c9564.roa (raw, json)
Hash identifier:          qhBx/78LbWAKbnBWdfunx4LjAlyw6dYpwi9u1TyIJg4=
Subject key identifier:   68:D3:B1:C5:82:79:7D:14:3E:16:05:C8:DE:4F:C2:FE:F8:D0:01:B3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4DE2C5E425403B29DE56A1020774D614CEF5DE36
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6fcd84a1-3134-4005-9224-b48d476c9564.roa
Signing time:             Sun 26 Oct 2025 00:31:40 +0000
ROA not before:           Sun 26 Oct 2025 00:31:40 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.113.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:e2:c5:e4:25:40:3b:29:de:56:a1:02:07:74:d6:14:ce:f5:de:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 00:31:40 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=89f91d6f6020e2e0e80011a51d3e8f6f450205ff5150c36c2deeacee2a184271, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b4:36:5d:4b:b2:36:3f:2b:a8:35:f4:e9:51:
                    a0:61:29:2c:4c:83:f1:ba:b5:89:12:72:e6:56:2a:
                    22:c2:e4:48:31:2e:cd:ea:c9:1d:d9:58:f6:e2:f2:
                    d2:9d:78:93:36:d6:31:32:d0:d9:cb:8a:70:65:ca:
                    ab:15:92:a5:e6:71:26:d5:51:83:33:19:ff:03:f5:
                    30:ab:e4:3f:53:b7:fd:ae:fb:20:48:5f:27:f3:c9:
                    05:8d:f2:c0:d4:df:55:d8:74:cf:52:47:2d:e7:f1:
                    8d:e2:38:6e:d7:0d:ab:87:de:90:90:03:b8:b3:5c:
                    c0:8a:28:9a:c3:6c:47:28:a9:ed:71:5a:90:65:76:
                    e8:33:ff:31:d8:93:eb:01:b9:7a:cc:e0:a6:0d:99:
                    50:f0:6c:4d:76:71:07:e2:3e:fe:5b:d9:54:13:98:
                    56:d0:a6:80:b5:7f:47:2a:5c:15:c6:4b:1a:de:77:
                    e4:f6:30:ec:82:f9:0f:a4:da:9c:f0:2b:6b:31:f0:
                    67:0a:ff:fb:7b:99:cb:8f:ab:81:3d:74:03:7f:1b:
                    7b:f9:bf:a0:47:06:c6:0f:d9:42:36:29:22:07:ac:
                    76:e4:4b:99:9a:85:d7:07:86:e6:9c:07:31:da:85:
                    f6:60:60:4b:ab:58:f4:e8:e7:e5:bb:6c:5c:75:76:
                    a3:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:D3:B1:C5:82:79:7D:14:3E:16:05:C8:DE:4F:C2:FE:F8:D0:01:B3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6fcd84a1-3134-4005-9224-b48d476c9564.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:d7:81:5f:2e:87:f9:40:f3:64:0e:08:a1:e5:23:20:f9:79:
         17:aa:8c:10:86:f2:ad:65:10:2d:50:4f:0d:37:5e:42:2a:5a:
         66:f0:ca:3e:9b:f6:13:b2:cb:98:27:41:8f:76:5c:61:d9:f9:
         28:b9:87:c6:7c:28:56:a3:07:4c:a3:a1:82:b5:80:ac:45:b0:
         bd:93:a2:f2:90:f3:36:98:de:74:a0:cc:fa:a5:52:b4:a3:2c:
         09:2f:eb:c0:4a:37:32:c5:4f:af:99:00:45:a8:8c:79:54:db:
         99:2b:37:dd:53:51:fe:27:ae:91:a4:b2:c6:9c:14:09:cc:df:
         cd:87:96:8a:4a:06:86:09:ef:ed:94:a3:f9:97:8a:22:f8:ce:
         f0:ae:a3:13:ba:da:00:65:56:bc:7c:08:08:71:7e:c7:08:8f:
         4e:e0:7e:66:68:38:aa:a4:21:89:77:8f:6b:3f:30:30:6a:7f:
         ed:49:a4:17:62:57:24:93:a5:42:e7:52:2c:62:99:99:40:f4:
         ca:01:f9:03:70:9d:d6:ca:c6:8c:8c:b0:ff:a0:c8:6d:ba:07:
         1f:6c:43:e6:13:33:98:cb:5e:97:c7:28:30:d4:44:80:88:2d:
         9a:27:1b:22:da:26:1e:34:e6:cb:17:f5:61:ee:4f:ae:38:c4:
         ef:fe:c0:2d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTeLF5CVAOyneVqECB3TWFM713jYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDAzMTQwWhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4OWY5MWQ2ZjYwMjBlMmUwZTgwMDExYTUxZDNlOGY2ZjQ1
MDIwNWZmNTE1MGMzNmMyZGVlYWNlZTJhMTg0MjcxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9tDZdS7I2PyuoNfTpUaBhKSxMg/G6tYkScuZWKiLC5Egx
Ls3qyR3ZWPbi8tKdeJM21jEy0NnLinBlyqsVkqXmcSbVUYMzGf8D9TCr5D9Tt/2u
+yBIXyfzyQWN8sDU31XYdM9SRy3n8Y3iOG7XDauH3pCQA7izXMCKKJrDbEcoqe1x
WpBldugz/zHYk+sBuXrM4KYNmVDwbE12cQfiPv5b2VQTmFbQpoC1f0cqXBXGSxre
d+T2MOyC+Q+k2pzwK2sx8GcK//t7mcuPq4E9dAN/G3v5v6BHBsYP2UI2KSIHrHbk
S5mahdcHhuacBzHahfZgYEurWPTo5+W7bFx1dqO9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUaNOxxYJ5fRQ+FgXI3k/C/vjQAbMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZmY2Q4NGExLTMxMzQtNDAwNS05MjI0LWI0OGQ0NzZjOTU2NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/HEwDQYJKoZIhvcNAQELBQADggEBAETXgV8uh/lA82QOCKHlIyD5eReq
jBCG8q1lEC1QTw03XkIqWmbwyj6b9hOyy5gnQY92XGHZ+Si5h8Z8KFajB0yjoYK1
gKxFsL2TovKQ8zaY3nSgzPqlUrSjLAkv68BKNzLFT6+ZAEWojHlU25krN91TUf4n
rpGkssacFAnM382HlopKBoYJ7+2Uo/mXiiL4zvCuoxO62gBlVrx8CAhxfscIj07g
fmZoOKqkIYl3j2s/MDBqf+1JpBdiVySTpULnUiximZlA9MoB+QNwndbKxoyMsP+g
yG26Bx9sQ+YTM5jLXpfHKDDURICILZonGyLaJh405ssX9WHuT644xO/+wC0=
-----END CERTIFICATE-----