Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/79931b83-9888-42c4-8cab-49d3b3177907.roa
File:                     79931b83-9888-42c4-8cab-49d3b3177907.roa (raw, json)
Hash identifier:          liMMnSDTuaUK3PqHXJFLcILAoDuRLm5DM08LWr/io5I=
Subject key identifier:   9C:0E:63:5E:A7:E2:0E:14:27:4B:8B:AD:33:AB:FF:65:A5:35:56:5D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2AEDF31CDABCAFED3F492544F79E8DB536F1944B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/79931b83-9888-42c4-8cab-49d3b3177907.roa
Signing time:             Fri 03 Oct 2025 00:39:24 +0000
ROA not before:           Fri 03 Oct 2025 00:39:24 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.103.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:ed:f3:1c:da:bc:af:ed:3f:49:25:44:f7:9e:8d:b5:36:f1:94:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:39:24 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=a750944b2c108b9b07599a08a341b59e6022c77ab63cc5d67629794bd561ef56, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:9a:f9:8c:4b:88:af:78:0e:94:8b:4c:cf:4b:
                    b4:bf:2d:ed:85:12:5f:9d:8d:b3:9d:5d:c5:c5:ea:
                    43:04:12:8d:37:35:3b:00:d3:93:c9:36:b3:0e:86:
                    ce:bf:ba:90:ea:b2:7a:fe:18:91:39:9e:3e:db:5f:
                    ab:76:90:99:1d:58:19:29:13:cd:84:dd:a9:a1:1f:
                    37:94:49:d4:91:77:5a:4c:ed:de:b7:31:0a:e2:98:
                    e9:bc:fb:ac:6d:95:85:22:50:08:d7:79:8e:38:2b:
                    22:94:e4:8f:15:c4:b7:46:f7:49:f0:57:f4:cd:1c:
                    f1:fa:27:2c:8e:fe:fa:24:61:6d:a5:51:1b:9b:0e:
                    6a:be:a4:0a:cb:d3:06:53:91:fb:b0:31:f5:55:bb:
                    33:83:41:4d:9d:67:45:78:d2:e9:26:a2:c4:41:1c:
                    e9:30:7a:86:11:70:e6:4f:d6:2a:6e:e4:67:84:e9:
                    39:ff:2a:5f:a2:5e:4c:99:be:31:66:f5:26:9c:2e:
                    ea:15:48:26:ea:27:14:45:fd:4b:23:82:aa:82:db:
                    fe:2c:40:f9:cf:79:c4:3f:d3:f4:e7:50:c7:65:63:
                    70:11:e9:0a:bb:40:e9:67:75:86:1b:70:f2:c0:d7:
                    e0:cc:9d:97:b7:ac:31:2f:1f:d6:6e:4a:f3:75:d6:
                    ce:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:0E:63:5E:A7:E2:0E:14:27:4B:8B:AD:33:AB:FF:65:A5:35:56:5D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/79931b83-9888-42c4-8cab-49d3b3177907.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:58:56:1c:ca:5e:73:1a:c2:67:b4:56:4a:5d:47:f1:71:d9:
         50:2c:34:e7:ac:72:e8:55:30:e2:0a:90:6f:0c:e9:08:b8:16:
         d3:5a:d2:65:06:24:f1:e9:1a:37:14:3a:6c:5f:76:d8:12:c0:
         bd:ce:8f:09:79:4f:b1:43:39:bc:53:4b:bf:31:94:94:a1:ac:
         f8:72:72:d7:44:d6:aa:1a:a7:9e:05:9c:4b:ea:96:25:53:2c:
         b0:30:4a:ca:79:d6:8a:73:a2:e4:d1:35:12:a8:60:ff:82:2d:
         66:83:df:a4:a7:93:96:5c:58:91:61:a4:fe:e6:a2:d1:86:f9:
         1e:67:5c:1b:d9:76:06:76:32:1d:1a:f8:82:2d:eb:76:fe:74:
         d5:ad:6a:c6:b0:c4:f2:c9:9c:7d:74:2a:65:20:81:29:92:f5:
         fc:4e:74:d7:a1:e0:6e:05:f6:f1:17:a0:22:2a:7d:26:70:51:
         68:24:59:24:8f:08:e2:47:22:65:2b:7f:1f:7e:ad:df:b9:84:
         e0:d0:c6:ed:4f:b2:c1:a7:f7:0c:34:46:48:fc:86:86:7f:a7:
         c9:3a:39:8d:37:83:bc:ce:8c:f2:1c:ab:de:76:b4:ee:81:e2:
         66:a6:38:61:a3:c0:26:52:4a:a2:a8:b2:84:c8:31:ff:6f:1e:
         39:d1:98:ea
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKu3zHNq8r+0/SSVE956NtTbxlEswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDAzOTI0WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNzUwOTQ0YjJjMTA4YjliMDc1OTlhMDhhMzQxYjU5ZTYw
MjJjNzdhYjYzY2M1ZDY3NjI5Nzk0YmQ1NjFlZjU2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCemvmMS4iveA6Ui0zPS7S/Le2FEl+djbOdXcXF6kMEEo03
NTsA05PJNrMOhs6/upDqsnr+GJE5nj7bX6t2kJkdWBkpE82E3amhHzeUSdSRd1pM
7d63MQrimOm8+6xtlYUiUAjXeY44KyKU5I8VxLdG90nwV/TNHPH6JyyO/vokYW2l
URubDmq+pArL0wZTkfuwMfVVuzODQU2dZ0V40ukmosRBHOkweoYRcOZP1ipu5GeE
6Tn/Kl+iXkyZvjFm9SacLuoVSCbqJxRF/UsjgqqC2/4sQPnPecQ/0/TnUMdlY3AR
6Qq7QOlndYYbcPLA1+DMnZe3rDEvH9ZuSvN11s6ZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnA5jXqfiDhQnS4utM6v/ZaU1Vl0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc5OTMxYjgzLTk4ODgtNDJjNC04Y2FiLTQ5ZDNiMzE3NzkwNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/GcwDQYJKoZIhvcNAQELBQADggEBALhYVhzKXnMawme0VkpdR/Fx2VAs
NOescuhVMOIKkG8M6Qi4FtNa0mUGJPHpGjcUOmxfdtgSwL3Ojwl5T7FDObxTS78x
lJShrPhyctdE1qoap54FnEvqliVTLLAwSsp51opzouTRNRKoYP+CLWaD36Snk5Zc
WJFhpP7motGG+R5nXBvZdgZ2Mh0a+IIt63b+dNWtasawxPLJnH10KmUggSmS9fxO
dNeh4G4F9vEXoCIqfSZwUWgkWSSPCOJHImUrfx9+rd+5hODQxu1PssGn9ww0Rkj8
hoZ/p8k6OY03g7zOjPIcq952tO6B4mamOGGjwCZSSqKosoTIMf9vHjnRmOo=
-----END CERTIFICATE-----