Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8b538b35-6896-4666-ad39-c00d62847b87.roa
File:                     8b538b35-6896-4666-ad39-c00d62847b87.roa (raw, json)
Hash identifier:          lXaVO3HyJjTcPQIsTMvsHYBelfrF5NjCMs9oofbVVNY=
Subject key identifier:   45:42:BC:DC:DE:21:12:09:3E:52:59:BA:26:B7:D0:89:C9:A8:03:C4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7F58586C0F24E26FC143217D97E5B1D1FA13A758
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8b538b35-6896-4666-ad39-c00d62847b87.roa
Signing time:             Tue 30 Sep 2025 00:22:04 +0000
ROA not before:           Tue 30 Sep 2025 00:22:04 +0000
ROA not after:            Tue 04 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        194.21.64.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:58:58:6c:0f:24:e2:6f:c1:43:21:7d:97:e5:b1:d1:fa:13:a7:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 30 00:22:04 2025 GMT
            Not After : Nov  4 23:59:59 2025 GMT
        Subject: serialNumber=4a49eda20cbb60d3eba4a5705ca25f916c13a5dd0d0745d594591a289dad521e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d8:4f:65:ac:8b:55:e2:90:81:86:ba:f8:5d:
                    df:26:4d:e1:8f:4d:09:2a:96:b9:b5:e1:0f:f8:ac:
                    9c:e1:87:bc:1a:bb:85:84:8c:f6:c7:90:53:af:aa:
                    a2:71:fc:2d:c2:83:02:e2:f7:ad:42:ff:17:2d:37:
                    63:1d:ef:b5:ac:9c:e5:72:2e:e0:1c:1f:46:f9:27:
                    98:a3:8e:3b:55:fa:a7:fb:d4:54:32:32:ed:10:34:
                    34:89:1a:61:70:bd:9a:cd:7b:d7:72:ca:88:94:07:
                    49:e8:b9:6e:4f:d2:14:ae:f9:ce:42:2d:49:15:42:
                    7e:74:de:ad:8f:26:b1:bc:99:df:21:9e:e9:4d:ac:
                    a2:1a:56:9a:7d:cb:c1:38:47:5e:3f:6c:f8:9c:5b:
                    86:e6:21:b2:49:51:c2:7a:03:12:62:01:95:1a:4c:
                    80:71:8d:cf:a0:c6:07:2e:32:21:87:d5:ab:2e:c3:
                    70:6f:da:e4:b2:19:06:f5:73:e8:0d:d3:7b:8b:d7:
                    3b:c4:e8:17:67:b3:f8:f3:46:06:48:92:b5:4f:ad:
                    d4:d0:2b:18:ba:d4:06:ea:8f:82:26:b0:ed:ac:c9:
                    2a:06:80:ee:60:e2:77:02:ef:7c:d6:e2:97:de:5b:
                    33:83:86:e4:80:e8:94:e8:2e:72:98:05:04:50:9d:
                    cb:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:42:BC:DC:DE:21:12:09:3E:52:59:BA:26:B7:D0:89:C9:A8:03:C4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8b538b35-6896-4666-ad39-c00d62847b87.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.21.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         af:fe:ea:8b:be:fb:af:7e:7c:76:b3:7c:57:1c:83:9f:43:72:
         9e:5f:42:68:d5:9f:c0:3c:65:f1:09:b0:6f:d2:29:de:b0:26:
         d8:0e:da:35:ce:e7:cc:e0:56:1b:d2:78:a8:45:9a:7f:3e:cd:
         30:2d:9c:de:fa:1a:b3:3d:a7:90:ef:3c:55:d2:ba:6b:e5:4a:
         14:1e:b1:27:6a:e7:c4:37:ad:92:64:4a:ff:ea:a6:85:e8:dc:
         d6:a1:5c:37:78:b8:76:66:3d:16:f4:67:62:95:c1:3a:94:ee:
         04:65:aa:15:20:1a:21:f4:7d:df:cc:c6:da:66:db:9a:9a:13:
         74:db:87:da:2b:41:34:70:ab:4e:d9:43:4e:0b:cf:da:71:e1:
         c6:ee:2a:26:f4:1b:cf:8c:d6:61:35:ab:84:ff:db:48:59:97:
         6b:3b:bc:35:be:ee:86:fa:dc:3d:b6:9c:07:5a:02:91:f8:a2:
         a1:08:4c:1c:da:30:03:e3:62:93:97:b1:5e:9e:eb:6a:bc:8e:
         c4:5a:ac:07:33:95:7a:b1:2f:e8:3a:23:9e:22:ed:76:f2:25:
         30:59:08:69:ea:c1:f6:ce:b2:12:17:f9:cc:95:a4:a1:e4:f5:
         e0:bd:7c:41:aa:d5:62:28:60:e3:d9:48:6c:32:53:a3:c7:98:
         fc:db:5a:1b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUf1hYbA8k4m/BQyF9l+Wx0foTp1gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTMwMDAyMjA0WhcNMjUxMTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0YTQ5ZWRhMjBjYmI2MGQzZWJhNGE1NzA1Y2EyNWY5MTZj
MTNhNWRkMGQwNzQ1ZDU5NDU5MWEyODlkYWQ1MjFlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCa2E9lrItV4pCBhrr4Xd8mTeGPTQkqlrm14Q/4rJzhh7wa
u4WEjPbHkFOvqqJx/C3CgwLi961C/xctN2Md77WsnOVyLuAcH0b5J5ijjjtV+qf7
1FQyMu0QNDSJGmFwvZrNe9dyyoiUB0nouW5P0hSu+c5CLUkVQn503q2PJrG8md8h
nulNrKIaVpp9y8E4R14/bPicW4bmIbJJUcJ6AxJiAZUaTIBxjc+gxgcuMiGH1asu
w3Bv2uSyGQb1c+gN03uL1zvE6Bdns/jzRgZIkrVPrdTQKxi61Abqj4ImsO2sySoG
gO5g4ncC73zW4pfeWzODhuSA6JToLnKYBQRQnct/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURUK83N4hEgk+Ulm6JrfQicmoA8QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhiNTM4YjM1LTY4OTYtNDY2Ni1hZDM5LWMwMGQ2Mjg0N2I4Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAbCFUAwDQYJKoZIhvcNAQELBQADggEBAK/+6ou++69+fHazfFccg59Dcp5f
QmjVn8A8ZfEJsG/SKd6wJtgO2jXO58zgVhvSeKhFmn8+zTAtnN76GrM9p5DvPFXS
umvlShQesSdq58Q3rZJkSv/qpoXo3NahXDd4uHZmPRb0Z2KVwTqU7gRlqhUgGiH0
fd/Mxtpm25qaE3Tbh9orQTRwq07ZQ04Lz9px4cbuKib0G8+M1mE1q4T/20hZl2s7
vDW+7ob63D22nAdaApH4oqEITBzaMAPjYpOXsV6e62q8jsRarAczlXqxL+g6I54i
7XbyJTBZCGnqwfbOshIX+cyVpKHk9eC9fEGq1WIoYOPZSGwyU6PHmPzbWhs=
-----END CERTIFICATE-----