Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9467035e-ac22-4ed7-bdeb-771152f3e853.roa
File:                     9467035e-ac22-4ed7-bdeb-771152f3e853.roa (raw, json)
Hash identifier:          9bxRHexX9G8qZRDUTfHPH0jDOVHw8xlU1HvIeW5EnZA=
Subject key identifier:   6B:27:D3:AD:B7:45:F1:ED:44:1A:37:81:52:50:EB:EF:F4:D4:BF:E1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       13ABD89471526B065E1807030623ECA0FB8E2652
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9467035e-ac22-4ed7-bdeb-771152f3e853.roa
Signing time:             Wed 24 Sep 2025 00:12:11 +0000
ROA not before:           Wed 24 Sep 2025 00:12:11 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        170.68.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:ab:d8:94:71:52:6b:06:5e:18:07:03:06:23:ec:a0:fb:8e:26:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 24 00:12:11 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=c375108158a6d72eeebe98002dacd9c1aedc8d2bc44d5bbf927dee1c65aba487, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:9e:36:7b:4e:69:fe:e9:ab:c3:92:66:b1:38:
                    6d:f4:35:77:4d:a8:cf:fa:96:73:40:df:ee:f4:e3:
                    85:32:8d:62:b5:53:75:b4:86:0f:86:a1:d1:15:30:
                    c5:86:b6:84:c7:f8:25:97:ea:4e:d8:e0:76:9b:26:
                    91:31:6f:ef:d3:f6:75:e9:8a:18:0f:0c:a9:a2:68:
                    3a:6f:4b:f4:2f:68:01:ce:80:33:fe:5b:06:79:37:
                    76:c7:c1:d4:06:24:c7:63:11:0d:9e:66:00:cc:c5:
                    f9:6d:23:de:8b:a2:42:ca:62:91:8d:9c:58:cf:fb:
                    90:56:69:e8:f2:58:06:e2:3a:a1:6c:f8:0b:39:7a:
                    fc:94:34:3c:e2:ad:a9:7a:ff:f1:25:00:18:96:e6:
                    49:a4:8f:84:01:9b:6b:36:15:e5:dc:f4:3c:22:46:
                    7f:4c:d0:88:ae:34:22:a3:33:49:c9:96:10:3b:52:
                    40:70:61:b7:63:da:09:92:47:32:e3:1e:83:ee:f7:
                    dd:1d:a1:8e:28:66:65:e8:81:cc:8b:be:a1:d5:eb:
                    9a:11:b5:1b:f8:03:7a:b5:78:5b:62:d9:24:71:1c:
                    6b:de:76:60:5c:00:b3:e8:80:a2:8f:51:4f:ac:e2:
                    0b:e4:cc:36:88:7c:23:3c:49:9f:a5:d8:90:00:82:
                    ec:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:27:D3:AD:B7:45:F1:ED:44:1A:37:81:52:50:EB:EF:F4:D4:BF:E1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9467035e-ac22-4ed7-bdeb-771152f3e853.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.68.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         32:6b:7d:8c:49:e7:0c:9f:91:1b:9f:10:46:4c:9e:bc:65:8c:
         55:ec:ce:41:2f:ef:2f:30:5e:af:d3:b6:68:7a:31:fe:98:09:
         86:23:ca:ed:07:12:43:79:1b:37:1e:ce:96:b9:5a:76:95:fc:
         a5:48:74:d9:72:74:cb:1b:47:f0:f0:ce:62:7e:f1:b9:08:f8:
         7c:79:36:0f:49:cd:c8:4a:fb:82:85:3f:54:97:05:65:4a:3c:
         66:63:d7:42:3a:10:be:ff:c0:1d:d4:10:f6:85:f7:be:e6:8d:
         31:a8:6d:52:78:31:69:b6:63:30:7c:4f:89:13:c8:44:51:db:
         7f:7c:61:9f:0c:f8:1b:52:53:04:5f:66:86:3b:5e:19:b3:94:
         08:6e:36:0c:b9:42:4c:5b:48:94:6e:4e:91:74:12:70:0b:88:
         ca:19:dc:e8:35:ff:44:34:b2:5f:fe:d1:0a:14:7e:d0:18:0c:
         17:6a:1f:e2:08:7d:d6:61:2e:cc:0d:de:71:cd:79:16:30:18:
         6c:ee:4d:83:84:6f:35:a6:5c:bb:28:a2:6c:8b:57:6c:88:a8:
         eb:e3:96:c9:23:da:5e:da:52:01:e2:b3:9a:7d:7c:d2:4d:38:
         6c:a2:bf:f5:15:9c:b7:22:96:56:f8:cf:eb:3b:68:ba:72:3a:
         c7:aa:21:5c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUE6vYlHFSawZeGAcDBiPsoPuOJlIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI0MDAxMjExWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BjMzc1MTA4MTU4YTZkNzJlZWViZTk4MDAyZGFjZDljMWFl
ZGM4ZDJiYzQ0ZDViYmY5MjdkZWUxYzY1YWJhNDg3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrnjZ7Tmn+6avDkmaxOG30NXdNqM/6lnNA3+7044UyjWK1
U3W0hg+GodEVMMWGtoTH+CWX6k7Y4HabJpExb+/T9nXpihgPDKmiaDpvS/QvaAHO
gDP+WwZ5N3bHwdQGJMdjEQ2eZgDMxfltI96LokLKYpGNnFjP+5BWaejyWAbiOqFs
+As5evyUNDziral6//ElABiW5kmkj4QBm2s2FeXc9DwiRn9M0IiuNCKjM0nJlhA7
UkBwYbdj2gmSRzLjHoPu990doY4oZmXogcyLvqHV65oRtRv4A3q1eFti2SRxHGve
dmBcALPogKKPUU+s4gvkzDaIfCM8SZ+l2JAAguy/AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUayfTrbdF8e1EGjeBUlDr7/TUv+EwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk0NjcwMzVlLWFjMjItNGVkNy1iZGViLTc3MTE1MmYzZTg1My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCqRDANBgkqhkiG9w0BAQsFAAOCAQEAMmt9jEnnDJ+RG58QRkyevGWMVezO
QS/vLzBer9O2aHox/pgJhiPK7QcSQ3kbNx7OlrladpX8pUh02XJ0yxtH8PDOYn7x
uQj4fHk2D0nNyEr7goU/VJcFZUo8ZmPXQjoQvv/AHdQQ9oX3vuaNMahtUngxabZj
MHxPiRPIRFHbf3xhnwz4G1JTBF9mhjteGbOUCG42DLlCTFtIlG5OkXQScAuIyhnc
6DX/RDSyX/7RChR+0BgMF2of4gh91mEuzA3ecc15FjAYbO5Ng4RvNaZcuyiibItX
bIio6+OWySPaXtpSAeKzmn180k04bKK/9RWctyKWVvjP6ztounI6x6ohXA==
-----END CERTIFICATE-----