Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ebc60e1-d188-4298-9c68-e70269961153.roa
File:                     9ebc60e1-d188-4298-9c68-e70269961153.roa (raw, json)
Hash identifier:          VLllfAQhDMxgdZODkEoDRNLuy5In/uvCOoEi9xNW8MM=
Subject key identifier:   A3:19:26:20:36:AE:4F:34:CC:5D:1E:81:DE:73:62:60:65:56:8A:0F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5ABE01030E2C42BEFF8339223FC7EEDDF74F0BD9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ebc60e1-d188-4298-9c68-e70269961153.roa
Signing time:             Sat 18 Oct 2025 02:11:07 +0000
ROA not before:           Sat 18 Oct 2025 02:11:07 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.8.221.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:be:01:03:0e:2c:42:be:ff:83:39:22:3f:c7:ee:dd:f7:4f:0b:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 02:11:07 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=8ca56ecf343f90223f3420920c6bd72277c13584dfee12d90f848f65fb75e092, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:2b:7c:60:f8:12:5d:c8:d8:e1:dc:10:09:25:
                    64:91:db:c2:5e:27:5f:3f:3e:af:71:02:90:2e:7a:
                    39:92:7c:b5:27:6b:06:3a:ab:99:fd:cc:ea:05:1b:
                    b8:2d:cc:85:55:96:14:36:9e:b8:f7:32:1b:90:ff:
                    e7:dd:dd:ff:08:3c:61:a9:4d:33:92:37:f7:ad:89:
                    23:b3:a9:5a:e1:8c:47:83:11:36:05:67:8c:de:f9:
                    28:fc:8e:1e:f4:b6:30:b7:09:61:30:96:d8:27:56:
                    7e:13:9d:db:8f:6e:7e:f7:78:98:14:30:c9:31:8c:
                    a7:5d:e4:74:ae:f5:03:9e:9a:b4:1f:56:9e:e3:e1:
                    d1:f8:2f:d2:ab:8a:d3:18:55:86:7f:dc:52:75:d9:
                    2d:cb:29:fe:04:6e:8b:b4:be:20:f7:07:33:e0:dc:
                    fa:6c:b1:2f:13:d8:0c:20:a7:0c:2b:ab:6a:1f:89:
                    ba:cb:ee:fa:c3:bc:9c:9a:95:64:86:b4:07:de:99:
                    8c:17:c1:1f:eb:43:71:f0:86:85:82:77:0e:0c:e0:
                    53:c1:9a:1e:12:d5:a3:bd:ba:50:cc:12:1d:55:99:
                    3e:01:70:06:11:ec:17:bf:78:6a:7b:69:da:16:17:
                    8b:0d:e8:0a:4c:d1:df:67:6a:65:a7:56:85:85:be:
                    78:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:19:26:20:36:AE:4F:34:CC:5D:1E:81:DE:73:62:60:65:56:8A:0F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ebc60e1-d188-4298-9c68-e70269961153.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.8.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:9a:f5:7d:66:fa:38:81:2f:f5:be:34:6a:45:e3:d6:16:03:
         98:81:0d:9a:bd:62:e3:45:48:39:c7:78:c2:9b:20:f6:36:1d:
         ce:45:65:38:5f:82:d3:48:af:91:cc:26:b2:02:af:4d:48:94:
         e0:6c:c0:11:9a:54:28:6c:23:91:8e:ea:5a:b0:e1:16:1e:a3:
         40:f7:b2:3b:2c:9e:d5:2c:75:03:2c:ae:a1:91:b1:31:a4:d2:
         23:0e:bf:87:98:0d:bb:6f:9c:b2:d6:61:b4:2c:08:92:7b:c7:
         42:e3:e7:92:70:64:5a:6e:eb:24:92:99:02:ae:62:9c:87:1c:
         cd:62:ed:8e:8c:1d:03:22:66:0d:91:8f:34:32:e7:f2:91:7f:
         3d:b8:2d:89:3e:72:13:57:bb:0e:ed:f2:fd:48:40:d4:99:78:
         12:f7:96:cd:76:e7:ee:5b:20:28:f3:f7:46:86:a5:a1:c9:d1:
         7f:f9:8d:93:2f:2e:1b:f7:fb:43:43:74:88:77:9a:c2:f5:32:
         53:ef:74:9f:1c:09:c3:f3:15:84:1e:34:75:a6:a8:c2:e8:ec:
         77:56:76:8e:54:53:ca:0d:b1:be:bd:ab:d1:95:f5:75:88:8a:
         c6:7a:37:d8:a4:47:33:27:84:0d:91:ad:a2:31:6a:af:80:bd:
         69:64:b4:ef
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWr4BAw4sQr7/gzkiP8fu3fdPC9kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDIxMTA3WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A4Y2E1NmVjZjM0M2Y5MDIyM2YzNDIwOTIwYzZiZDcyMjc3
YzEzNTg0ZGZlZTEyZDkwZjg0OGY2NWZiNzVlMDkyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDoK3xg+BJdyNjh3BAJJWSR28JeJ18/Pq9xApAuejmSfLUn
awY6q5n9zOoFG7gtzIVVlhQ2nrj3MhuQ/+fd3f8IPGGpTTOSN/etiSOzqVrhjEeD
ETYFZ4ze+Sj8jh70tjC3CWEwltgnVn4TnduPbn73eJgUMMkxjKdd5HSu9QOemrQf
Vp7j4dH4L9KritMYVYZ/3FJ12S3LKf4Ebou0viD3BzPg3PpssS8T2Awgpwwrq2of
ibrL7vrDvJyalWSGtAfemYwXwR/rQ3HwhoWCdw4M4FPBmh4S1aO9ulDMEh1VmT4B
cAYR7Be/eGp7adoWF4sN6ApM0d9namWnVoWFvnjhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoxkmIDauTzTMXR6B3nNiYGVWig8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzllYmM2MGUxLWQxODgtNDI5OC05YzY4LWU3MDI2OTk2MTE1My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABBCN0wDQYJKoZIhvcNAQELBQADggEBAKWa9X1m+jiBL/W+NGpF49YWA5iB
DZq9YuNFSDnHeMKbIPY2Hc5FZThfgtNIr5HMJrICr01IlOBswBGaVChsI5GO6lqw
4RYeo0D3sjssntUsdQMsrqGRsTGk0iMOv4eYDbtvnLLWYbQsCJJ7x0Lj55JwZFpu
6ySSmQKuYpyHHM1i7Y6MHQMiZg2RjzQy5/KRfz24LYk+chNXuw7t8v1IQNSZeBL3
ls125+5bICjz90aGpaHJ0X/5jZMvLhv3+0NDdIh3msL1MlPvdJ8cCcPzFYQeNHWm
qMLo7HdWdo5UU8oNsb69q9GV9XWIisZ6N9ikRzMnhA2RraIxaq+AvWlktO8=
-----END CERTIFICATE-----