Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b8f98a9f-b5ea-4b59-980e-30e73c458959.roa
File:                     b8f98a9f-b5ea-4b59-980e-30e73c458959.roa (raw, json)
Hash identifier:          0UbU3PS1jhJtWaaG1o8LnU0aRFWn/2WlwDJLJpSwGSI=
Subject key identifier:   11:22:58:C9:32:6E:BD:0E:76:0A:19:FA:84:47:04:53:E4:EF:52:2E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       38B9E2E76579C16A59CD431191E6BCC17125DEB5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b8f98a9f-b5ea-4b59-980e-30e73c458959.roa
Signing time:             Sat 18 Oct 2025 03:31:58 +0000
ROA not before:           Sat 18 Oct 2025 03:31:58 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.9.15.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:b9:e2:e7:65:79:c1:6a:59:cd:43:11:91:e6:bc:c1:71:25:de:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 03:31:58 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=0393324ebd96fa33c70d82267f4ca6b033fb26e652a02df20c772669f1a5dd18, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:08:6e:2a:80:67:e5:85:ed:00:85:49:59:c2:
                    e6:17:39:74:e6:d5:21:3d:3e:bb:5e:cb:f4:64:5c:
                    b5:33:8d:05:51:f4:f0:bd:ad:de:d9:15:b0:ad:fb:
                    6d:57:28:08:10:d2:3c:e4:a6:3e:e5:15:40:7a:dc:
                    55:5d:f8:6f:3a:5c:1a:be:75:cf:e3:90:4c:e5:6d:
                    af:5e:e2:bf:a6:ff:82:af:75:44:92:80:1b:3c:ab:
                    42:f6:da:c1:ce:b6:40:11:de:71:a8:0d:be:3e:ac:
                    6c:db:95:83:e4:f1:c9:59:13:3c:86:19:45:fd:e2:
                    cf:86:a0:d3:85:57:ee:2c:9a:9f:a2:0e:76:00:d9:
                    d7:48:5d:38:c2:50:36:48:dd:5c:2a:f3:0a:a1:7b:
                    bf:f8:e0:25:c5:68:79:aa:dc:15:00:16:25:80:76:
                    29:52:c6:72:99:3f:78:a2:3f:cb:bf:41:68:83:ce:
                    34:a0:a3:17:2a:ee:a9:83:b1:94:d2:c6:0e:13:f0:
                    46:ab:33:79:16:56:ff:f1:a0:25:3e:cd:4b:d3:09:
                    e5:5d:e7:47:83:fd:73:ae:85:b6:c2:39:10:f7:b7:
                    04:56:d7:66:67:00:19:da:ac:ee:d2:d3:b2:ae:ed:
                    4b:1e:1e:3f:98:ce:63:2c:da:08:3d:fd:b7:eb:82:
                    8e:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:22:58:C9:32:6E:BD:0E:76:0A:19:FA:84:47:04:53:E4:EF:52:2E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b8f98a9f-b5ea-4b59-980e-30e73c458959.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.9.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:51:03:7c:a6:11:d8:07:e9:6e:55:f2:da:4a:1a:bc:18:27:
         87:86:5c:23:3a:03:39:98:fd:b3:8f:85:ee:d1:6f:48:c4:db:
         97:0d:6f:e9:e8:b1:f1:fd:46:77:7d:16:cb:4b:5a:71:42:6b:
         a5:22:ce:2f:86:3b:b3:63:41:95:89:a2:33:aa:f5:55:d1:cc:
         24:cb:ac:e9:70:a1:ff:5e:cc:94:7f:f8:8b:38:e4:de:a3:8e:
         ab:db:6d:a5:b2:8c:07:e9:34:e4:3b:55:a2:76:99:f6:5d:c2:
         aa:f3:70:9d:ce:9e:4a:6e:ce:ed:ac:d3:15:e8:0a:67:4c:3c:
         a8:f5:88:29:39:32:67:66:2e:44:93:d0:d0:1d:ba:20:4b:4d:
         cd:08:d4:21:12:9e:f6:e1:29:31:42:0e:6a:da:ca:86:cd:5e:
         1d:6d:3c:39:35:d9:6a:cf:7c:91:fa:76:b0:3b:52:ce:e7:70:
         66:2e:4c:05:f1:ac:57:4f:b1:65:b8:da:af:b0:c5:5f:c3:8e:
         f3:34:af:d7:a0:66:38:29:f4:ac:3c:04:ed:0f:2d:0f:18:16:
         ca:75:ee:65:5c:2d:b2:ae:43:34:27:b0:d3:73:d4:47:60:91:
         23:0a:80:33:ef:18:fc:13:39:61:fb:a0:81:05:74:c0:1b:3b:
         b3:31:42:98
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOLni52V5wWpZzUMRkea8wXEl3rUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDMzMTU4WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwMzkzMzI0ZWJkOTZmYTMzYzcwZDgyMjY3ZjRjYTZiMDMz
ZmIyNmU2NTJhMDJkZjIwYzc3MjY2OWYxYTVkZDE4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYCG4qgGflhe0AhUlZwuYXOXTm1SE9Prtey/RkXLUzjQVR
9PC9rd7ZFbCt+21XKAgQ0jzkpj7lFUB63FVd+G86XBq+dc/jkEzlba9e4r+m/4Kv
dUSSgBs8q0L22sHOtkAR3nGoDb4+rGzblYPk8clZEzyGGUX94s+GoNOFV+4smp+i
DnYA2ddIXTjCUDZI3Vwq8wqhe7/44CXFaHmq3BUAFiWAdilSxnKZP3iiP8u/QWiD
zjSgoxcq7qmDsZTSxg4T8EarM3kWVv/xoCU+zUvTCeVd50eD/XOuhbbCORD3twRW
12ZnABnarO7S07Ku7UseHj+YzmMs2gg9/bfrgo6FAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUESJYyTJuvQ52Chn6hEcEU+TvUi4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I4Zjk4YTlmLWI1ZWEtNGI1OS05ODBlLTMwZTczYzQ1ODk1OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABBCQ8wDQYJKoZIhvcNAQELBQADggEBACtRA3ymEdgH6W5V8tpKGrwYJ4eG
XCM6AzmY/bOPhe7Rb0jE25cNb+nosfH9Rnd9FstLWnFCa6Uizi+GO7NjQZWJojOq
9VXRzCTLrOlwof9ezJR/+Is45N6jjqvbbaWyjAfpNOQ7VaJ2mfZdwqrzcJ3Onkpu
zu2s0xXoCmdMPKj1iCk5MmdmLkST0NAduiBLTc0I1CESnvbhKTFCDmrayobNXh1t
PDk12WrPfJH6drA7Us7ncGYuTAXxrFdPsWW42q+wxV/DjvM0r9egZjgp9Kw8BO0P
LQ8YFsp17mVcLbKuQzQnsNNz1EdgkSMKgDPvGPwTOWH7oIEFdMAbO7MxQpg=
-----END CERTIFICATE-----