Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b913126a-50f3-41bd-bf39-0b045f9d3cc1.roa
File:                     b913126a-50f3-41bd-bf39-0b045f9d3cc1.roa (raw, json)
Hash identifier:          +s9Isa7D96fxRSd7THDeZ405Mkg5WSHI7sXtCVesS2w=
Subject key identifier:   F4:CE:5A:DC:9D:31:4B:B0:33:FF:4B:78:B6:EB:03:E2:AC:6A:A9:B3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       56D616E038A32D9FA0D1006318FCB7680CABF98D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b913126a-50f3-41bd-bf39-0b045f9d3cc1.roa
Signing time:             Sat 18 Oct 2025 02:00:06 +0000
ROA not before:           Sat 18 Oct 2025 02:00:06 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.8.176.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:d6:16:e0:38:a3:2d:9f:a0:d1:00:63:18:fc:b7:68:0c:ab:f9:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 02:00:06 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=04896ead0fabcacb381e1713604e5a6ad4ff2de0ac719c51b4a579341b440504, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e2:73:20:8c:ae:a4:95:52:38:b8:25:d4:71:
                    62:ad:95:5a:6c:8a:41:89:87:a0:b7:8e:cd:c9:0d:
                    ed:6c:17:fd:a6:8c:98:81:08:cd:d8:27:b0:fe:28:
                    ed:a7:fc:a5:44:ac:4b:1c:62:b3:62:66:d4:e3:4d:
                    07:1d:c1:9a:31:42:f5:72:8f:73:77:e6:1c:ba:7a:
                    05:ea:ef:7f:4f:20:00:e8:ae:77:11:cd:84:37:42:
                    a5:29:6b:ce:86:7a:9c:b8:be:9f:2a:1a:99:a4:3b:
                    54:a6:01:a5:27:26:53:3b:46:d3:8e:57:29:37:f5:
                    43:0f:03:65:2c:f2:f9:a5:84:42:ab:21:08:9d:07:
                    2e:c8:51:76:2c:de:c5:6d:47:95:d1:f6:d3:e4:e2:
                    ad:f5:28:b9:e4:3f:ee:b8:55:c0:51:de:5d:1f:b7:
                    73:81:2d:e2:4e:91:03:ab:0c:b5:cb:a8:22:8e:85:
                    46:72:43:a3:47:7e:7b:43:16:fd:e2:75:04:12:de:
                    1a:e4:53:38:55:ab:db:93:f6:22:5b:bf:8b:13:fc:
                    a7:8c:95:37:a9:94:88:b4:0a:d6:e1:6f:e3:be:cd:
                    db:b3:d1:73:a1:2e:4e:7c:82:a4:09:c8:8b:4d:a3:
                    e2:14:83:1e:04:f1:d4:b8:13:1a:e3:79:1c:7a:da:
                    45:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:CE:5A:DC:9D:31:4B:B0:33:FF:4B:78:B6:EB:03:E2:AC:6A:A9:B3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b913126a-50f3-41bd-bf39-0b045f9d3cc1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.8.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         23:e2:05:61:64:80:6f:c7:c8:de:d7:74:aa:38:63:18:0c:63:
         fe:0d:e6:5e:f9:e7:c4:cf:0a:10:3c:3d:c1:2a:53:6f:5a:bf:
         05:e7:10:eb:5f:57:80:03:4e:b1:45:41:34:dc:15:d4:3e:0d:
         7d:90:08:52:14:e1:c2:72:c6:4f:60:5a:e5:4f:92:2f:ba:09:
         19:52:b5:7b:bf:07:d5:2c:b3:b4:86:d3:6b:ad:10:db:a3:21:
         fd:27:f3:78:9f:0d:cf:9f:c9:e4:07:e3:3b:5b:41:6b:2d:52:
         76:7f:d7:21:62:a4:ba:60:4f:4b:f0:85:9d:ca:15:df:31:15:
         1a:9f:c8:49:97:0d:90:da:1a:40:ae:08:07:a1:a0:89:fb:32:
         d5:ee:d5:d1:db:6f:80:ac:66:26:b3:40:37:6c:1a:76:5f:89:
         97:ff:af:89:21:61:39:44:24:91:43:31:37:ea:52:f4:78:a6:
         62:d9:72:40:90:4b:9e:e7:1b:30:a5:55:91:88:fc:14:7a:73:
         32:36:9e:59:fe:7b:58:2e:b3:c4:8e:02:79:ac:2b:ce:6e:98:
         08:13:3a:d4:ef:bd:5d:d8:8f:07:4e:4e:67:5f:34:2e:b5:6f:
         ed:0f:5b:a2:3e:a5:ab:65:d4:ed:f5:3b:69:0b:0d:b7:9e:be:
         ab:1f:fb:20
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVtYW4DijLZ+g0QBjGPy3aAyr+Y0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDIwMDA2WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNDg5NmVhZDBmYWJjYWNiMzgxZTE3MTM2MDRlNWE2YWQ0
ZmYyZGUwYWM3MTljNTFiNGE1NzkzNDFiNDQwNTA0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC04nMgjK6klVI4uCXUcWKtlVpsikGJh6C3js3JDe1sF/2m
jJiBCM3YJ7D+KO2n/KVErEscYrNiZtTjTQcdwZoxQvVyj3N35hy6egXq739PIADo
rncRzYQ3QqUpa86Gepy4vp8qGpmkO1SmAaUnJlM7RtOOVyk39UMPA2Us8vmlhEKr
IQidBy7IUXYs3sVtR5XR9tPk4q31KLnkP+64VcBR3l0ft3OBLeJOkQOrDLXLqCKO
hUZyQ6NHfntDFv3idQQS3hrkUzhVq9uT9iJbv4sT/KeMlTeplIi0Ctbhb+O+zduz
0XOhLk58gqQJyItNo+IUgx4E8dS4ExrjeRx62kV9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9M5a3J0xS7Az/0t4tusD4qxqqbMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I5MTMxMjZhLTUwZjMtNDFiZC1iZjM5LTBiMDQ1ZjlkM2NjMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARBCLAwDQYJKoZIhvcNAQELBQADggEBACPiBWFkgG/HyN7XdKo4YxgMY/4N
5l7558TPChA8PcEqU29avwXnEOtfV4ADTrFFQTTcFdQ+DX2QCFIU4cJyxk9gWuVP
ki+6CRlStXu/B9Uss7SG02utENujIf0n83ifDc+fyeQH4ztbQWstUnZ/1yFipLpg
T0vwhZ3KFd8xFRqfyEmXDZDaGkCuCAehoIn7MtXu1dHbb4CsZiazQDdsGnZfiZf/
r4khYTlEJJFDMTfqUvR4pmLZckCQS57nGzClVZGI/BR6czI2nln+e1gus8SOAnms
K85umAgTOtTvvV3YjwdOTmdfNC61b+0PW6I+patl1O31O2kLDbeevqsf+yA=
-----END CERTIFICATE-----