Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/be98d2a2-56e5-478b-a080-9e9662d1284a.roa
File:                     be98d2a2-56e5-478b-a080-9e9662d1284a.roa (raw, json)
Hash identifier:          IBiNjZeDWxlwvAuJ9g8RbG/A6V/aWQOAeVGoYz9ZdkA=
Subject key identifier:   26:EC:15:B1:72:67:97:49:07:08:7F:06:7B:87:18:9B:71:99:4B:6D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       53E94E4F2E1551CF9943D0ABFB1111F072C393E8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/be98d2a2-56e5-478b-a080-9e9662d1284a.roa
Signing time:             Sat 18 Oct 2025 01:20:58 +0000
ROA not before:           Sat 18 Oct 2025 01:20:58 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.9.73.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:e9:4e:4f:2e:15:51:cf:99:43:d0:ab:fb:11:11:f0:72:c3:93:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 01:20:58 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=6ee4e391c1ff21eff85df960287e4306e2ccdde84eb360b01d79ab044586980d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:1f:19:ec:3d:49:f7:d6:29:ef:80:fb:cd:23:
                    8c:f5:bc:02:94:f1:1b:95:66:c3:57:98:03:24:1e:
                    0f:31:75:08:0f:ac:e1:d1:98:c5:ec:12:fa:5d:49:
                    fc:49:5b:6c:fe:3e:b5:03:a7:da:3f:ce:8a:d0:2a:
                    5c:2d:61:37:bb:e1:ab:41:a0:74:14:e4:ce:98:6c:
                    ac:09:35:3f:44:77:4c:ed:0a:ac:9d:af:2a:5d:36:
                    b0:a3:80:07:77:94:fb:f3:b0:05:77:90:f1:6a:55:
                    6b:18:10:0c:3a:ce:d7:51:89:e6:4e:3f:88:98:6d:
                    ce:cc:99:f5:55:fa:c8:74:5b:61:35:24:9a:dd:2c:
                    ff:3d:4b:c9:c1:e5:ef:c2:f9:5c:f3:4d:fb:6a:f4:
                    81:37:0f:4e:c9:b5:8e:62:60:1b:cd:4c:08:8a:4f:
                    1f:43:68:33:5a:f6:80:a4:be:bb:b3:e3:1b:14:b0:
                    79:57:94:35:01:d8:a7:e1:5a:f5:29:4a:84:95:78:
                    dc:ed:ed:41:36:40:ff:3b:5b:33:7a:7d:bb:88:ee:
                    09:ba:12:1c:87:c3:e6:46:9c:7a:2e:86:3e:68:a1:
                    45:d1:bf:b0:4b:22:cd:13:a3:ec:b0:d9:a0:50:a5:
                    96:24:2e:c6:c3:be:36:7f:b8:dd:5a:4b:69:04:e9:
                    af:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:EC:15:B1:72:67:97:49:07:08:7F:06:7B:87:18:9B:71:99:4B:6D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/be98d2a2-56e5-478b-a080-9e9662d1284a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.9.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cf:d0:8c:82:94:84:63:44:bc:6b:93:03:b3:d4:dc:49:cf:42:
         d9:f3:01:30:20:31:32:59:98:70:f8:9e:fe:e6:ca:1c:a4:47:
         83:96:f2:b4:2f:35:34:de:9c:f2:89:f4:71:03:66:06:19:48:
         29:b4:29:dc:ba:9d:60:26:f1:cb:60:15:ac:b8:a9:9d:6c:4d:
         d7:4d:2d:f0:b9:d9:a0:a8:76:da:08:ef:6c:05:5c:f4:b5:43:
         95:ab:d9:49:d6:2b:6a:12:b2:c8:9a:07:a6:d0:fb:64:f0:9b:
         4d:aa:37:fb:75:cd:ed:dd:e3:b1:f1:3b:54:21:52:48:a1:6d:
         41:83:0f:75:fd:94:7d:03:bc:d1:7b:71:b0:81:f6:01:b6:fe:
         28:3f:a9:0c:cc:c4:d0:72:a5:e6:38:42:47:22:f0:63:da:be:
         98:ae:35:39:f7:91:41:7a:c5:10:97:13:9a:7f:c0:50:0e:a8:
         17:aa:f4:09:34:84:ba:d6:18:57:e9:21:05:81:d3:fd:bc:d8:
         57:33:14:9a:56:a4:b1:d3:df:06:15:0a:df:f2:a5:49:05:46:
         70:e8:c4:32:07:ce:ca:fd:13:14:56:d6:01:de:28:07:5c:16:
         30:1c:44:26:c5:17:bc:aa:d0:15:30:55:3f:4a:ad:ba:34:37:
         6d:10:ec:a1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU+lOTy4VUc+ZQ9Cr+xER8HLDk+gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDEyMDU4WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZWU0ZTM5MWMxZmYyMWVmZjg1ZGY5NjAyODdlNDMwNmUy
Y2NkZGU4NGViMzYwYjAxZDc5YWIwNDQ1ODY5ODBkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCHxnsPUn31invgPvNI4z1vAKU8RuVZsNXmAMkHg8xdQgP
rOHRmMXsEvpdSfxJW2z+PrUDp9o/zorQKlwtYTe74atBoHQU5M6YbKwJNT9Ed0zt
CqydrypdNrCjgAd3lPvzsAV3kPFqVWsYEAw6ztdRieZOP4iYbc7MmfVV+sh0W2E1
JJrdLP89S8nB5e/C+VzzTftq9IE3D07JtY5iYBvNTAiKTx9DaDNa9oCkvruz4xsU
sHlXlDUB2KfhWvUpSoSVeNzt7UE2QP87WzN6fbuI7gm6EhyHw+ZGnHouhj5ooUXR
v7BLIs0To+yw2aBQpZYkLsbDvjZ/uN1aS2kE6a+7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJuwVsXJnl0kHCH8Ge4cYm3GZS20wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JlOThkMmEyLTU2ZTUtNDc4Yi1hMDgwLTllOTY2MmQxMjg0YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABBCUkwDQYJKoZIhvcNAQELBQADggEBAM/QjIKUhGNEvGuTA7PU3EnPQtnz
ATAgMTJZmHD4nv7myhykR4OW8rQvNTTenPKJ9HEDZgYZSCm0Kdy6nWAm8ctgFay4
qZ1sTddNLfC52aCodtoI72wFXPS1Q5Wr2UnWK2oSssiaB6bQ+2Twm02qN/t1ze3d
47HxO1QhUkihbUGDD3X9lH0DvNF7cbCB9gG2/ig/qQzMxNBypeY4Qkci8GPavpiu
NTn3kUF6xRCXE5p/wFAOqBeq9Ak0hLrWGFfpIQWB0/282FczFJpWpLHT3wYVCt/y
pUkFRnDoxDIHzsr9ExRW1gHeKAdcFjAcRCbFF7yq0BUwVT9Krbo0N20Q7KE=
-----END CERTIFICATE-----