Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c2b618a0-430d-4d27-abca-4e06f4648926.roa
File:                     c2b618a0-430d-4d27-abca-4e06f4648926.roa (raw, json)
Hash identifier:          pfPD+SH31+b0ceArtFDAjhzwF057IKww2PEW5x2Zhek=
Subject key identifier:   A0:A6:0F:CE:66:B0:C8:6C:9C:5B:01:B3:FD:BC:12:9A:07:5E:F6:8B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       18FE8EE8A297D63492C54C2D41AF2726C2D31E05
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c2b618a0-430d-4d27-abca-4e06f4648926.roa
Signing time:             Fri 03 Oct 2025 00:40:57 +0000
ROA not before:           Fri 03 Oct 2025 00:40:57 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.119.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:fe:8e:e8:a2:97:d6:34:92:c5:4c:2d:41:af:27:26:c2:d3:1e:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:40:57 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=aa3b7fce0b800a2f66c0d0a1805e59da1c64e7df2427082662aa520eb3780393, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d2:5f:e3:6f:92:af:d5:7f:18:a7:e2:74:03:
                    7c:ee:48:4e:5c:18:76:62:73:71:fe:6a:1d:46:29:
                    07:39:0b:41:c6:af:07:fc:f5:9e:f7:79:40:6f:c1:
                    c8:49:64:8a:79:f5:74:fc:7c:ae:35:7f:51:60:cf:
                    66:d1:9a:aa:6d:b0:6f:a4:65:db:32:3d:a9:5d:24:
                    7a:82:8b:1e:ad:8c:a7:56:dc:71:25:cc:bb:60:2a:
                    92:91:89:48:13:fd:89:f1:c9:b5:34:1a:2f:35:77:
                    b0:f1:84:dd:88:d4:c1:e0:72:83:32:4e:e0:a2:eb:
                    db:47:27:b7:09:e0:76:fb:c9:6c:2f:c4:25:0a:95:
                    34:9d:63:ec:8e:24:41:6b:cc:55:56:59:84:1e:f1:
                    61:62:0a:07:56:df:47:7a:56:20:62:80:f7:70:7e:
                    2c:fe:2f:ac:32:69:43:a9:c4:2b:3f:48:4c:d6:77:
                    80:ea:7e:25:f1:c6:53:f1:03:a9:24:7f:64:10:76:
                    55:61:a7:b4:15:9b:00:cb:52:d6:a1:43:aa:3c:d2:
                    82:40:ed:b1:a5:72:3f:44:3c:1f:72:47:92:7b:e6:
                    42:26:65:89:94:04:50:25:f2:b5:e4:6f:55:ce:7d:
                    f5:a9:ff:a2:b2:23:26:d1:55:03:4e:f0:22:a6:f5:
                    be:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:A6:0F:CE:66:B0:C8:6C:9C:5B:01:B3:FD:BC:12:9A:07:5E:F6:8B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c2b618a0-430d-4d27-abca-4e06f4648926.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:90:91:6d:26:af:e9:49:cd:ef:dd:14:9a:20:eb:3e:8b:93:
         b5:23:1e:ba:05:1d:b8:d7:c3:06:53:4e:59:46:83:c1:72:72:
         8f:aa:df:94:5a:c0:e3:a2:aa:8c:d6:66:e6:41:04:e8:17:a7:
         b7:73:ce:fa:35:87:68:7b:b2:85:94:6d:11:e8:77:17:7a:f8:
         9d:99:41:10:1f:c2:37:75:36:25:66:97:34:4d:20:c8:95:2f:
         8c:4d:92:e5:54:d4:e1:89:41:ff:bf:ba:2f:47:4f:d5:70:a3:
         e4:b7:ff:f3:01:35:cb:7c:42:78:2d:71:f4:58:94:4a:55:9f:
         8d:ba:7c:c6:d4:9b:ea:23:a1:1d:5f:11:a0:be:21:36:e0:d5:
         5a:b1:82:af:23:fd:55:74:59:28:9f:32:3b:c8:cd:de:5f:d0:
         66:3e:c2:87:b6:c4:36:c3:d2:25:72:c5:28:35:7a:4f:2d:5a:
         b1:09:c3:d1:02:bd:9d:91:36:76:23:df:33:de:e1:bd:94:32:
         f5:11:20:1b:1e:ab:2b:5e:4d:9f:3d:a9:cf:af:73:34:31:8d:
         c8:bc:5a:a7:7d:bd:08:e5:18:60:41:ba:fa:a2:69:e9:9d:82:
         95:15:a2:e7:a4:94:63:e9:58:35:0f:53:bd:8c:c8:5a:a3:e3:
         e9:43:c2:53
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGP6O6KKX1jSSxUwtQa8nJsLTHgUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDA0MDU3WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYTNiN2ZjZTBiODAwYTJmNjZjMGQwYTE4MDVlNTlkYTFj
NjRlN2RmMjQyNzA4MjY2MmFhNTIwZWIzNzgwMzkzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC10l/jb5Kv1X8Yp+J0A3zuSE5cGHZic3H+ah1GKQc5C0HG
rwf89Z73eUBvwchJZIp59XT8fK41f1Fgz2bRmqptsG+kZdsyPaldJHqCix6tjKdW
3HElzLtgKpKRiUgT/YnxybU0Gi81d7DxhN2I1MHgcoMyTuCi69tHJ7cJ4Hb7yWwv
xCUKlTSdY+yOJEFrzFVWWYQe8WFiCgdW30d6ViBigPdwfiz+L6wyaUOpxCs/SEzW
d4DqfiXxxlPxA6kkf2QQdlVhp7QVmwDLUtahQ6o80oJA7bGlcj9EPB9yR5J75kIm
ZYmUBFAl8rXkb1XOffWp/6KyIybRVQNO8CKm9b63AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoKYPzmawyGycWwGz/bwSmgde9oswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MyYjYxOGEwLTQzMGQtNGQyNy1hYmNhLTRlMDZmNDY0ODkyNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/HcwDQYJKoZIhvcNAQELBQADggEBAJmQkW0mr+lJze/dFJog6z6Lk7Uj
HroFHbjXwwZTTllGg8Fyco+q35RawOOiqozWZuZBBOgXp7dzzvo1h2h7soWUbRHo
dxd6+J2ZQRAfwjd1NiVmlzRNIMiVL4xNkuVU1OGJQf+/ui9HT9Vwo+S3//MBNct8
QngtcfRYlEpVn426fMbUm+ojoR1fEaC+ITbg1Vqxgq8j/VV0WSifMjvIzd5f0GY+
woe2xDbD0iVyxSg1ek8tWrEJw9ECvZ2RNnYj3zPe4b2UMvURIBseqyteTZ89qc+v
czQxjci8Wqd9vQjlGGBBuvqiaemdgpUVoueklGPpWDUPU72MyFqj4+lDwlM=
-----END CERTIFICATE-----