Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c7a8cd00-5495-477b-83ed-ecaa10aa0643.roa
File:                     c7a8cd00-5495-477b-83ed-ecaa10aa0643.roa (raw, json)
Hash identifier:          UTTvNVzQmAGB7fQSJQqPn2k064eFUn3nYTCrP+lx3Pc=
Subject key identifier:   6A:44:0F:1C:0B:2E:47:D2:D2:75:08:00:C0:14:CC:D8:9B:D3:DE:62
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       207F94F659097E61887E7377A9C5B285FC913EB8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c7a8cd00-5495-477b-83ed-ecaa10aa0643.roa
Signing time:             Tue 14 Oct 2025 17:52:31 +0000
ROA not before:           Tue 14 Oct 2025 17:52:31 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        71.152.29.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:7f:94:f6:59:09:7e:61:88:7e:73:77:a9:c5:b2:85:fc:91:3e:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 17:52:31 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=815ab400265dd931590f55f7bcddf623a231742deec91db52bbda9933a5ffeed, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:40:15:1b:2d:ea:6c:32:30:6c:80:e3:9b:25:
                    c4:81:e5:b3:e7:08:99:39:a0:31:6d:fd:f4:2b:82:
                    a1:32:b8:de:6c:75:89:0e:84:e0:ec:53:e8:1f:c6:
                    50:96:87:56:24:2a:ba:77:e4:76:45:f5:fa:82:c4:
                    e8:0a:21:f3:02:8b:54:68:01:0a:0b:66:38:a3:7b:
                    28:0c:91:37:67:d2:83:08:9c:ad:96:f9:36:87:c0:
                    c5:29:7d:da:e8:69:ac:1c:77:be:17:35:f7:58:6e:
                    ae:bf:23:a5:6b:a4:8b:74:0c:0e:cf:2c:11:a2:2a:
                    3b:3c:46:e1:ec:a6:56:f7:a4:6e:13:6a:f9:63:a7:
                    08:c1:d9:f6:ba:0c:8e:3e:0a:cc:fa:01:1c:9b:47:
                    dc:9e:db:e1:8d:92:4f:72:ac:69:28:3a:b8:fd:9b:
                    12:6c:74:d6:d5:f3:da:5a:b7:59:ab:20:9f:10:39:
                    a9:1e:21:d6:4d:be:48:e2:c3:8d:61:06:00:bd:59:
                    90:c6:cf:ed:79:0b:4a:5e:04:8e:20:15:50:46:87:
                    53:d2:eb:54:e3:e1:95:18:05:9e:eb:a7:d0:ea:12:
                    c1:d7:7c:5c:de:43:71:ec:0d:c3:e0:e7:90:d9:4d:
                    e9:76:09:ad:d4:c8:3c:61:ce:d6:d5:f6:fc:46:ee:
                    1b:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:44:0F:1C:0B:2E:47:D2:D2:75:08:00:C0:14:CC:D8:9B:D3:DE:62
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c7a8cd00-5495-477b-83ed-ecaa10aa0643.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  71.152.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:e1:44:9a:f1:6b:f0:57:70:7f:67:d6:2d:c8:52:3e:89:06:
         7d:f9:eb:72:fd:10:98:b8:12:49:d7:48:83:39:60:7f:64:44:
         33:6d:3c:3a:24:0a:77:9a:a8:71:32:85:2e:43:99:4b:43:5d:
         1c:fd:cc:37:be:1f:bc:da:87:b5:36:b2:30:21:87:e2:91:97:
         99:5c:e0:da:cc:cb:ba:e8:a9:32:1f:d1:2e:23:94:02:f3:9f:
         ad:20:35:a5:5d:b6:5c:c0:81:3d:e4:75:2b:9b:cf:78:d0:0a:
         0d:5a:3f:5b:96:22:f8:5e:7b:be:fe:72:ce:0c:8d:07:63:2f:
         a4:11:16:9a:21:a5:c2:0b:6c:97:4a:04:30:35:b7:7b:5e:b9:
         86:b5:6b:4f:1b:a3:5e:a3:84:81:58:f5:72:ae:fe:e9:8f:9b:
         7d:37:55:bf:d1:eb:9f:ee:d5:a4:2e:24:35:b1:d8:c5:3d:ab:
         5b:92:43:a0:9e:eb:91:3f:43:10:fb:ad:a6:35:b3:9e:b0:d3:
         17:eb:86:66:45:c3:db:3d:0e:ed:99:6f:0b:a7:47:93:d3:33:
         55:35:c0:73:c1:3c:56:12:e1:38:e5:05:e4:98:0e:a8:43:be:
         7f:37:7d:a3:2f:58:dd:f0:90:92:b6:26:fb:99:75:82:d9:69:
         44:83:5c:d1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIH+U9lkJfmGIfnN3qcWyhfyRPrgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTc1MjMxWhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MTVhYjQwMDI2NWRkOTMxNTkwZjU1ZjdiY2RkZjYyM2Ey
MzE3NDJkZWVjOTFkYjUyYmJkYTk5MzNhNWZmZWVkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7QBUbLepsMjBsgOObJcSB5bPnCJk5oDFt/fQrgqEyuN5s
dYkOhODsU+gfxlCWh1YkKrp35HZF9fqCxOgKIfMCi1RoAQoLZjijeygMkTdn0oMI
nK2W+TaHwMUpfdroaawcd74XNfdYbq6/I6VrpIt0DA7PLBGiKjs8RuHsplb3pG4T
avljpwjB2fa6DI4+Csz6ARybR9ye2+GNkk9yrGkoOrj9mxJsdNbV89pat1mrIJ8Q
OakeIdZNvkjiw41hBgC9WZDGz+15C0peBI4gFVBGh1PS61Tj4ZUYBZ7rp9DqEsHX
fFzeQ3HsDcPg55DZTel2Ca3UyDxhztbV9vxG7htxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUakQPHAsuR9LSdQgAwBTM2JvT3mIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M3YThjZDAwLTU0OTUtNDc3Yi04M2VkLWVjYWExMGFhMDY0My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABHmB0wDQYJKoZIhvcNAQELBQADggEBAJvhRJrxa/BXcH9n1i3IUj6JBn35
63L9EJi4EknXSIM5YH9kRDNtPDokCneaqHEyhS5DmUtDXRz9zDe+H7zah7U2sjAh
h+KRl5lc4NrMy7roqTIf0S4jlALzn60gNaVdtlzAgT3kdSubz3jQCg1aP1uWIvhe
e77+cs4MjQdjL6QRFpohpcILbJdKBDA1t3teuYa1a08bo16jhIFY9XKu/umPm303
Vb/R65/u1aQuJDWx2MU9q1uSQ6Ce65E/QxD7raY1s56w0xfrhmZFw9s9Du2Zbwun
R5PTM1U1wHPBPFYS4TjlBeSYDqhDvn83faMvWN3wkJK2JvuZdYLZaUSDXNE=
-----END CERTIFICATE-----