Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb56cb92-b2af-486c-8e14-550871fce8cf.roa
File:                     cb56cb92-b2af-486c-8e14-550871fce8cf.roa (raw, json)
Hash identifier:          F7jVhhqhCOjYNREZh4rsg24vAgv8adiIVUyQ64l+4qk=
Subject key identifier:   44:9F:42:5B:A7:3B:1B:EE:24:A2:52:F3:00:F8:A8:48:32:9E:67:CE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3AEAF6784AD5C7E647C07C23D5759228048CED49
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb56cb92-b2af-486c-8e14-550871fce8cf.roa
Signing time:             Wed 22 Oct 2025 00:10:13 +0000
ROA not before:           Wed 22 Oct 2025 00:10:13 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        70.131.192.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:ea:f6:78:4a:d5:c7:e6:47:c0:7c:23:d5:75:92:28:04:8c:ed:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:10:13 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=64f56109eb291d2b87b2e4935fe03328db112103216884aa6d23fc0829ed4209, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f4:7d:55:b5:d2:53:e8:03:79:ec:5a:78:67:
                    98:4d:d0:c3:e4:de:36:9d:fc:33:38:23:75:de:41:
                    43:eb:b7:e7:fc:f0:0e:0b:14:d5:f4:a9:de:e7:b8:
                    96:73:e6:51:65:fe:4d:91:93:c2:de:a5:e0:d8:24:
                    40:e6:58:d6:16:12:6f:23:b9:91:ff:4e:10:df:ba:
                    fd:42:d1:ce:e9:e2:5e:37:9d:42:00:b8:11:b6:23:
                    e0:ae:76:82:39:eb:90:98:58:bd:d8:de:a9:29:3d:
                    d8:8d:00:50:a4:ef:8d:ae:82:d6:ee:d2:1d:b2:a3:
                    03:fa:57:28:a5:4b:cd:36:78:10:30:c1:69:fb:98:
                    1b:89:3e:5e:93:01:93:e5:bf:cc:1e:0b:d6:b4:ae:
                    f4:97:2d:b6:32:15:fb:50:9c:90:25:e4:8c:4b:57:
                    e0:db:5d:7a:44:3e:64:82:9c:d3:82:77:29:ae:5b:
                    a0:b6:4e:82:33:3b:7b:e3:a1:fa:2b:7f:8c:f7:b6:
                    23:7d:72:99:32:55:ec:ef:3e:a6:41:cc:3d:b5:e1:
                    2f:6b:d8:a1:cd:83:18:fd:73:a3:d4:8c:5a:91:cc:
                    3b:3d:2b:43:8d:60:31:8c:43:4a:78:bf:0f:ba:f6:
                    ea:74:fb:b1:85:12:be:09:ed:34:20:b3:fa:fd:6b:
                    bb:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:9F:42:5B:A7:3B:1B:EE:24:A2:52:F3:00:F8:A8:48:32:9E:67:CE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb56cb92-b2af-486c-8e14-550871fce8cf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  70.131.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         91:f5:fb:c3:2d:5f:03:1a:f8:d9:cf:f8:ab:a8:cf:88:ab:ce:
         e5:93:dd:ae:65:30:fc:17:29:e1:9d:cd:3d:7f:e8:4a:00:07:
         81:3a:2a:0e:4a:2e:e5:4b:31:1c:e7:0b:d3:17:ed:70:09:13:
         63:21:6f:63:55:df:10:2e:48:09:bb:25:34:68:99:38:81:41:
         fe:78:ac:90:f6:8d:6c:22:02:70:21:7c:b0:c0:87:4a:e2:45:
         2d:a5:b8:2e:7c:0a:cd:24:b2:0f:9f:60:3c:9e:88:fa:59:8b:
         c0:b9:8e:41:9f:72:ab:f2:f2:7e:88:2b:17:af:aa:f3:90:97:
         dd:31:f2:87:5f:22:96:fd:cc:1d:f1:d7:04:3f:ef:00:52:41:
         2d:de:05:df:7a:f3:db:2a:ac:28:32:38:80:4d:96:11:77:9d:
         74:01:3c:ca:5b:44:e6:50:11:fb:68:5b:02:7c:ad:06:91:2c:
         e9:16:a8:95:34:e7:87:a6:57:8e:48:54:d0:57:40:95:47:97:
         04:84:12:92:6d:7e:4d:f8:45:9c:bf:59:bb:c6:f7:4c:85:1e:
         e8:9c:c7:16:7b:53:0d:b4:73:ed:bb:df:d2:52:8a:4e:8d:02:
         4d:eb:7a:f0:65:bf:b9:ab:c2:67:f4:2b:13:d5:37:8b:3e:03:
         81:48:c0:7a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOur2eErVx+ZHwHwj1XWSKASM7UkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAxMDEzWhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NGY1NjEwOWViMjkxZDJiODdiMmU0OTM1ZmUwMzMyOGRi
MTEyMTAzMjE2ODg0YWE2ZDIzZmMwODI5ZWQ0MjA5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCz9H1VtdJT6AN57Fp4Z5hN0MPk3jad/DM4I3XeQUPrt+f8
8A4LFNX0qd7nuJZz5lFl/k2Rk8LepeDYJEDmWNYWEm8juZH/ThDfuv1C0c7p4l43
nUIAuBG2I+CudoI565CYWL3Y3qkpPdiNAFCk742ugtbu0h2yowP6VyilS802eBAw
wWn7mBuJPl6TAZPlv8weC9a0rvSXLbYyFftQnJAl5IxLV+DbXXpEPmSCnNOCdymu
W6C2ToIzO3vjoforf4z3tiN9cpkyVezvPqZBzD214S9r2KHNgxj9c6PUjFqRzDs9
K0ONYDGMQ0p4vw+69up0+7GFEr4J7TQgs/r9a7vLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURJ9CW6c7G+4kolLzAPioSDKeZ84wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NiNTZjYjkyLWIyYWYtNDg2Yy04ZTE0LTU1MDg3MWZjZThjZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZGg8AwDQYJKoZIhvcNAQELBQADggEBAJH1+8MtXwMa+NnP+Kuoz4irzuWT
3a5lMPwXKeGdzT1/6EoAB4E6Kg5KLuVLMRznC9MX7XAJE2Mhb2NV3xAuSAm7JTRo
mTiBQf54rJD2jWwiAnAhfLDAh0riRS2luC58Cs0ksg+fYDyeiPpZi8C5jkGfcqvy
8n6IKxevqvOQl90x8odfIpb9zB3x1wQ/7wBSQS3eBd9689sqrCgyOIBNlhF3nXQB
PMpbROZQEftoWwJ8rQaRLOkWqJU054emV45IVNBXQJVHlwSEEpJtfk34RZy/WbvG
90yFHuicxxZ7Uw20c+2739JSik6NAk3revBlv7mrwmf0KxPVN4s+A4FIwHo=
-----END CERTIFICATE-----