Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce802f82-6d5a-453e-b8c9-f5ee559bf8c5.roa
File:                     ce802f82-6d5a-453e-b8c9-f5ee559bf8c5.roa (raw, json)
Hash identifier:          opfDWMMRTsbtNN+XOJGWxu1wHaAoOxCv+9AFFUAeavM=
Subject key identifier:   FF:06:97:2C:BA:83:49:F6:C5:18:E8:07:16:CC:D3:D9:15:47:96:AF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7ED1B410270AEB2B5CA5C50A76AD35277A98CC28
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce802f82-6d5a-453e-b8c9-f5ee559bf8c5.roa
Signing time:             Tue 30 Sep 2025 00:02:50 +0000
ROA not before:           Tue 30 Sep 2025 00:02:50 +0000
ROA not after:            Tue 04 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        152.24.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:d1:b4:10:27:0a:eb:2b:5c:a5:c5:0a:76:ad:35:27:7a:98:cc:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 30 00:02:50 2025 GMT
            Not After : Nov  4 23:59:59 2025 GMT
        Subject: serialNumber=61247d3fdde2471e5b80f5746824c0f362e3c382bc6cd3c0b00be72528062154, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:9e:f2:34:63:66:f7:53:43:cb:73:2c:c9:f3:
                    8b:94:f5:04:59:2b:b2:18:24:85:62:48:97:ad:e1:
                    cb:59:6e:df:cb:79:ca:e0:37:a3:3a:b8:e6:03:9c:
                    7a:d8:81:92:62:55:bc:8a:47:03:16:a1:c6:7a:68:
                    4d:a0:32:b1:01:fc:11:a6:e4:6b:fb:4d:c2:34:40:
                    9a:af:63:33:8e:cc:22:cf:d3:23:6e:e4:ee:88:e4:
                    60:20:d0:63:0f:bf:c0:d7:76:be:68:93:c6:5f:04:
                    eb:5c:0d:43:f4:f0:c2:bb:6b:f5:e7:33:38:11:db:
                    0e:65:10:d6:4c:f2:ab:28:37:38:f3:2f:d3:0d:88:
                    a6:31:6b:1a:34:1d:66:40:c6:49:cb:1d:c3:e6:50:
                    4d:ef:e9:94:f1:04:47:9f:cf:fb:0e:ee:9d:61:bd:
                    af:bd:2c:48:d6:f4:3c:09:6f:0a:c4:1d:2f:20:5b:
                    eb:b2:60:a2:3d:35:d3:73:c1:5a:51:ba:4f:9b:9a:
                    46:38:83:86:c9:7b:28:cf:9a:04:83:c2:cd:ae:87:
                    ea:5a:27:b1:3e:70:4d:b3:87:3d:f2:98:ae:e4:2b:
                    55:ec:75:f7:70:88:fb:4c:b3:36:8a:85:93:b1:11:
                    cb:df:8a:65:70:5c:44:d7:a6:bd:e2:ec:26:df:38:
                    fd:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:06:97:2C:BA:83:49:F6:C5:18:E8:07:16:CC:D3:D9:15:47:96:AF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce802f82-6d5a-453e-b8c9-f5ee559bf8c5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.24.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         52:6e:46:b8:56:40:06:08:61:ea:fd:b2:ee:91:11:75:56:87:
         d3:a2:64:2b:e3:25:bb:28:8a:c7:44:4c:f9:43:96:d9:1f:52:
         0e:50:2f:1f:de:8c:0b:a9:7c:ef:57:28:66:be:30:d0:6b:b9:
         00:93:be:81:cf:ef:2f:99:fe:61:7a:79:e4:46:d1:32:73:60:
         f7:18:dd:41:05:9c:6d:83:1c:7e:cf:c2:5e:44:8b:11:8a:0e:
         80:24:be:c0:2f:87:e8:90:d0:ac:8d:7e:8e:06:24:8e:ba:74:
         de:9e:e6:54:52:f1:fe:07:74:77:f0:ab:33:09:02:bb:56:92:
         83:45:6f:84:f5:8c:e8:cd:d5:6d:45:81:e5:9e:ba:a1:43:1a:
         21:3b:83:ef:4d:b3:32:47:18:df:62:d5:60:6a:0b:f9:b1:1c:
         0f:fe:b7:10:40:71:f5:99:55:4a:73:ef:3b:d7:73:05:c9:3d:
         52:5c:89:73:09:8b:53:61:a2:ba:73:d7:88:2c:08:cc:ab:f9:
         17:a7:5a:f6:be:8a:4e:a6:98:f7:9d:80:78:86:28:dd:e6:52:
         34:c0:84:f7:fd:6f:9d:8d:7b:cd:94:59:f2:2c:54:2a:ac:3c:
         b0:aa:7d:5f:93:cf:c3:f3:92:f9:b3:12:b1:38:85:43:5e:f8:
         fc:a0:d0:42
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUftG0ECcK6ytcpcUKdq01J3qYzCgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTMwMDAwMjUwWhcNMjUxMTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MTI0N2QzZmRkZTI0NzFlNWI4MGY1NzQ2ODI0YzBmMzYy
ZTNjMzgyYmM2Y2QzYzBiMDBiZTcyNTI4MDYyMTU0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMnvI0Y2b3U0PLcyzJ84uU9QRZK7IYJIViSJet4ctZbt/L
ecrgN6M6uOYDnHrYgZJiVbyKRwMWocZ6aE2gMrEB/BGm5Gv7TcI0QJqvYzOOzCLP
0yNu5O6I5GAg0GMPv8DXdr5ok8ZfBOtcDUP08MK7a/XnMzgR2w5lENZM8qsoNzjz
L9MNiKYxaxo0HWZAxknLHcPmUE3v6ZTxBEefz/sO7p1hva+9LEjW9DwJbwrEHS8g
W+uyYKI9NdNzwVpRuk+bmkY4g4bJeyjPmgSDws2uh+paJ7E+cE2zhz3ymK7kK1Xs
dfdwiPtMszaKhZOxEcvfimVwXETXpr3i7CbfOP1XAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU/waXLLqDSfbFGOgHFszT2RVHlq8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NlODAyZjgyLTZkNWEtNDUzZS1iOGM5LWY1ZWU1NTliZjhjNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCYGDANBgkqhkiG9w0BAQsFAAOCAQEAUm5GuFZABghh6v2y7pERdVaH06Jk
K+MluyiKx0RM+UOW2R9SDlAvH96MC6l871coZr4w0Gu5AJO+gc/vL5n+YXp55EbR
MnNg9xjdQQWcbYMcfs/CXkSLEYoOgCS+wC+H6JDQrI1+jgYkjrp03p7mVFLx/gd0
d/CrMwkCu1aSg0VvhPWM6M3VbUWB5Z66oUMaITuD702zMkcY32LVYGoL+bEcD/63
EEBx9ZlVSnPvO9dzBck9UlyJcwmLU2GiunPXiCwIzKv5F6da9r6KTqaY952AeIYo
3eZSNMCE9/1vnY17zZRZ8ixUKqw8sKp9X5PPw/OS+bMSsTiFQ174/KDQQg==
-----END CERTIFICATE-----