Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cf035cdb-746d-4d6a-8fda-14c5df4f4ae8.roa
File:                     cf035cdb-746d-4d6a-8fda-14c5df4f4ae8.roa (raw, json)
Hash identifier:          vYV5seMCvEzCjw94x/3OgFYK4FMRHlRL5Hnr5zdhQQw=
Subject key identifier:   15:8C:46:BE:01:CE:A4:C6:BE:13:64:E0:BD:56:46:2B:92:A0:15:EE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4F81588B2F4F9411152F322DC59CE35EAB66FDD2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cf035cdb-746d-4d6a-8fda-14c5df4f4ae8.roa
Signing time:             Sat 18 Oct 2025 05:01:12 +0000
ROA not before:           Sat 18 Oct 2025 05:01:12 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.8.0.0/17 maxlen: 17
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:81:58:8b:2f:4f:94:11:15:2f:32:2d:c5:9c:e3:5e:ab:66:fd:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 05:01:12 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=b95185b6216d36543fed4776a07a2cb0619b74b1385095c0e5f6b812382027fe, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0f:c4:3f:e7:28:0c:2f:4f:42:30:ec:df:4d:
                    85:20:0a:be:ca:de:a0:22:9e:30:d1:48:b1:5c:fc:
                    3b:e3:0a:20:b5:ff:1b:8e:19:d5:a4:50:31:d1:08:
                    bd:d4:af:19:05:bd:00:27:60:5c:be:66:2c:db:60:
                    53:33:1c:6c:ce:b4:18:cc:15:54:ce:d4:4d:fb:fc:
                    45:f9:08:60:40:3a:e5:80:d3:67:ef:80:c1:39:ce:
                    1b:f1:8f:45:77:7d:04:60:10:48:56:99:15:b6:0a:
                    06:38:03:ca:d4:47:06:ac:84:ee:25:fa:f9:ff:72:
                    e7:67:4f:1f:57:09:45:eb:5e:de:f5:42:4c:30:0b:
                    82:e2:b4:b2:4b:53:67:19:74:0e:5e:55:5f:9e:85:
                    2d:78:3e:87:08:df:38:b3:ec:33:a5:1a:d2:44:7c:
                    f5:5c:dd:61:09:07:50:d1:99:8e:a6:20:2d:46:be:
                    32:d1:a6:93:13:83:2b:04:33:11:ca:54:5d:de:5c:
                    e6:7e:69:44:38:35:7b:09:45:36:c9:f8:2a:44:06:
                    4e:af:be:49:ec:a4:46:63:a3:fd:a9:89:05:96:28:
                    d3:a4:22:47:5e:c1:79:4a:3f:5b:15:7c:7f:47:ad:
                    cd:5b:1c:10:6b:c5:c0:0e:db:b2:9a:d2:8a:5a:85:
                    78:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:8C:46:BE:01:CE:A4:C6:BE:13:64:E0:BD:56:46:2B:92:A0:15:EE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cf035cdb-746d-4d6a-8fda-14c5df4f4ae8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.8.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         3a:c5:3f:f9:5d:7e:b8:ca:c9:68:b3:f1:c5:59:21:96:01:ee:
         3b:74:b8:8d:75:d7:c7:b3:cc:e2:c2:c6:74:9f:52:a2:91:b5:
         fe:cc:5b:f2:5b:db:1f:c0:f6:65:22:42:f0:a2:98:9f:d0:f5:
         70:d6:bc:1c:28:dc:ed:b4:fc:97:ef:1f:0f:fb:ea:75:34:2e:
         ed:53:87:df:c8:ed:b3:db:16:16:95:9b:76:17:57:8d:4a:92:
         fa:9a:29:20:f0:ce:b5:6c:e2:e1:67:17:57:3a:b7:e4:f9:92:
         ac:29:07:6c:48:4a:55:ce:ed:5c:0c:84:1f:40:0c:22:4e:79:
         3f:8e:8b:17:48:67:dd:fd:76:25:4f:68:c0:80:e9:0c:16:0a:
         09:d4:31:d7:76:66:2c:7e:72:93:e2:ee:84:c9:3f:f4:08:96:
         68:1f:80:6c:62:58:2d:77:26:72:b2:3f:51:06:e6:5c:ed:91:
         20:c5:f1:fd:be:db:57:66:3e:18:6b:26:3c:0a:99:c8:fb:55:
         b2:23:09:4b:09:62:79:e5:a3:cc:1c:26:5a:8c:d3:50:dd:33:
         8b:2f:95:6b:b5:9c:b6:98:7e:1d:2f:b0:02:e0:34:6c:84:6e:
         ab:d0:32:d4:29:57:06:b7:81:fa:d9:1b:b4:ba:4a:7d:4a:1d:
         61:fb:e2:65
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUT4FYiy9PlBEVLzItxZzjXqtm/dIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDUwMTEyWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BiOTUxODViNjIxNmQzNjU0M2ZlZDQ3NzZhMDdhMmNiMDYx
OWI3NGIxMzg1MDk1YzBlNWY2YjgxMjM4MjAyN2ZlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/D8Q/5ygML09CMOzfTYUgCr7K3qAinjDRSLFc/DvjCiC1
/xuOGdWkUDHRCL3UrxkFvQAnYFy+ZizbYFMzHGzOtBjMFVTO1E37/EX5CGBAOuWA
02fvgME5zhvxj0V3fQRgEEhWmRW2CgY4A8rURwashO4l+vn/cudnTx9XCUXrXt71
QkwwC4LitLJLU2cZdA5eVV+ehS14PocI3ziz7DOlGtJEfPVc3WEJB1DRmY6mIC1G
vjLRppMTgysEMxHKVF3eXOZ+aUQ4NXsJRTbJ+CpEBk6vvknspEZjo/2piQWWKNOk
IkdewXlKP1sVfH9Hrc1bHBBrxcAO27Ka0opahXjNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFYxGvgHOpMa+E2TgvVZGK5KgFe4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NmMDM1Y2RiLTc0NmQtNGQ2YS04ZmRhLTE0YzVkZjRmNGFlOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdBCAAwDQYJKoZIhvcNAQELBQADggEBADrFP/ldfrjKyWiz8cVZIZYB7jt0
uI1118ezzOLCxnSfUqKRtf7MW/Jb2x/A9mUiQvCimJ/Q9XDWvBwo3O20/JfvHw/7
6nU0Lu1Th9/I7bPbFhaVm3YXV41KkvqaKSDwzrVs4uFnF1c6t+T5kqwpB2xISlXO
7VwMhB9ADCJOeT+OixdIZ939diVPaMCA6QwWCgnUMdd2Zix+cpPi7oTJP/QIlmgf
gGxiWC13JnKyP1EG5lztkSDF8f2+21dmPhhrJjwKmcj7VbIjCUsJYnnlo8wcJlqM
01DdM4svlWu1nLaYfh0vsALgNGyEbqvQMtQpVwa3gfrZG7S6Sn1KHWH74mU=
-----END CERTIFICATE-----