Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6d6805b-2156-4b02-8570-bd69249e6bb9.roa
File:                     d6d6805b-2156-4b02-8570-bd69249e6bb9.roa (raw, json)
Hash identifier:          tGyjlMgdD3Jyf0wvrS8c6zL5a7Dz3ar1Fbj1/F69Jt0=
Subject key identifier:   7E:51:35:C2:2C:58:54:B6:1E:C4:B1:89:3B:9D:61:95:78:74:88:54
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       748AFB9347ED36E9354FEA65000FCCD7B55AA0C1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6d6805b-2156-4b02-8570-bd69249e6bb9.roa
Signing time:             Sat 18 Oct 2025 05:00:06 +0000
ROA not before:           Sat 18 Oct 2025 05:00:06 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.8.16.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:8a:fb:93:47:ed:36:e9:35:4f:ea:65:00:0f:cc:d7:b5:5a:a0:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 05:00:06 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=bda35169282a6c498a1e5552ddd54abef89e01c20a9431ead7804c4364e96cc5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:6d:a6:03:de:19:c5:d3:36:a8:31:ed:e5:5b:
                    0f:5b:71:a3:e2:dd:4c:d4:b7:2a:d3:72:99:29:1a:
                    84:bc:e6:d7:3e:41:b2:28:8a:e0:7d:76:5c:c8:3d:
                    45:99:59:15:65:b8:33:bc:6a:c0:fa:24:13:58:83:
                    0f:24:35:d8:cc:0a:6c:67:e8:b8:49:02:71:50:23:
                    5f:85:75:2c:8d:34:40:25:55:7f:24:10:01:3c:d1:
                    56:3a:71:a7:27:55:15:68:ab:ca:c8:17:b9:e2:7b:
                    82:45:61:d0:dd:1a:ae:b8:9f:76:0a:f3:a8:6f:d0:
                    9f:e1:b7:4a:8b:25:5f:75:f4:94:c1:62:81:47:79:
                    ee:97:4d:dc:4c:20:aa:d6:42:3a:4d:67:9f:8f:b4:
                    70:b6:3d:ec:b7:d2:77:09:20:2b:22:a1:50:ab:ae:
                    69:93:c5:dc:f8:33:2a:27:96:b3:db:85:76:bf:f4:
                    02:bb:30:62:e6:2a:00:5d:dd:f9:bf:73:d1:d2:96:
                    43:aa:86:a3:9e:85:8d:d4:65:b1:da:b9:3a:c0:d9:
                    ed:e6:f0:bd:85:00:62:42:87:2a:44:e3:08:ef:96:
                    a7:15:d5:b0:2e:20:5e:8c:b2:55:8a:cb:fc:b5:82:
                    96:e0:92:9d:a1:42:7d:77:1f:b2:1e:25:63:41:28:
                    d3:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:51:35:C2:2C:58:54:B6:1E:C4:B1:89:3B:9D:61:95:78:74:88:54
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6d6805b-2156-4b02-8570-bd69249e6bb9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.8.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         cc:57:5f:5b:08:bd:f7:95:85:9b:cb:b9:45:d4:62:2e:28:90:
         77:62:2d:7f:45:91:4e:b4:7d:e5:cd:2c:4a:34:21:72:26:a7:
         d3:65:12:2b:75:0e:6f:88:fa:5a:a3:05:89:42:77:12:c7:49:
         4a:7b:0e:2a:82:2f:75:62:29:6c:8c:98:6e:5a:ec:c7:9b:7b:
         26:d6:a9:1b:e6:ab:37:8f:28:cc:b5:99:2a:26:e5:28:e9:e2:
         bb:ee:bd:2e:a5:e4:11:82:6a:1c:21:87:b5:a1:15:f3:19:65:
         73:d1:be:1f:ce:be:f1:d4:dd:27:b5:33:66:d9:30:c3:33:3f:
         7f:a2:55:f5:e3:20:22:4f:3f:5f:39:e6:56:12:dd:ef:4e:e1:
         f0:3d:28:d4:72:be:e4:fc:bb:bd:e7:6d:e5:17:93:85:44:d7:
         0a:45:4a:49:64:28:3f:e8:53:35:4d:b0:12:32:1e:ae:fd:f0:
         a6:82:3a:f4:fa:54:c2:e9:aa:ad:93:41:62:d2:87:46:a1:73:
         a1:a0:ad:9d:0e:13:71:7b:35:f7:39:2f:31:41:d7:45:9a:aa:
         77:88:0e:83:a3:4c:08:4f:08:e8:34:ce:ac:d0:e5:d5:60:cc:
         8c:be:1d:96:7e:57:93:4a:a1:ad:c7:75:bf:dd:b8:ca:cf:31:
         b5:d0:45:94
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdIr7k0ftNuk1T+plAA/M17VaoMEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDUwMDA2WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BiZGEzNTE2OTI4MmE2YzQ5OGExZTU1NTJkZGQ1NGFiZWY4
OWUwMWMyMGE5NDMxZWFkNzgwNGM0MzY0ZTk2Y2M1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzbaYD3hnF0zaoMe3lWw9bcaPi3UzUtyrTcpkpGoS85tc+
QbIoiuB9dlzIPUWZWRVluDO8asD6JBNYgw8kNdjMCmxn6LhJAnFQI1+FdSyNNEAl
VX8kEAE80VY6cacnVRVoq8rIF7nie4JFYdDdGq64n3YK86hv0J/ht0qLJV919JTB
YoFHee6XTdxMIKrWQjpNZ5+PtHC2Pey30ncJICsioVCrrmmTxdz4MyonlrPbhXa/
9AK7MGLmKgBd3fm/c9HSlkOqhqOehY3UZbHauTrA2e3m8L2FAGJChypE4wjvlqcV
1bAuIF6MslWKy/y1gpbgkp2hQn13H7IeJWNBKNN3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUflE1wixYVLYexLGJO51hlXh0iFQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q2ZDY4MDViLTIxNTYtNGIwMi04NTcwLWJkNjkyNDllNmJiOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARBCBAwDQYJKoZIhvcNAQELBQADggEBAMxXX1sIvfeVhZvLuUXUYi4okHdi
LX9FkU60feXNLEo0IXImp9NlEit1Dm+I+lqjBYlCdxLHSUp7DiqCL3ViKWyMmG5a
7MebeybWqRvmqzePKMy1mSom5Sjp4rvuvS6l5BGCahwhh7WhFfMZZXPRvh/OvvHU
3Se1M2bZMMMzP3+iVfXjICJPP1855lYS3e9O4fA9KNRyvuT8u73nbeUXk4VE1wpF
SklkKD/oUzVNsBIyHq798KaCOvT6VMLpqq2TQWLSh0ahc6GgrZ0OE3F7Nfc5LzFB
10WaqneIDoOjTAhPCOg0zqzQ5dVgzIy+HZZ+V5NKoa3Hdb/duMrPMbXQRZQ=
-----END CERTIFICATE-----