Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e403cab2-349f-4e13-8f3b-c097aeec00c0.roa
File:                     e403cab2-349f-4e13-8f3b-c097aeec00c0.roa (raw, json)
Hash identifier:          pPAo7V8YQ9bjQoi1X2WD7Qk/aBjsicKoBDxlI4VrWns=
Subject key identifier:   60:66:04:72:89:08:F5:80:28:BD:F8:EC:5B:A3:AD:93:89:21:60:12
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       72D65947C25C21CE4CA8908120D0936938679B5C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e403cab2-349f-4e13-8f3b-c097aeec00c0.roa
Signing time:             Sat 18 Oct 2025 01:40:49 +0000
ROA not before:           Sat 18 Oct 2025 01:40:49 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.9.28.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:d6:59:47:c2:5c:21:ce:4c:a8:90:81:20:d0:93:69:38:67:9b:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 01:40:49 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=7fbd108d33f907428402b576c702c6e1d3ade0223892ce10375dd32504524bf3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:00:2b:e1:13:a1:7f:01:50:3a:1c:b4:62:4c:
                    57:9e:54:a4:d8:53:72:f0:59:d5:3e:5f:54:93:bc:
                    dc:88:8b:08:5b:77:29:27:26:77:b0:28:ab:01:d4:
                    00:53:e5:c4:2a:7a:1c:af:8e:b8:ec:0c:96:d9:db:
                    3d:dc:87:fd:71:9a:5b:8a:20:ee:8c:50:2a:2b:e3:
                    88:f8:8f:6b:4c:ed:8e:05:40:1b:17:47:21:ca:2b:
                    81:63:73:a0:92:d0:f3:69:ec:b6:54:84:f8:2f:97:
                    7e:0a:94:b4:47:c5:42:a6:5f:fa:36:97:d3:30:e0:
                    06:4d:ff:01:d1:e0:28:37:ac:8c:e1:30:8c:c2:da:
                    b3:6c:2a:31:c1:3e:26:5b:63:74:dc:36:0f:03:0b:
                    a3:87:e7:8b:39:65:2e:89:26:ac:2f:0b:c1:5b:8c:
                    9d:59:b6:44:d8:26:e4:cf:80:ee:63:ae:de:40:a2:
                    0d:cb:b0:bf:8b:fa:49:d3:03:7a:7d:d3:03:9f:e2:
                    7e:a4:52:be:db:37:16:09:78:11:18:c6:2d:d5:57:
                    1b:aa:32:e6:7b:79:72:b7:73:a2:c8:f5:84:fa:5c:
                    1c:8b:30:2f:90:49:e7:4c:31:c6:2d:95:0c:0c:6b:
                    c4:03:81:34:05:bb:55:6d:c0:f8:21:ec:5d:95:2e:
                    6f:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:66:04:72:89:08:F5:80:28:BD:F8:EC:5B:A3:AD:93:89:21:60:12
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e403cab2-349f-4e13-8f3b-c097aeec00c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.9.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:ba:13:0b:88:82:13:49:ec:92:5a:e2:aa:8b:0a:19:09:09:
         dc:dc:68:87:9d:7c:61:df:24:71:55:40:ae:6a:12:dc:f4:1c:
         ba:1a:92:82:bc:d8:9f:2d:0a:a5:ce:b4:54:0f:e5:2f:b8:af:
         a6:e6:0f:4e:68:0b:1e:a3:37:1c:22:61:81:14:89:76:69:89:
         c2:27:19:fa:0c:4b:c1:93:86:d4:02:9b:fd:82:20:1b:42:20:
         70:6e:c6:50:b8:8f:84:5e:af:e5:cf:20:bc:48:2b:2f:7a:b7:
         9e:41:02:45:9d:89:1e:42:ab:97:47:29:aa:0b:4a:7b:59:c2:
         5e:c7:4a:4f:ee:2d:37:57:7d:b8:3e:d0:f2:31:46:7b:9c:2c:
         e0:28:72:29:d0:a8:c3:ba:4c:66:8c:b8:5f:66:ae:fe:b5:10:
         6d:1c:ab:54:7c:38:13:9e:e7:bd:4b:3d:45:0e:6e:cf:5d:61:
         47:a3:03:b0:f4:34:78:26:54:71:7a:b0:47:de:3c:c7:a1:28:
         16:cd:a5:4e:24:0e:93:00:88:8b:6c:1d:b6:4b:c5:c3:ed:7e:
         6b:3a:dc:70:27:0d:3b:33:73:dc:93:1e:7b:dc:95:a8:2e:e6:
         0f:35:c3:71:c0:af:98:56:7d:bb:8a:f2:f7:3e:9b:c3:8b:4a:
         58:c8:0d:52
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUctZZR8JcIc5MqJCBINCTaThnm1wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDE0MDQ5WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZmJkMTA4ZDMzZjkwNzQyODQwMmI1NzZjNzAyYzZlMWQz
YWRlMDIyMzg5MmNlMTAzNzVkZDMyNTA0NTI0YmYzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoACvhE6F/AVA6HLRiTFeeVKTYU3LwWdU+X1STvNyIiwhb
dyknJnewKKsB1ABT5cQqehyvjrjsDJbZ2z3ch/1xmluKIO6MUCor44j4j2tM7Y4F
QBsXRyHKK4Fjc6CS0PNp7LZUhPgvl34KlLRHxUKmX/o2l9Mw4AZN/wHR4Cg3rIzh
MIzC2rNsKjHBPiZbY3TcNg8DC6OH54s5ZS6JJqwvC8FbjJ1ZtkTYJuTPgO5jrt5A
og3LsL+L+knTA3p90wOf4n6kUr7bNxYJeBEYxi3VVxuqMuZ7eXK3c6LI9YT6XByL
MC+QSedMMcYtlQwMa8QDgTQFu1VtwPgh7F2VLm+PAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYGYEcokI9YAovfjsW6Otk4khYBIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U0MDNjYWIyLTM0OWYtNGUxMy04ZjNiLWMwOTdhZWVjMDBjMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABBCRwwDQYJKoZIhvcNAQELBQADggEBAMG6EwuIghNJ7JJa4qqLChkJCdzc
aIedfGHfJHFVQK5qEtz0HLoakoK82J8tCqXOtFQP5S+4r6bmD05oCx6jNxwiYYEU
iXZpicInGfoMS8GThtQCm/2CIBtCIHBuxlC4j4Rer+XPILxIKy96t55BAkWdiR5C
q5dHKaoLSntZwl7HSk/uLTdXfbg+0PIxRnucLOAocinQqMO6TGaMuF9mrv61EG0c
q1R8OBOe571LPUUObs9dYUejA7D0NHgmVHF6sEfePMehKBbNpU4kDpMAiItsHbZL
xcPtfms63HAnDTszc9yTHnvclagu5g81w3HAr5hWfbuK8vc+m8OLSljIDVI=
-----END CERTIFICATE-----