Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f3d78cf8-1d9e-4233-93fe-3bbf53b8dba7.roa
File:                     f3d78cf8-1d9e-4233-93fe-3bbf53b8dba7.roa (raw, json)
Hash identifier:          2Vd0H9g87LYSRqTLMCBhDmYeUGGmJ2tmeq+OzyDEB7s=
Subject key identifier:   12:0D:53:84:DC:A4:EF:CB:0F:55:86:11:5C:4C:23:B8:62:57:48:87
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0AC08FB03970B60EA3A44D0D8900A0BC36889B5A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f3d78cf8-1d9e-4233-93fe-3bbf53b8dba7.roa
Signing time:             Sat 18 Oct 2025 04:20:48 +0000
ROA not before:           Sat 18 Oct 2025 04:20:48 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.8.130.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:c0:8f:b0:39:70:b6:0e:a3:a4:4d:0d:89:00:a0:bc:36:88:9b:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 04:20:48 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=56dc46d87f7d80c13d9e31f6288e65b5336b6ebbff6feff507389167231a08e2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f4:82:3d:8d:51:43:cc:c2:aa:09:c6:19:6a:
                    2d:60:df:f2:8d:78:3a:85:88:9d:0a:fb:28:b6:93:
                    89:c4:75:56:b1:96:ec:36:d4:7d:81:76:85:71:1c:
                    8c:44:f2:42:a8:68:4d:d9:0d:0c:b4:f6:c6:72:7f:
                    83:30:d8:4d:56:08:f9:55:91:0b:92:20:71:ef:96:
                    9b:ab:3c:f3:b1:45:42:b1:68:cf:d4:79:6a:05:2c:
                    4d:85:93:e5:e2:fa:6f:64:ef:14:d3:1e:5d:1c:0b:
                    ee:4a:23:46:b2:22:4c:cb:bb:3a:24:cf:a4:b9:bc:
                    b0:28:16:c0:3f:b8:36:bd:60:77:66:ce:c2:42:1a:
                    1d:2e:8f:03:fa:c4:00:30:ca:f5:91:7f:b6:36:2a:
                    15:a6:18:7a:0a:0d:9b:04:54:93:1d:74:26:1d:d2:
                    a3:e6:66:46:83:f1:dc:85:71:79:33:1b:b8:bf:0c:
                    3f:39:fd:f8:12:c6:da:0c:52:43:3c:04:81:ed:ce:
                    7a:c9:68:1f:de:a3:c4:4a:56:20:32:dd:a3:a3:b4:
                    7a:60:3f:3c:7d:ad:17:3a:4f:b7:99:f0:ba:50:39:
                    25:50:43:f0:7f:10:b6:fe:6d:3e:5e:3d:04:3f:fd:
                    7f:2b:8e:27:16:5e:ff:9e:3e:2f:23:6e:e7:58:db:
                    4a:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:0D:53:84:DC:A4:EF:CB:0F:55:86:11:5C:4C:23:B8:62:57:48:87
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f3d78cf8-1d9e-4233-93fe-3bbf53b8dba7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.8.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:29:e0:92:44:98:0e:0b:de:0f:90:7b:b2:5f:16:a5:63:d6:
         aa:88:51:2c:a6:f4:bc:1b:b9:00:d4:e4:aa:ca:60:cd:fd:85:
         db:98:b5:f8:a5:e9:77:b0:8b:2d:fe:61:e2:27:f6:82:bb:00:
         f6:dc:5c:d4:d7:20:c7:eb:08:7b:a6:99:24:97:e0:f7:45:34:
         cb:6b:7e:2a:c0:64:6b:80:72:ff:46:9b:19:17:d0:f8:ce:6d:
         fb:9f:b4:e2:26:b3:e4:26:46:8a:81:1c:02:51:51:55:3a:48:
         ec:b3:38:30:3e:81:02:d2:3b:c1:2a:5a:64:99:9b:30:a8:97:
         62:e7:5e:c8:ed:1e:1b:f0:19:c1:c8:b9:b5:38:81:28:96:5f:
         7d:90:e1:fd:ac:ba:ef:43:26:41:e0:00:5f:d7:d6:d0:a4:d4:
         80:b1:ec:61:89:d7:d6:f9:84:0c:0e:dc:26:cc:13:a2:62:08:
         2e:2c:5d:51:b8:2b:42:f8:8a:15:ef:d1:8f:ee:c2:6f:25:f9:
         31:5b:f4:9e:77:7a:fc:86:a7:d9:c5:01:4c:40:c3:f6:18:52:
         f8:3a:6e:47:f5:02:d7:d6:ec:5f:d1:d8:4f:32:fe:16:40:63:
         01:d4:b0:49:08:08:3c:ba:f7:ca:23:16:61:66:eb:49:01:55:
         b9:34:3f:39
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCsCPsDlwtg6jpE0NiQCgvDaIm1owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDQyMDQ4WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NmRjNDZkODdmN2Q4MGMxM2Q5ZTMxZjYyODhlNjViNTMz
NmI2ZWJiZmY2ZmVmZjUwNzM4OTE2NzIzMWEwOGUyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC89II9jVFDzMKqCcYZai1g3/KNeDqFiJ0K+yi2k4nEdVax
luw21H2BdoVxHIxE8kKoaE3ZDQy09sZyf4Mw2E1WCPlVkQuSIHHvlpurPPOxRUKx
aM/UeWoFLE2Fk+Xi+m9k7xTTHl0cC+5KI0ayIkzLuzokz6S5vLAoFsA/uDa9YHdm
zsJCGh0ujwP6xAAwyvWRf7Y2KhWmGHoKDZsEVJMddCYd0qPmZkaD8dyFcXkzG7i/
DD85/fgSxtoMUkM8BIHtznrJaB/eo8RKViAy3aOjtHpgPzx9rRc6T7eZ8LpQOSVQ
Q/B/ELb+bT5ePQQ//X8rjicWXv+ePi8jbudY20rzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEg1ThNyk78sPVYYRXEwjuGJXSIcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YzZDc4Y2Y4LTFkOWUtNDIzMy05M2ZlLTNiYmY1M2I4ZGJhNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABBCIIwDQYJKoZIhvcNAQELBQADggEBAJ8p4JJEmA4L3g+Qe7JfFqVj1qqI
USym9LwbuQDU5KrKYM39hduYtfil6Xewiy3+YeIn9oK7APbcXNTXIMfrCHummSSX
4PdFNMtrfirAZGuAcv9GmxkX0PjObfuftOIms+QmRoqBHAJRUVU6SOyzODA+gQLS
O8EqWmSZmzCol2LnXsjtHhvwGcHIubU4gSiWX32Q4f2suu9DJkHgAF/X1tCk1ICx
7GGJ19b5hAwO3CbME6JiCC4sXVG4K0L4ihXv0Y/uwm8l+TFb9J53evyGp9nFAUxA
w/YYUvg6bkf1AtfW7F/R2E8y/hZAYwHUsEkICDy698ojFmFm60kBVbk0Pzk=
-----END CERTIFICATE-----