Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f7356e20-34b3-4ead-a435-c95c6ca47073.roa
File:                     f7356e20-34b3-4ead-a435-c95c6ca47073.roa (raw, json)
Hash identifier:          iLzPrtvo8oQdvQOJM9CCd3qSglYn8LrS2aCa8SkSRR8=
Subject key identifier:   D1:CF:F9:08:74:99:EA:1B:3F:D1:AE:A5:FB:B7:EB:C1:76:C6:70:84
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       612C68F26620D4D52843E2AFD3C401A7DFE3A0C4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f7356e20-34b3-4ead-a435-c95c6ca47073.roa
Signing time:             Tue 28 Oct 2025 01:01:18 +0000
ROA not before:           Tue 28 Oct 2025 01:01:18 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.112.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:2c:68:f2:66:20:d4:d5:28:43:e2:af:d3:c4:01:a7:df:e3:a0:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 01:01:18 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=0bb82de849416a54141523525f0ca58ff61b0ef1b445631495e5acc61562f8b0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:9f:fb:35:8a:ca:ac:bf:c2:e8:a8:21:de:ed:
                    48:02:8c:b3:b5:f3:77:0f:3e:cd:88:3d:ef:95:63:
                    5e:55:8b:03:5f:8d:a1:17:4c:31:a4:21:61:c9:01:
                    3b:a6:62:5a:35:b2:0c:26:d7:9f:ae:1d:7f:98:b2:
                    67:b9:39:f7:9e:2d:11:58:6a:20:77:2e:96:1c:9c:
                    b0:e9:3b:46:3d:60:6b:61:50:f7:35:ec:e4:33:65:
                    7d:9b:99:a5:cb:85:9e:2e:2d:42:c8:76:31:e9:68:
                    d6:a4:a6:36:64:86:3a:70:e3:a6:7f:54:60:36:6c:
                    26:d4:e0:94:8b:9c:30:42:1b:2d:b2:cc:a7:39:e8:
                    c6:5e:ed:b4:8e:f4:2a:e2:72:fd:40:ae:1f:67:37:
                    50:07:01:1e:2c:da:d8:bf:1d:02:1c:6e:bc:f8:13:
                    59:c1:d0:8d:34:59:bd:50:c2:7d:9c:24:8b:1d:26:
                    23:5a:4a:98:a3:e7:6d:36:b7:7b:87:18:e6:66:8f:
                    5f:d0:45:c8:e9:d8:00:5b:ed:26:ce:76:dc:dc:41:
                    0f:d3:e4:10:44:f8:67:ef:f1:b7:db:a6:90:42:1a:
                    81:b5:34:92:f8:ae:a9:5e:39:7f:4a:62:68:60:d3:
                    37:85:24:6e:14:b6:4a:5f:41:6a:e6:51:99:7f:84:
                    21:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:CF:F9:08:74:99:EA:1B:3F:D1:AE:A5:FB:B7:EB:C1:76:C6:70:84
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f7356e20-34b3-4ead-a435-c95c6ca47073.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:e2:ea:47:37:b7:94:a4:35:15:89:e3:3d:ff:32:a6:1c:ee:
         af:58:01:5b:44:fe:17:5a:a5:59:b0:53:61:73:ac:23:17:10:
         f6:ff:7f:0d:e1:13:9d:30:8c:18:94:7f:44:73:fe:65:5a:66:
         d1:c0:24:32:e4:43:e8:c2:f3:00:08:ea:a9:fa:d9:49:3a:b5:
         63:3b:d4:1c:c5:d0:99:58:bc:db:65:27:86:17:23:64:32:b1:
         90:33:ac:2a:cd:ce:76:20:d0:ab:2d:7f:7a:a0:df:73:1a:e9:
         87:c8:26:65:57:ae:23:6a:10:7e:16:8d:84:7f:9c:7b:96:8b:
         19:7d:f8:67:4a:fa:19:2f:90:bd:95:67:33:9c:e4:a0:3f:8a:
         13:ed:16:df:2c:ca:41:b5:bb:34:62:16:55:81:53:9c:30:94:
         d3:50:fb:60:b1:96:c2:cc:38:1a:97:77:98:e3:84:14:6f:27:
         cf:7a:24:c0:9d:89:8f:81:1a:77:ad:0f:41:30:da:72:fa:29:
         ca:3e:79:50:99:a8:36:6d:5a:04:1d:04:e8:1e:fd:14:19:12:
         dd:62:95:4b:e3:f5:ad:a1:54:14:05:9c:f7:17:02:cc:65:df:
         e9:b5:7c:9d:2a:01:a6:b6:7e:18:16:b2:4d:ef:65:45:07:42:
         ae:86:42:82
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYSxo8mYg1NUoQ+Kv08QBp9/joMQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDEwMTE4WhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYmI4MmRlODQ5NDE2YTU0MTQxNTIzNTI1ZjBjYTU4ZmY2
MWIwZWYxYjQ0NTYzMTQ5NWU1YWNjNjE1NjJmOGIwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6n/s1isqsv8LoqCHe7UgCjLO183cPPs2IPe+VY15ViwNf
jaEXTDGkIWHJATumYlo1sgwm15+uHX+Ysme5OfeeLRFYaiB3LpYcnLDpO0Y9YGth
UPc17OQzZX2bmaXLhZ4uLULIdjHpaNakpjZkhjpw46Z/VGA2bCbU4JSLnDBCGy2y
zKc56MZe7bSO9Cricv1Arh9nN1AHAR4s2ti/HQIcbrz4E1nB0I00Wb1Qwn2cJIsd
JiNaSpij5202t3uHGOZmj1/QRcjp2ABb7SbOdtzcQQ/T5BBE+Gfv8bfbppBCGoG1
NJL4rqleOX9KYmhg0zeFJG4UtkpfQWrmUZl/hCGrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0c/5CHSZ6hs/0a6l+7frwXbGcIQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y3MzU2ZTIwLTM0YjMtNGVhZC1hNDM1LWM5NWM2Y2E0NzA3My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/HAwDQYJKoZIhvcNAQELBQADggEBANHi6kc3t5SkNRWJ4z3/MqYc7q9Y
AVtE/hdapVmwU2FzrCMXEPb/fw3hE50wjBiUf0Rz/mVaZtHAJDLkQ+jC8wAI6qn6
2Uk6tWM71BzF0JlYvNtlJ4YXI2QysZAzrCrNznYg0Kstf3qg33Ma6YfIJmVXriNq
EH4WjYR/nHuWixl9+GdK+hkvkL2VZzOc5KA/ihPtFt8sykG1uzRiFlWBU5wwlNNQ
+2CxlsLMOBqXd5jjhBRvJ896JMCdiY+BGnetD0Ew2nL6Kco+eVCZqDZtWgQdBOge
/RQZEt1ilUvj9a2hVBQFnPcXAsxl3+m1fJ0qAaa2fhgWsk3vZUUHQq6GQoI=
-----END CERTIFICATE-----