Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fb2c6e86-8003-4ede-bd1a-de1d240e881a.roa
File:                     fb2c6e86-8003-4ede-bd1a-de1d240e881a.roa (raw, json)
Hash identifier:          r6ZKHq9OUuIpnrDYX6nVtpZ+/HSiHuGp6lxB+hNEEgg=
Subject key identifier:   85:11:D5:A7:F5:D8:44:4F:78:34:56:0A:40:6A:91:02:F7:8D:DC:7A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       06B4523BD537CC6FD92C62DDA3A622049B599CFA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fb2c6e86-8003-4ede-bd1a-de1d240e881a.roa
Signing time:             Tue 14 Oct 2025 17:40:03 +0000
ROA not before:           Tue 14 Oct 2025 17:40:03 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        70.132.0.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:b4:52:3b:d5:37:cc:6f:d9:2c:62:dd:a3:a6:22:04:9b:59:9c:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 17:40:03 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=dc691db2754c16e8bf932e9fec07fbef3045f71a777f8d11e1b0731861750318, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:6c:da:30:21:79:c4:28:3a:f9:62:d9:8c:03:
                    40:3f:bd:7b:ce:0e:ce:9f:8e:fb:99:d8:80:5e:42:
                    67:26:7b:cf:6b:cb:75:6e:0f:67:75:fd:22:24:55:
                    1b:a3:ed:b1:6b:01:ae:5a:99:48:3e:38:d6:73:ba:
                    c7:f4:8e:2d:41:54:36:f3:e5:4b:9f:b2:40:8f:31:
                    66:79:d8:1b:ca:51:9c:53:38:a1:c7:0f:34:4b:e9:
                    cf:94:37:59:b2:0f:17:1c:23:22:fe:37:8c:7a:0e:
                    31:5c:f0:57:ab:a4:72:99:4c:01:0a:42:b9:f0:40:
                    72:da:31:0d:da:3b:f2:7e:68:e7:aa:14:40:03:5a:
                    c2:9e:1e:d2:bf:c7:cc:66:24:97:74:cf:c7:70:cd:
                    fd:27:88:81:dc:31:50:4f:15:60:8c:d9:ad:fe:0e:
                    22:2c:46:50:c5:68:0d:b0:bd:3a:cb:0f:d5:7d:8d:
                    24:74:39:52:1b:46:64:e0:29:c7:7d:3e:08:64:75:
                    4b:f1:a1:75:d9:99:82:ab:d1:fd:5d:48:ec:e5:32:
                    91:20:90:cf:45:3c:8b:4a:4e:4a:1b:46:de:b8:80:
                    b1:48:2c:54:a1:10:f9:49:a9:ac:fd:b5:8b:ef:45:
                    97:4c:cf:6d:bc:2a:19:3f:0b:6e:c5:09:24:92:ed:
                    6b:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:11:D5:A7:F5:D8:44:4F:78:34:56:0A:40:6A:91:02:F7:8D:DC:7A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fb2c6e86-8003-4ede-bd1a-de1d240e881a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  70.132.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:ee:e3:c4:a3:35:71:c4:2e:3e:af:ba:17:d7:bf:12:71:b1:
         a7:73:e1:0b:49:3f:6f:b3:d6:27:86:32:3c:ba:57:43:6e:6d:
         c5:ba:bf:e3:40:f9:5f:77:98:52:aa:86:a3:e8:0e:40:6f:3c:
         3f:cf:d3:0c:d2:ba:b7:cc:5e:c1:2c:da:f6:d1:f9:0e:86:d3:
         b7:5c:5b:af:ea:e2:33:63:a5:a4:c7:ac:2e:1e:f6:9d:8f:15:
         fe:ad:1d:eb:19:30:be:a8:98:8a:d5:8a:df:12:21:d8:e8:5b:
         eb:49:45:29:b7:b0:aa:9c:8a:61:bd:01:ee:44:46:89:db:77:
         c8:32:e2:32:49:59:3f:8b:79:ec:ee:00:14:6e:20:bf:6d:cb:
         7c:a4:71:3b:9b:3a:61:f2:d2:5d:d1:fc:56:b7:82:60:e6:8a:
         8f:d3:c3:ae:3a:bb:cb:8d:1c:1a:82:d6:1f:a3:ff:c7:db:87:
         ad:2f:28:8d:ea:17:d6:d3:d0:2f:87:7c:ad:19:57:82:71:e9:
         c2:fe:2e:51:b9:36:91:70:ef:e3:15:73:82:67:9e:33:cb:2c:
         a0:ac:b0:8e:60:8d:f2:1f:17:f6:a7:1f:1e:f5:42:d6:38:cd:
         71:63:8c:1a:e1:94:d8:c4:fe:ef:c3:69:cb:5d:aa:5f:19:27:
         19:a6:4c:c3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBrRSO9U3zG/ZLGLdo6YiBJtZnPowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTc0MDAzWhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYzY5MWRiMjc1NGMxNmU4YmY5MzJlOWZlYzA3ZmJlZjMw
NDVmNzFhNzc3ZjhkMTFlMWIwNzMxODYxNzUwMzE4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjbNowIXnEKDr5YtmMA0A/vXvODs6fjvuZ2IBeQmcme89r
y3VuD2d1/SIkVRuj7bFrAa5amUg+ONZzusf0ji1BVDbz5UufskCPMWZ52BvKUZxT
OKHHDzRL6c+UN1myDxccIyL+N4x6DjFc8FerpHKZTAEKQrnwQHLaMQ3aO/J+aOeq
FEADWsKeHtK/x8xmJJd0z8dwzf0niIHcMVBPFWCM2a3+DiIsRlDFaA2wvTrLD9V9
jSR0OVIbRmTgKcd9PghkdUvxoXXZmYKr0f1dSOzlMpEgkM9FPItKTkobRt64gLFI
LFShEPlJqaz9tYvvRZdMz228Khk/C27FCSSS7WuzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhRHVp/XYRE94NFYKQGqRAveN3HowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZiMmM2ZTg2LTgwMDMtNGVkZS1iZDFhLWRlMWQyNDBlODgxYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJGhAAwDQYJKoZIhvcNAQELBQADggEBACru48SjNXHELj6vuhfXvxJxsadz
4QtJP2+z1ieGMjy6V0NubcW6v+NA+V93mFKqhqPoDkBvPD/P0wzSurfMXsEs2vbR
+Q6G07dcW6/q4jNjpaTHrC4e9p2PFf6tHesZML6omIrVit8SIdjoW+tJRSm3sKqc
imG9Ae5ERonbd8gy4jJJWT+LeezuABRuIL9ty3ykcTubOmHy0l3R/Fa3gmDmio/T
w646u8uNHBqC1h+j/8fbh60vKI3qF9bT0C+HfK0ZV4Jx6cL+LlG5NpFw7+MVc4Jn
njPLLKCssI5gjfIfF/anHx71QtY4zXFjjBrhlNjE/u/Dactdql8ZJxmmTMM=
-----END CERTIFICATE-----