Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fbbc230a-073f-46d2-b717-af445fa0a856.roa
File:                     fbbc230a-073f-46d2-b717-af445fa0a856.roa (raw, json)
Hash identifier:          Zffh8BGy8vHkuF4OGmq1LwubWLGMIB76d2Mvvv4X0AY=
Subject key identifier:   93:6E:34:B4:F9:D2:1C:BA:65:6C:DE:4D:B9:F3:70:3E:51:E7:9E:9F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4DC1A7788D42B644743EF4C5153C8BACC5F54E91
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fbbc230a-073f-46d2-b717-af445fa0a856.roa
Signing time:             Tue 14 Oct 2025 18:01:57 +0000
ROA not before:           Tue 14 Oct 2025 18:01:57 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        71.152.121.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:c1:a7:78:8d:42:b6:44:74:3e:f4:c5:15:3c:8b:ac:c5:f5:4e:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 18:01:57 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=d3af8d4db0fe12029cc28739a0ea6891d78e8a7a1d496eee4c122588df875c14, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:9a:65:d0:19:3c:7c:bc:1a:c4:87:79:a4:59:
                    33:a4:b6:35:d7:c8:6b:8f:21:9c:0e:cf:49:a7:08:
                    29:0c:63:37:08:93:e2:ba:bf:78:45:95:ce:22:e5:
                    b7:f2:54:9f:db:99:9e:a1:99:e8:1a:5b:6f:be:5e:
                    14:2b:84:20:71:bc:5c:a1:13:a5:bb:0b:cc:b3:8e:
                    0d:0e:88:ff:45:ed:ee:68:3a:5b:a2:8c:ef:cc:9e:
                    d1:8e:b9:05:f9:a1:bc:3e:24:b3:c3:e4:ec:9a:a7:
                    44:00:34:13:b8:77:76:b3:86:df:e2:7e:e9:66:e9:
                    7c:46:22:95:50:72:1c:fa:9e:2f:16:ec:fd:30:f3:
                    dd:0b:b5:15:95:3d:6e:74:f9:42:fb:5e:12:c8:39:
                    78:37:26:4c:44:c4:2a:b9:10:49:30:b6:1a:f9:dd:
                    87:15:b7:53:a7:be:98:50:fd:20:c1:b7:7e:a9:8e:
                    2f:e1:e8:83:ad:ea:a6:04:22:52:70:25:c2:e0:49:
                    18:28:08:28:8f:71:0d:b3:e7:04:9d:d9:7f:5a:b5:
                    11:4e:3b:f2:83:85:56:37:2e:34:3a:0b:dc:9a:8b:
                    8a:e6:65:6e:fb:11:87:6f:c5:d8:36:a5:04:50:e1:
                    92:78:4c:aa:58:63:ac:26:61:f5:b2:9e:5f:84:cd:
                    3a:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:6E:34:B4:F9:D2:1C:BA:65:6C:DE:4D:B9:F3:70:3E:51:E7:9E:9F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fbbc230a-073f-46d2-b717-af445fa0a856.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  71.152.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:4a:bf:71:16:2f:29:27:1c:0e:09:54:20:66:f2:81:eb:db:
         99:9d:7c:22:a8:01:f4:b3:60:03:1b:ca:39:57:48:96:eb:5e:
         76:16:04:a9:95:ca:df:b4:3a:ba:4a:a7:a2:44:c1:30:a2:96:
         4f:85:a2:d0:f1:88:65:05:86:af:4a:17:41:2c:02:04:7d:6f:
         c5:05:5d:41:a5:8b:46:dd:33:2e:ba:b9:b9:3f:1e:6b:21:d0:
         94:0f:80:7d:70:d1:db:0d:e7:70:18:9a:83:25:5d:53:82:74:
         b6:e6:de:54:c6:a9:68:43:d1:76:90:00:7e:2b:38:e9:09:22:
         18:61:f1:35:41:c9:9a:cb:46:fd:b4:20:02:a8:53:01:b3:bb:
         4c:32:32:b5:fe:52:a7:4b:12:05:bf:9f:45:2b:0d:ed:df:e9:
         68:3a:7b:73:d7:d2:f6:12:23:b5:8a:b8:69:fb:f0:c7:e8:99:
         e4:9b:43:4f:f6:48:a0:28:ab:ac:5d:ea:49:7f:af:78:cf:ef:
         99:97:2e:45:4b:4a:fb:9e:13:64:c9:40:27:ef:a0:aa:80:91:
         7d:eb:2f:09:74:be:80:43:f9:43:4b:ca:80:6c:04:11:90:e0:
         25:ce:dc:38:7e:0a:8a:64:c0:80:45:b0:b4:97:eb:92:ad:35:
         13:2d:71:3d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTcGneI1CtkR0PvTFFTyLrMX1TpEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTgwMTU3WhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BkM2FmOGQ0ZGIwZmUxMjAyOWNjMjg3MzlhMGVhNjg5MWQ3
OGU4YTdhMWQ0OTZlZWU0YzEyMjU4OGRmODc1YzE0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzmmXQGTx8vBrEh3mkWTOktjXXyGuPIZwOz0mnCCkMYzcI
k+K6v3hFlc4i5bfyVJ/bmZ6hmegaW2++XhQrhCBxvFyhE6W7C8yzjg0OiP9F7e5o
OluijO/MntGOuQX5obw+JLPD5Oyap0QANBO4d3azht/ifulm6XxGIpVQchz6ni8W
7P0w890LtRWVPW50+UL7XhLIOXg3JkxExCq5EEkwthr53YcVt1OnvphQ/SDBt36p
ji/h6IOt6qYEIlJwJcLgSRgoCCiPcQ2z5wSd2X9atRFOO/KDhVY3LjQ6C9yai4rm
ZW77EYdvxdg2pQRQ4ZJ4TKpYY6wmYfWynl+EzTrPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUk240tPnSHLplbN5NufNwPlHnnp8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZiYmMyMzBhLTA3M2YtNDZkMi1iNzE3LWFmNDQ1ZmEwYTg1Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABHmHkwDQYJKoZIhvcNAQELBQADggEBAKpKv3EWLyknHA4JVCBm8oHr25md
fCKoAfSzYAMbyjlXSJbrXnYWBKmVyt+0OrpKp6JEwTCilk+FotDxiGUFhq9KF0Es
AgR9b8UFXUGli0bdMy66ubk/Hmsh0JQPgH1w0dsN53AYmoMlXVOCdLbm3lTGqWhD
0XaQAH4rOOkJIhhh8TVByZrLRv20IAKoUwGzu0wyMrX+UqdLEgW/n0UrDe3f6Wg6
e3PX0vYSI7WKuGn78MfomeSbQ0/2SKAoq6xd6kl/r3jP75mXLkVLSvueE2TJQCfv
oKqAkX3rLwl0voBD+UNLyoBsBBGQ4CXO3Dh+CopkwIBFsLSX65KtNRMtcT0=
-----END CERTIFICATE-----