Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14c4e7a7-8562-4d0f-abae-93619bdf103a.roa
File:                     14c4e7a7-8562-4d0f-abae-93619bdf103a.roa (raw, json)
Hash identifier:          Ed6ViwJAQq6M+wMNNHCzf+a1opybPEf7Q3/14iTI45E=
Subject key identifier:   21:0E:16:F8:F7:D9:86:D0:EF:1F:AA:DF:87:ED:C6:EA:59:D3:56:08
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       39F61825D0846628FA71EC557F20FD119DEB0CC1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14c4e7a7-8562-4d0f-abae-93619bdf103a.roa
Signing time:             Sun 26 Oct 2025 00:30:17 +0000
ROA not before:           Sun 26 Oct 2025 00:30:17 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        76.238.0.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:f6:18:25:d0:84:66:28:fa:71:ec:55:7f:20:fd:11:9d:eb:0c:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 00:30:17 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=8f27b97acc71ce0a31491a315836eed343828e4670b35fe92670c301efa77139, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:bd:13:61:6f:30:d9:0f:0e:3e:37:7a:ce:79:
                    94:3c:ff:83:b4:92:03:96:31:af:e4:42:f0:13:50:
                    e9:1b:aa:08:e4:4e:2e:5a:2a:f0:69:2d:20:27:6f:
                    0b:d9:12:b8:04:49:9b:05:f8:a8:ea:e4:0d:58:27:
                    64:14:cb:81:84:b3:e1:c4:04:7a:1b:58:ea:15:66:
                    76:b4:3e:c8:e6:9e:9d:31:6b:41:4e:f6:48:1a:e0:
                    98:59:38:39:0a:f7:9a:be:5d:2e:35:86:5f:a1:e1:
                    ca:87:ce:d9:cc:f4:df:c5:18:3f:59:11:a5:84:32:
                    3b:5a:af:69:10:b4:a9:45:00:06:99:b5:4f:23:80:
                    ab:a5:18:ea:cc:06:64:8c:c4:a6:bf:66:98:a5:d4:
                    16:2a:6b:9b:c7:47:0a:c3:6e:0e:38:4b:52:91:f6:
                    dc:03:36:0c:e8:5f:51:d2:cc:1e:1f:14:30:9f:81:
                    b3:e8:7a:ad:a6:ce:2d:eb:9b:fc:c1:bd:c0:39:23:
                    a0:27:b1:29:eb:f7:89:c8:4c:1e:5f:6e:bb:7d:23:
                    a4:f7:e1:8e:a5:2a:a9:4f:e5:a5:df:f1:df:fa:d8:
                    ba:0f:27:9d:02:84:f5:36:32:61:5c:28:fc:77:d3:
                    5a:b0:4b:83:5e:aa:3a:e1:db:21:ac:84:dc:3d:98:
                    52:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:0E:16:F8:F7:D9:86:D0:EF:1F:AA:DF:87:ED:C6:EA:59:D3:56:08
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14c4e7a7-8562-4d0f-abae-93619bdf103a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.238.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         6c:99:ea:e8:a2:3b:98:7a:ab:63:ff:eb:1b:b5:c7:e7:06:5f:
         bd:e3:fb:fc:d4:fe:9f:27:04:b6:eb:5d:9e:de:b0:b3:87:fc:
         76:7c:0e:79:07:79:aa:f1:df:c6:d0:2d:1a:22:e7:97:76:e7:
         b8:48:03:02:80:02:16:58:94:c2:ef:6c:90:8a:f6:bb:e7:60:
         d8:da:38:05:85:9a:18:a9:81:1f:64:38:f0:28:e1:b2:ea:d9:
         65:d8:70:94:4b:a3:7c:d3:ab:aa:b5:55:ea:4e:0a:46:69:2c:
         a0:05:7b:3a:eb:42:eb:40:f0:49:a8:71:91:64:63:bb:b1:5e:
         81:32:60:58:3f:15:ff:c2:57:38:67:7a:45:4d:7b:0d:48:a7:
         1c:9f:75:f7:fd:ea:f0:25:94:43:05:26:e6:74:d7:b3:ce:75:
         49:01:b8:4b:4a:fb:eb:aa:5b:ca:5f:06:d9:40:c1:21:a3:04:
         31:27:9d:59:35:0a:55:2b:e7:4d:1b:8f:c2:96:1c:24:a7:79:
         28:c2:57:70:d5:e8:9e:e3:4e:0f:ea:d9:d6:6f:1b:10:ff:18:
         24:ee:9a:13:01:2d:92:73:39:a0:7b:89:74:74:3b:4f:79:ed:
         a3:b0:67:38:05:c0:a9:49:14:58:e5:7f:fd:58:20:7f:2a:4d:
         83:a2:2a:68
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOfYYJdCEZij6cexVfyD9EZ3rDMEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDAzMDE3WhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZjI3Yjk3YWNjNzFjZTBhMzE0OTFhMzE1ODM2ZWVkMzQz
ODI4ZTQ2NzBiMzVmZTkyNjcwYzMwMWVmYTc3MTM5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5vRNhbzDZDw4+N3rOeZQ8/4O0kgOWMa/kQvATUOkbqgjk
Ti5aKvBpLSAnbwvZErgESZsF+Kjq5A1YJ2QUy4GEs+HEBHobWOoVZna0Psjmnp0x
a0FO9kga4JhZODkK95q+XS41hl+h4cqHztnM9N/FGD9ZEaWEMjtar2kQtKlFAAaZ
tU8jgKulGOrMBmSMxKa/Zpil1BYqa5vHRwrDbg44S1KR9twDNgzoX1HSzB4fFDCf
gbPoeq2mzi3rm/zBvcA5I6AnsSnr94nITB5fbrt9I6T34Y6lKqlP5aXf8d/62LoP
J50ChPU2MmFcKPx301qwS4Neqjrh2yGshNw9mFIrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIQ4W+PfZhtDvH6rfh+3G6lnTVggwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE0YzRlN2E3LTg1NjItNGQwZi1hYmFlLTkzNjE5YmRmMTAzYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZM7gAwDQYJKoZIhvcNAQELBQADggEBAGyZ6uiiO5h6q2P/6xu1x+cGX73j
+/zU/p8nBLbrXZ7esLOH/HZ8DnkHearx38bQLRoi55d257hIAwKAAhZYlMLvbJCK
9rvnYNjaOAWFmhipgR9kOPAo4bLq2WXYcJRLo3zTq6q1VepOCkZpLKAFezrrQutA
8EmocZFkY7uxXoEyYFg/Ff/CVzhnekVNew1Ipxyfdff96vAllEMFJuZ017POdUkB
uEtK++uqW8pfBtlAwSGjBDEnnVk1ClUr500bj8KWHCSneSjCV3DV6J7jTg/q2dZv
GxD/GCTumhMBLZJzOaB7iXR0O0957aOwZzgFwKlJFFjlf/1YIH8qTYOiKmg=
-----END CERTIFICATE-----