Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/27c3395d-0d4e-4291-9ede-37f0981c2dfb.roa
File:                     27c3395d-0d4e-4291-9ede-37f0981c2dfb.roa (raw, json)
Hash identifier:          alAwK75dFqURv08tN9OIsAz+7uOJ+r17LpCYj3MCRuk=
Subject key identifier:   C2:E7:96:2C:B9:1E:3F:D8:A9:7F:2B:3C:2F:C6:99:03:E1:AA:4F:15
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7BD0AAD9512FCCBFEC1212B7894DB153AC25086B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/27c3395d-0d4e-4291-9ede-37f0981c2dfb.roa
Signing time:             Sat 01 Nov 2025 00:20:48 +0000
ROA not before:           Sat 01 Nov 2025 00:20:48 +0000
ROA not after:            Sat 06 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.18.159.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:d0:aa:d9:51:2f:cc:bf:ec:12:12:b7:89:4d:b1:53:ac:25:08:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  1 00:20:48 2025 GMT
            Not After : Dec  6 23:59:59 2025 GMT
        Subject: serialNumber=6da9fa47ccf823aae12c6ca0a73a1b8c43f95c709ee86c9f068f2a26c2245d3e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:7e:67:32:36:54:cb:3d:4e:74:2c:7c:1b:a5:
                    7e:ab:5c:59:7c:dd:40:4e:69:00:35:5c:c4:3a:b9:
                    e2:4c:6e:35:67:ec:4b:be:42:68:3f:e6:00:9f:0e:
                    57:78:4b:2f:60:6a:b3:04:76:15:1a:82:85:d1:29:
                    2f:6c:86:93:56:d0:9f:a3:50:1d:6e:23:a2:db:55:
                    7e:a7:b0:27:ec:ab:1c:7d:d4:64:08:8e:7d:6e:31:
                    e6:a3:ec:71:d0:c7:49:48:54:c8:14:04:78:4f:74:
                    19:08:8e:7f:62:6f:fe:60:35:e0:8b:bc:64:ad:7e:
                    c3:98:9c:50:59:68:51:7c:0b:da:bb:e7:1c:dc:d2:
                    1e:d1:54:6f:6d:75:56:1d:d3:bf:89:ae:23:fb:24:
                    1b:da:c5:11:5d:75:30:c9:a1:2d:56:f8:8f:a4:7f:
                    60:57:a6:b5:25:e0:80:0e:c1:67:ba:84:5c:48:02:
                    f3:dd:d0:5e:ee:62:98:98:6b:eb:6a:99:46:7d:ea:
                    c3:28:61:87:6b:e1:12:6e:64:60:bc:25:32:5a:2d:
                    f9:dd:c7:c3:08:b8:d2:77:b5:79:c0:92:8a:c4:1f:
                    c1:ae:9c:f7:1f:9a:28:0d:58:15:16:fa:6b:f3:ec:
                    21:18:ca:11:a2:79:e1:3c:9b:16:5a:05:b8:f1:e8:
                    61:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:E7:96:2C:B9:1E:3F:D8:A9:7F:2B:3C:2F:C6:99:03:E1:AA:4F:15
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/27c3395d-0d4e-4291-9ede-37f0981c2dfb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cf:28:dd:3a:1c:cd:7a:9c:ad:c2:df:2e:09:b4:15:2c:7b:b3:
         c7:e6:22:1f:18:ea:10:b7:9a:5a:f0:71:51:fc:12:cc:a1:bb:
         79:b3:61:fa:c0:40:5d:14:a4:92:5c:ae:13:a4:bc:bc:0f:3a:
         9d:7d:ab:3d:92:1f:60:bd:df:db:11:a7:46:05:44:7b:49:48:
         0a:22:39:6e:44:84:03:2b:31:56:3e:b7:31:76:73:01:41:28:
         f7:1f:0e:07:78:1f:79:b3:11:e3:67:21:0c:bd:8a:fa:e0:a8:
         2a:64:02:b5:07:4d:9d:6e:80:b6:88:04:e7:89:9d:70:c1:bb:
         3e:11:81:35:fa:59:a8:2a:1c:80:a9:63:fe:ce:dc:8b:60:22:
         70:d0:8f:7c:98:fe:cb:77:59:bb:76:b7:a3:a0:35:65:64:dd:
         58:3c:a6:c1:e4:1d:7a:42:34:6b:aa:26:bf:93:3d:6c:15:06:
         5e:7d:0c:fe:ff:a3:a2:ce:e4:2d:ec:0e:89:96:bc:78:75:4a:
         41:be:75:ff:20:d4:ac:50:42:a4:1c:60:5e:79:90:2a:b1:a0:
         78:28:28:c7:9a:ea:f1:e5:04:05:f0:f4:15:77:b1:f3:c9:bc:
         b6:f3:0b:09:5d:68:8d:7f:d6:97:1f:7e:98:c4:5c:9a:81:d7:
         f7:c6:9f:8c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUe9Cq2VEvzL/sEhK3iU2xU6wlCGswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAxMDAyMDQ4WhcNMjUxMjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZGE5ZmE0N2NjZjgyM2FhZTEyYzZjYTBhNzNhMWI4YzQz
Zjk1YzcwOWVlODZjOWYwNjhmMmEyNmMyMjQ1ZDNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgfmcyNlTLPU50LHwbpX6rXFl83UBOaQA1XMQ6ueJMbjVn
7Eu+Qmg/5gCfDld4Sy9garMEdhUagoXRKS9shpNW0J+jUB1uI6LbVX6nsCfsqxx9
1GQIjn1uMeaj7HHQx0lIVMgUBHhPdBkIjn9ib/5gNeCLvGStfsOYnFBZaFF8C9q7
5xzc0h7RVG9tdVYd07+JriP7JBvaxRFddTDJoS1W+I+kf2BXprUl4IAOwWe6hFxI
AvPd0F7uYpiYa+tqmUZ96sMoYYdr4RJuZGC8JTJaLfndx8MIuNJ3tXnAkorEH8Gu
nPcfmigNWBUW+mvz7CEYyhGieeE8mxZaBbjx6GE1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwueWLLkeP9ipfys8L8aZA+GqTxUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI3YzMzOTVkLTBkNGUtNDI5MS05ZWRlLTM3ZjA5ODFjMmRmYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACIEp8wDQYJKoZIhvcNAQELBQADggEBAM8o3ToczXqcrcLfLgm0FSx7s8fm
Ih8Y6hC3mlrwcVH8Esyhu3mzYfrAQF0UpJJcrhOkvLwPOp19qz2SH2C939sRp0YF
RHtJSAoiOW5EhAMrMVY+tzF2cwFBKPcfDgd4H3mzEeNnIQy9ivrgqCpkArUHTZ1u
gLaIBOeJnXDBuz4RgTX6WagqHICpY/7O3ItgInDQj3yY/st3Wbt2t6OgNWVk3Vg8
psHkHXpCNGuqJr+TPWwVBl59DP7/o6LO5C3sDomWvHh1SkG+df8g1KxQQqQcYF55
kCqxoHgoKMea6vHlBAXw9BV3sfPJvLbzCwldaI1/1pcffpjEXJqB1/fGn4w=
-----END CERTIFICATE-----