Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2cb0886c-84f4-4dc8-9e04-ce333348794a.roa
File:                     2cb0886c-84f4-4dc8-9e04-ce333348794a.roa (raw, json)
Hash identifier:          HpF1nGs0FdU0JqFo31f2+a4TsfmP/88Kedl75/e8yTo=
Subject key identifier:   22:8F:29:1E:4A:6F:DF:58:68:8E:53:4D:77:9F:B6:D2:2F:C3:02:AA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5503302634BDD555DD2A3469F79FA969B53B5FAA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2cb0886c-84f4-4dc8-9e04-ce333348794a.roa
Signing time:             Wed 05 Nov 2025 00:20:15 +0000
ROA not before:           Wed 05 Nov 2025 00:20:15 +0000
ROA not after:            Wed 10 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        115.176.0.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:03:30:26:34:bd:d5:55:dd:2a:34:69:f7:9f:a9:69:b5:3b:5f:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  5 00:20:15 2025 GMT
            Not After : Dec 10 23:59:59 2025 GMT
        Subject: serialNumber=efcbd877cb5f73db334769ae9f34d21b1580d0216a11f0c9acbdae1b86d53190, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:e1:43:c5:9a:86:3b:7e:a9:99:92:bb:b2:6e:
                    52:ed:7a:01:6f:43:1f:4c:7c:58:51:13:c6:c9:d8:
                    ab:72:b0:43:26:a8:6c:b4:3e:8b:ce:72:50:40:30:
                    f9:d1:03:3d:dc:8b:76:93:28:28:45:90:48:aa:f0:
                    84:e2:04:d6:92:0d:ec:84:e4:50:6e:00:97:5f:b8:
                    c5:ab:ee:e5:90:46:4b:58:32:9a:34:7e:70:96:8d:
                    7e:71:2b:41:d4:6f:71:7c:b2:e2:1f:1e:41:18:2a:
                    cd:68:e2:b8:b9:a6:c4:8f:2e:5d:0f:e0:ef:98:37:
                    a7:5c:8a:fd:b1:3e:e1:74:4c:1c:65:8d:39:6b:d7:
                    71:ad:68:4a:ad:da:1c:d0:2b:ca:c5:bf:b6:28:5e:
                    77:e5:27:89:47:d3:7f:ce:d2:5a:d8:4b:57:f1:4e:
                    67:ce:33:ea:31:1e:f1:b3:68:29:8e:85:b2:46:9e:
                    f1:85:2b:74:a1:68:8a:f3:fd:87:24:9b:38:e1:1d:
                    5e:41:8d:34:59:01:3e:8d:d6:40:3a:e2:a8:0a:96:
                    0a:35:23:e3:0d:26:a2:2b:07:14:55:b2:bc:de:ce:
                    24:e5:57:d2:40:a8:80:e0:fb:e4:b5:ed:b5:de:d9:
                    25:68:2d:3d:b2:67:c5:87:48:2e:6c:bf:20:6a:a5:
                    64:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:8F:29:1E:4A:6F:DF:58:68:8E:53:4D:77:9F:B6:D2:2F:C3:02:AA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2cb0886c-84f4-4dc8-9e04-ce333348794a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  115.176.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         40:de:6f:a1:eb:bd:97:e3:6b:83:73:03:29:08:2b:72:f3:e8:
         98:df:21:e8:ec:ee:53:12:5f:15:81:c4:b5:22:d4:bc:9c:7f:
         3a:0a:07:11:d0:11:56:04:4e:b0:12:a8:8b:fc:9f:76:ca:06:
         29:f3:17:a4:eb:e6:48:a7:c1:e7:29:91:8c:68:4a:7c:5f:01:
         af:6a:a7:7d:21:8b:69:5a:94:3e:2e:3e:af:d0:82:8a:60:53:
         6e:c8:41:9e:2e:79:0c:07:67:9d:60:4f:50:af:cf:fa:d4:27:
         61:0b:6e:39:c8:ab:9c:42:3a:c2:75:57:2e:2b:c1:ab:c9:3c:
         c6:0d:65:12:78:1f:b6:fb:b9:3e:c1:6f:07:ba:6d:08:f6:57:
         ab:de:66:fb:28:0e:df:67:b4:63:75:c8:70:f5:b4:9b:af:b1:
         a7:56:01:e6:84:19:56:52:44:2b:3e:00:2e:4a:f8:af:25:cf:
         06:68:c4:5e:0a:3b:7d:50:18:e8:d5:0d:ed:9a:ec:a8:1a:1b:
         84:3b:e4:5c:80:09:9d:ea:f0:8a:fb:5f:8e:2d:59:83:e4:d0:
         02:62:f9:65:99:d4:84:43:0d:96:62:61:64:ce:cd:bd:1e:49:
         90:c2:cc:61:d0:23:a5:9e:d9:a3:b7:22:ae:d5:47:52:b9:fe:
         fa:93:87:6e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVQMwJjS91VXdKjRp95+pabU7X6owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA1MDAyMDE1WhcNMjUxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZmNiZDg3N2NiNWY3M2RiMzM0NzY5YWU5ZjM0ZDIxYjE1
ODBkMDIxNmExMWYwYzlhY2JkYWUxYjg2ZDUzMTkwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCE4UPFmoY7fqmZkruyblLtegFvQx9MfFhRE8bJ2KtysEMm
qGy0PovOclBAMPnRAz3ci3aTKChFkEiq8ITiBNaSDeyE5FBuAJdfuMWr7uWQRktY
Mpo0fnCWjX5xK0HUb3F8suIfHkEYKs1o4ri5psSPLl0P4O+YN6dciv2xPuF0TBxl
jTlr13GtaEqt2hzQK8rFv7YoXnflJ4lH03/O0lrYS1fxTmfOM+oxHvGzaCmOhbJG
nvGFK3ShaIrz/YckmzjhHV5BjTRZAT6N1kA64qgKlgo1I+MNJqIrBxRVsrzeziTl
V9JAqIDg++S17bXe2SVoLT2yZ8WHSC5svyBqpWSpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIo8pHkpv31hojlNNd5+20i/DAqowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJjYjA4ODZjLTg0ZjQtNGRjOC05ZTA0LWNlMzMzMzQ4Nzk0YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdzsAAwDQYJKoZIhvcNAQELBQADggEBAEDeb6HrvZfja4NzAykIK3Lz6Jjf
Iejs7lMSXxWBxLUi1LycfzoKBxHQEVYETrASqIv8n3bKBinzF6Tr5kinwecpkYxo
SnxfAa9qp30hi2lalD4uPq/QgopgU27IQZ4ueQwHZ51gT1Cvz/rUJ2ELbjnIq5xC
OsJ1Vy4rwavJPMYNZRJ4H7b7uT7Bbwe6bQj2V6veZvsoDt9ntGN1yHD1tJuvsadW
AeaEGVZSRCs+AC5K+K8lzwZoxF4KO31QGOjVDe2a7KgaG4Q75FyACZ3q8Ir7X44t
WYPk0AJi+WWZ1IRDDZZiYWTOzb0eSZDCzGHQI6We2aO3Iq7VR1K5/vqTh24=
-----END CERTIFICATE-----