Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/435a4520-90a7-4288-a55a-b74a6879fd02.roa
File:                     435a4520-90a7-4288-a55a-b74a6879fd02.roa (raw, json)
Hash identifier:          uiTrYbCAWcqytaJAw8ohp2pmVvrleyGya9aj/J3F3AM=
Subject key identifier:   40:D2:E4:40:0D:87:87:BD:C0:57:B8:00:0B:A2:9F:00:C4:71:B1:29
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6A9518903A397F5A255789A7D2F67E3A8589CFB5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/435a4520-90a7-4288-a55a-b74a6879fd02.roa
Signing time:             Tue 28 Oct 2025 00:51:33 +0000
ROA not before:           Tue 28 Oct 2025 00:51:33 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        76.223.128.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:95:18:90:3a:39:7f:5a:25:57:89:a7:d2:f6:7e:3a:85:89:cf:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:51:33 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=9c1f0673e893450a4d2081c016d36c71319202fe1cdbc195c1b2e6d0cb6fb4f4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:71:a4:29:a5:ee:b4:63:85:69:92:08:b9:fa:
                    2e:b3:ea:4d:7c:cf:6c:dc:5c:af:87:a8:c4:43:6c:
                    a7:8a:8e:ec:20:9d:f2:55:a8:9b:b1:56:dc:42:53:
                    e7:68:d3:c2:bc:26:a8:81:69:03:8d:e7:6f:be:8c:
                    76:5a:96:b3:41:b4:2f:2d:a9:09:26:4f:6f:9e:19:
                    af:7d:18:55:79:bd:6d:e3:7c:99:4c:ba:28:92:5b:
                    b3:0c:8f:38:bf:e7:c9:ca:ea:af:11:4c:0a:70:23:
                    e5:d1:8d:cf:3b:e1:44:e5:e7:66:80:2d:eb:23:a2:
                    03:7b:0b:63:f8:30:a8:6c:bb:6c:fe:92:0d:3d:60:
                    f7:59:5d:0e:f5:20:07:7e:33:c9:17:a0:73:6c:d1:
                    42:be:43:d9:1e:04:4b:05:a2:99:a7:fe:9c:1d:e3:
                    4a:f7:e5:03:c0:d1:54:b4:d6:40:f0:26:28:44:e1:
                    7e:f8:9d:9e:cb:32:54:4c:7c:d2:e4:e2:00:ba:90:
                    91:dd:82:e9:8c:73:a6:d0:24:a4:ee:02:c8:58:24:
                    31:92:3c:87:84:95:e8:37:e8:6b:ce:d7:00:54:83:
                    99:bf:e2:d4:39:08:8c:02:5e:54:be:b2:4d:2e:d5:
                    ee:7d:03:47:10:cf:4d:ff:5f:07:b7:b5:52:15:38:
                    5d:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:D2:E4:40:0D:87:87:BD:C0:57:B8:00:0B:A2:9F:00:C4:71:B1:29
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/435a4520-90a7-4288-a55a-b74a6879fd02.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.223.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         1e:e5:5d:12:b4:06:18:37:07:04:8e:55:fc:14:b3:16:41:c1:
         3c:5d:0a:08:8b:a8:51:fe:93:88:da:7f:b9:0b:8e:cc:fb:e0:
         9b:00:69:43:69:96:11:b1:7f:81:16:cf:54:1a:06:b2:c3:96:
         f9:f4:67:8f:ef:9a:f1:73:62:2b:99:de:d4:f7:90:b4:3d:8b:
         b3:39:05:72:2d:be:1c:75:b5:80:a1:95:32:0a:c4:ac:0c:3f:
         9c:77:76:b4:0a:2c:1c:7e:4e:f9:6c:f3:87:39:85:f4:c5:e2:
         dc:c9:6d:21:e3:ec:a0:6f:80:26:be:cb:23:f6:78:83:7f:18:
         08:31:d4:05:42:19:ca:80:d2:5d:60:3b:e0:69:18:97:4d:45:
         33:a3:df:73:2e:45:ac:af:c0:5e:b5:4a:ab:16:0d:89:89:45:
         00:7a:48:a8:c2:6d:d9:7a:b4:b7:7b:df:56:e9:0c:9b:b8:1a:
         ac:ae:3d:01:0a:7c:62:d2:3f:c0:25:ae:19:48:eb:e1:e3:8e:
         65:fb:7d:ba:66:0a:96:02:4c:1e:9b:3a:13:fe:0a:db:da:74:
         b9:9a:4a:43:f6:df:10:4c:1a:61:09:1f:e3:7e:af:16:8c:32:
         6c:eb:b4:78:8e:56:ca:71:77:80:d8:08:17:1b:37:f2:72:6b:
         95:11:09:6e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUapUYkDo5f1olV4mn0vZ+OoWJz7UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDA1MTMzWhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5YzFmMDY3M2U4OTM0NTBhNGQyMDgxYzAxNmQzNmM3MTMx
OTIwMmZlMWNkYmMxOTVjMWIyZTZkMGNiNmZiNGY0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/caQppe60Y4Vpkgi5+i6z6k18z2zcXK+HqMRDbKeKjuwg
nfJVqJuxVtxCU+do08K8JqiBaQON52++jHZalrNBtC8tqQkmT2+eGa99GFV5vW3j
fJlMuiiSW7MMjzi/58nK6q8RTApwI+XRjc874UTl52aALesjogN7C2P4MKhsu2z+
kg09YPdZXQ71IAd+M8kXoHNs0UK+Q9keBEsFopmn/pwd40r35QPA0VS01kDwJihE
4X74nZ7LMlRMfNLk4gC6kJHdgumMc6bQJKTuAshYJDGSPIeEleg36GvO1wBUg5m/
4tQ5CIwCXlS+sk0u1e59A0cQz03/Xwe3tVIVOF2lAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQNLkQA2Hh73AV7gAC6KfAMRxsSkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQzNWE0NTIwLTkwYTctNDI4OC1hNTVhLWI3NGE2ODc5ZmQwMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVM34AwDQYJKoZIhvcNAQELBQADggEBAB7lXRK0Bhg3BwSOVfwUsxZBwTxd
CgiLqFH+k4jaf7kLjsz74JsAaUNplhGxf4EWz1QaBrLDlvn0Z4/vmvFzYiuZ3tT3
kLQ9i7M5BXItvhx1tYChlTIKxKwMP5x3drQKLBx+Tvls84c5hfTF4tzJbSHj7KBv
gCa+yyP2eIN/GAgx1AVCGcqA0l1gO+BpGJdNRTOj33MuRayvwF61SqsWDYmJRQB6
SKjCbdl6tLd731bpDJu4GqyuPQEKfGLSP8AlrhlI6+HjjmX7fbpmCpYCTB6bOhP+
CtvadLmaSkP23xBMGmEJH+N+rxaMMmzrtHiOVspxd4DYCBcbN/Jya5URCW4=
-----END CERTIFICATE-----