Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4391dc68-2a33-4b79-8713-4af8518a52be.roa
File:                     4391dc68-2a33-4b79-8713-4af8518a52be.roa (raw, json)
Hash identifier:          S2dg9Zz+2BBAx1tHv8Yfjwo03K0BTc3Bweizk/Wc+pU=
Subject key identifier:   10:B3:ED:30:DE:B4:3C:2B:42:C8:A0:EF:DF:38:4C:71:07:97:49:32
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       26100FE3686288F260AF5601D6AF4BDD499051E8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4391dc68-2a33-4b79-8713-4af8518a52be.roa
Signing time:             Wed 22 Oct 2025 00:10:15 +0000
ROA not before:           Wed 22 Oct 2025 00:10:15 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        76.255.64.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:10:0f:e3:68:62:88:f2:60:af:56:01:d6:af:4b:dd:49:90:51:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:10:15 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=c6972c51f3863607c14769b49b6f973e2ad04f79889966794534749154df8807, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:24:b3:94:a3:df:ca:7d:55:2e:72:bc:b0:0c:
                    fe:b1:ac:48:53:f5:22:38:7e:ba:b0:08:d8:48:95:
                    97:8f:2a:62:7b:fe:37:40:7e:2a:6f:61:26:fe:f1:
                    bf:75:a6:d3:ce:5a:6b:db:b3:b6:c2:ad:9b:ad:14:
                    84:2c:73:cf:7d:0f:31:df:17:9a:87:50:97:8c:b4:
                    8a:e6:8a:be:32:c9:4d:f1:a2:86:39:5e:71:3f:92:
                    31:41:18:33:b1:93:ab:da:53:ed:8c:fb:13:11:85:
                    58:aa:43:1e:08:65:0a:16:80:35:19:05:ad:c8:64:
                    23:6c:b6:36:6d:60:c6:2b:56:cc:b6:65:c3:b3:e5:
                    32:a2:0d:73:94:58:38:97:8a:3d:ca:7b:c5:c8:db:
                    74:a8:65:ce:56:5f:83:c9:04:39:be:6a:5e:b9:0e:
                    10:f7:34:c2:c0:2e:f3:15:f1:f9:84:64:4d:d0:66:
                    fb:97:f5:d3:43:f3:c7:00:7a:80:65:4b:59:96:05:
                    a3:eb:3f:cb:24:04:30:8e:82:49:3c:e6:ad:68:cd:
                    26:32:21:22:0b:b7:65:0c:f7:f7:e2:04:b9:a5:d3:
                    9d:36:be:ca:d3:3b:09:d3:1b:ca:0a:77:bd:64:40:
                    b8:df:a8:e2:99:03:3a:4c:4c:40:72:2e:30:c6:36:
                    92:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:B3:ED:30:DE:B4:3C:2B:42:C8:A0:EF:DF:38:4C:71:07:97:49:32
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4391dc68-2a33-4b79-8713-4af8518a52be.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.255.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         0c:52:e3:50:7f:ed:d1:f4:ce:77:83:30:00:9b:58:4f:75:90:
         b7:44:07:34:d3:3b:15:7d:51:e7:1a:e3:38:1a:76:8d:ef:eb:
         4e:7d:b4:85:bc:82:57:4d:5c:a0:89:a9:6f:43:3b:b8:a3:59:
         5d:30:2b:45:9e:cf:1f:a9:e0:13:31:ad:69:f1:fb:9c:88:3b:
         25:3d:a6:39:f7:30:d8:14:45:f0:d3:68:65:26:0a:ff:fb:0d:
         0e:32:71:e5:f6:4a:e4:ac:21:b0:64:10:3e:33:f3:25:23:9e:
         4d:c3:43:00:7b:90:e6:97:62:db:0c:c5:b7:51:c9:b2:bc:f7:
         86:13:f0:87:f8:8f:db:2f:42:99:33:43:94:03:08:22:73:45:
         b7:47:46:2b:a8:9d:42:ef:6d:7c:67:05:6d:b5:0a:46:c3:bc:
         8b:80:a9:c8:00:4e:c1:0a:fe:64:93:a7:95:2d:04:a4:dc:60:
         06:db:d9:af:2c:ea:6b:af:c4:a0:40:31:47:c6:65:1a:b5:6b:
         43:c6:ad:3f:2b:67:aa:3f:3c:0d:33:2a:d9:4b:73:d1:5a:8f:
         ad:9c:1c:a1:86:e1:12:24:9c:91:bb:cd:e0:3a:50:59:6d:1a:
         9b:13:a1:2a:35:80:15:de:7f:91:fb:03:f6:4c:24:04:ac:df:
         84:66:38:96
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJhAP42hiiPJgr1YB1q9L3UmQUegwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAxMDE1WhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BjNjk3MmM1MWYzODYzNjA3YzE0NzY5YjQ5YjZmOTczZTJh
ZDA0Zjc5ODg5OTY2Nzk0NTM0NzQ5MTU0ZGY4ODA3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCiJLOUo9/KfVUucrywDP6xrEhT9SI4frqwCNhIlZePKmJ7
/jdAfipvYSb+8b91ptPOWmvbs7bCrZutFIQsc899DzHfF5qHUJeMtIrmir4yyU3x
ooY5XnE/kjFBGDOxk6vaU+2M+xMRhViqQx4IZQoWgDUZBa3IZCNstjZtYMYrVsy2
ZcOz5TKiDXOUWDiXij3Ke8XI23SoZc5WX4PJBDm+al65DhD3NMLALvMV8fmEZE3Q
ZvuX9dND88cAeoBlS1mWBaPrP8skBDCOgkk85q1ozSYyISILt2UM9/fiBLml0502
vsrTOwnTG8oKd71kQLjfqOKZAzpMTEByLjDGNpK/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUELPtMN60PCtCyKDv3zhMcQeXSTIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQzOTFkYzY4LTJhMzMtNGI3OS04NzEzLTRhZjg1MThhNTJiZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZM/0AwDQYJKoZIhvcNAQELBQADggEBAAxS41B/7dH0zneDMACbWE91kLdE
BzTTOxV9Ueca4zgado3v6059tIW8gldNXKCJqW9DO7ijWV0wK0Wezx+p4BMxrWnx
+5yIOyU9pjn3MNgURfDTaGUmCv/7DQ4yceX2SuSsIbBkED4z8yUjnk3DQwB7kOaX
YtsMxbdRybK894YT8If4j9svQpkzQ5QDCCJzRbdHRiuonULvbXxnBW21CkbDvIuA
qcgATsEK/mSTp5UtBKTcYAbb2a8s6muvxKBAMUfGZRq1a0PGrT8rZ6o/PA0zKtlL
c9Faj62cHKGG4RIknJG7zeA6UFltGpsToSo1gBXef5H7A/ZMJASs34RmOJY=
-----END CERTIFICATE-----