Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5c80caa3-8963-47f0-b26c-cfd40665af65.roa
File:                     5c80caa3-8963-47f0-b26c-cfd40665af65.roa (raw, json)
Hash identifier:          xWPESVU/LkiL8PyBms1rWdpz1Rr9s4jaONLmz+pOlEs=
Subject key identifier:   FC:4A:B1:A8:32:3D:12:1C:79:39:1D:6F:18:BB:B9:35:AA:42:94:59
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       13440ADCBE568905667AD0FB81A63B7EB6013A37
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5c80caa3-8963-47f0-b26c-cfd40665af65.roa
Signing time:             Fri 24 Oct 2025 00:11:30 +0000
ROA not before:           Fri 24 Oct 2025 00:11:30 +0000
ROA not after:            Fri 28 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.236.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:44:0a:dc:be:56:89:05:66:7a:d0:fb:81:a6:3b:7e:b6:01:3a:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 24 00:11:30 2025 GMT
            Not After : Nov 28 23:59:59 2025 GMT
        Subject: serialNumber=a446e8ccb879ef5f363c43ade5ddbc1e41cb0786bf1c82782b14104f9875eb10, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ea:b5:f0:18:15:1f:27:bd:2c:62:29:e1:34:
                    2b:33:3c:ce:95:3c:d6:ba:a2:e1:c2:69:81:39:6a:
                    2f:ca:57:0b:9f:07:64:95:19:bc:6b:02:2e:5b:7b:
                    96:54:0d:cd:95:b6:46:a7:51:db:c9:52:15:9f:5f:
                    b2:be:61:b0:5f:0d:78:2a:20:42:9c:24:e3:8d:f7:
                    54:ef:4d:20:89:7d:be:13:85:f0:a2:43:3b:a2:fd:
                    26:63:21:08:0f:53:59:c4:5b:1f:21:5d:c4:e0:ab:
                    df:d6:7d:3c:ed:71:7e:9e:cb:5d:a4:7e:ec:d1:28:
                    6b:31:96:6a:92:e0:98:c3:82:64:f9:3d:91:0c:c0:
                    4e:6c:27:db:fb:73:62:b4:12:d7:4c:b6:38:e7:00:
                    d4:d8:5c:7e:2e:b4:7c:36:58:69:a0:ff:2b:34:d1:
                    2b:d3:12:f1:b4:6e:17:c2:7b:68:ba:2d:6d:28:f8:
                    ce:af:74:1f:cc:9e:0a:a7:86:0b:1d:12:9e:01:9f:
                    6f:d9:21:f0:9d:08:43:cc:dc:02:b9:fb:67:4f:dd:
                    53:05:4c:76:6b:73:a5:c1:6c:2a:e0:0c:06:95:e0:
                    15:4c:56:28:a7:f6:5c:dc:62:53:db:fc:1c:04:8a:
                    5a:04:d2:00:6f:8c:58:2c:e3:c2:9c:3e:56:56:d1:
                    9b:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:4A:B1:A8:32:3D:12:1C:79:39:1D:6F:18:BB:B9:35:AA:42:94:59
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5c80caa3-8963-47f0-b26c-cfd40665af65.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.236.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         45:06:41:ab:3c:20:ed:d6:b5:a8:db:4c:e8:6f:05:ca:b9:18:
         e3:d8:d8:40:b8:91:6e:5d:c1:2e:ae:51:42:a4:7a:92:33:2b:
         f3:2c:7c:35:fb:c4:43:24:9a:08:eb:02:8c:3c:1b:0e:cf:1b:
         ef:31:e1:81:95:76:b3:08:ef:25:a5:df:34:da:7a:a2:bf:60:
         3d:6b:2d:22:ba:91:cd:34:8b:f6:1c:d8:6e:a7:83:d4:8f:7d:
         7d:a6:80:fc:2a:c9:68:d1:76:62:26:36:69:a7:8c:6c:8b:9f:
         51:00:11:9e:48:24:35:1b:8d:cb:12:95:32:3d:95:11:47:98:
         50:15:ee:4d:5b:76:c4:d9:1e:77:78:c2:dc:09:b2:7f:7b:45:
         e8:0d:3f:50:0c:f0:b1:23:ec:cf:e1:d3:80:ba:9b:70:07:72:
         4c:1f:8d:04:41:06:dd:46:14:e8:82:25:7d:e1:ed:95:16:d6:
         a4:62:b8:cd:b0:99:a2:32:de:2a:43:81:f2:94:89:64:4e:b2:
         1e:78:17:d2:20:9a:85:7a:3c:e4:48:15:9b:bf:d8:1b:f8:dc:
         65:17:18:7d:25:36:c5:b3:81:d8:b6:92:3b:dd:ff:dc:fa:9a:
         62:4e:5c:9d:ad:59:d1:99:3e:61:02:fd:5f:94:1d:ce:8d:ed:
         9c:ba:e2:11
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUE0QK3L5WiQVmetD7gaY7frYBOjcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI0MDAxMTMwWhcNMjUxMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNDQ2ZThjY2I4NzllZjVmMzYzYzQzYWRlNWRkYmMxZTQx
Y2IwNzg2YmYxYzgyNzgyYjE0MTA0Zjk4NzVlYjEwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCu6rXwGBUfJ70sYinhNCszPM6VPNa6ouHCaYE5ai/KVwuf
B2SVGbxrAi5be5ZUDc2VtkanUdvJUhWfX7K+YbBfDXgqIEKcJOON91TvTSCJfb4T
hfCiQzui/SZjIQgPU1nEWx8hXcTgq9/WfTztcX6ey12kfuzRKGsxlmqS4JjDgmT5
PZEMwE5sJ9v7c2K0EtdMtjjnANTYXH4utHw2WGmg/ys00SvTEvG0bhfCe2i6LW0o
+M6vdB/MngqnhgsdEp4Bn2/ZIfCdCEPM3AK5+2dP3VMFTHZrc6XBbCrgDAaV4BVM
Viin9lzcYlPb/BwEiloE0gBvjFgs48KcPlZW0ZudAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU/EqxqDI9Ehx5OR1vGLu5NapClFkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVjODBjYWEzLTg5NjMtNDdmMC1iMjZjLWNmZDQwNjY1YWY2NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCI7DANBgkqhkiG9w0BAQsFAAOCAQEARQZBqzwg7da1qNtM6G8FyrkY49jY
QLiRbl3BLq5RQqR6kjMr8yx8NfvEQySaCOsCjDwbDs8b7zHhgZV2swjvJaXfNNp6
or9gPWstIrqRzTSL9hzYbqeD1I99faaA/CrJaNF2YiY2aaeMbIufUQARnkgkNRuN
yxKVMj2VEUeYUBXuTVt2xNked3jC3Amyf3tF6A0/UAzwsSPsz+HTgLqbcAdyTB+N
BEEG3UYU6IIlfeHtlRbWpGK4zbCZojLeKkOB8pSJZE6yHngX0iCahXo85EgVm7/Y
G/jcZRcYfSU2xbOB2LaSO93/3PqaYk5cna1Z0Zk+YQL9X5Qdzo3tnLriEQ==
-----END CERTIFICATE-----