Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/75f1294d-03e7-415c-8881-5227f1076874.roa
File:                     75f1294d-03e7-415c-8881-5227f1076874.roa (raw, json)
Hash identifier:          mqR3Ss1wKfmHFF4kzfM/muGhGqnHU7OVBARUno7/OOk=
Subject key identifier:   97:15:3E:B0:80:B7:EF:6B:86:00:05:3A:BC:65:90:64:96:26:D7:84
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       32B77DCC35DB14D6B6DE77EBE2A1DAB8B1D9EEAD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/75f1294d-03e7-415c-8881-5227f1076874.roa
Signing time:             Sat 01 Nov 2025 00:20:47 +0000
ROA not before:           Sat 01 Nov 2025 00:20:47 +0000
ROA not after:            Sat 06 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.18.152.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:b7:7d:cc:35:db:14:d6:b6:de:77:eb:e2:a1:da:b8:b1:d9:ee:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  1 00:20:47 2025 GMT
            Not After : Dec  6 23:59:59 2025 GMT
        Subject: serialNumber=47f4ae7ff6c7b3e423689dbebf252c9b31aea56a6ec5ac4284c09082d983418d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:9a:ee:cb:bc:18:fd:85:2f:d5:7d:b1:83:db:
                    34:e4:38:e0:2f:20:2f:98:e1:b6:7d:1e:2e:af:93:
                    1d:30:bc:bc:94:ec:fc:3b:89:ba:11:70:2a:87:0d:
                    6d:61:e7:74:83:57:bb:2c:94:cb:e5:b0:f9:64:b3:
                    ab:a5:f8:e9:ce:74:24:32:02:5c:06:f6:74:8b:e1:
                    26:69:cc:e4:0a:16:15:03:06:b9:f5:da:c6:26:99:
                    f4:ac:74:62:f1:43:4b:4a:5d:a7:28:94:0a:d3:d7:
                    4b:2c:4a:a8:a0:cc:c2:d8:ec:35:43:03:e0:80:8d:
                    dd:09:5e:e8:e7:c5:9c:fc:b4:06:9a:ff:2d:6c:6d:
                    db:00:13:03:57:ea:9d:1d:02:db:1a:a7:24:c7:99:
                    ba:01:fb:ca:9d:15:d3:e4:39:11:9e:a0:8b:70:4b:
                    9b:2d:7c:1a:b1:60:3f:76:b0:84:7e:95:ba:f5:66:
                    04:5f:8e:cf:d3:a0:7c:8f:0a:24:3f:ec:0d:cd:08:
                    e0:59:81:f3:27:e2:f8:f4:e8:19:07:1e:cf:31:25:
                    9b:26:e5:1a:35:7f:5f:86:41:6e:6b:3b:ab:c1:b7:
                    3c:29:cc:de:07:bd:09:2c:10:2b:ef:32:77:33:d8:
                    f4:20:0c:db:46:5b:c1:d1:03:12:d1:79:f7:7b:a5:
                    0e:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:15:3E:B0:80:B7:EF:6B:86:00:05:3A:BC:65:90:64:96:26:D7:84
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/75f1294d-03e7-415c-8881-5227f1076874.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:f6:25:19:b5:79:66:5e:df:c1:24:47:36:de:ce:e3:80:c1:
         97:3f:32:13:a6:92:5d:b5:b6:61:fe:9f:71:30:47:76:12:9f:
         23:69:14:cd:1e:e4:38:cf:b5:07:65:5d:28:65:d8:29:6a:2c:
         53:82:b2:bf:0e:8f:e3:1e:2f:e8:45:1f:ee:b5:91:af:1d:e9:
         7f:e8:5c:51:56:82:99:66:b9:d2:cc:54:99:c2:2d:79:56:55:
         d5:31:79:37:7b:e5:7f:45:96:c3:db:21:63:c3:16:f8:05:0b:
         db:84:53:83:9a:55:7e:57:cc:1c:02:23:1f:6e:35:89:b4:7d:
         6b:cb:2d:39:7b:b8:c7:b0:ec:44:05:57:45:f1:d1:0f:bf:be:
         45:a8:dd:76:0e:36:31:e1:d0:ac:a4:5f:a7:42:e5:e9:40:c3:
         af:e6:fa:5c:d1:16:48:78:2b:58:17:d2:d9:89:4e:25:d4:d4:
         77:3d:e6:9f:fe:8e:64:33:ec:9c:b0:6c:75:c0:76:b5:e8:d8:
         fe:2e:c4:9f:92:da:e3:96:a1:46:0a:39:9f:28:3b:45:46:72:
         07:29:18:8c:72:c8:91:e3:e8:06:34:4b:4b:96:fd:b1:33:98:
         d6:bb:e7:79:d3:92:d9:a8:cc:2d:83:d0:3e:64:81:4a:06:66:
         d7:79:5e:5d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMrd9zDXbFNa23nfr4qHauLHZ7q0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAxMDAyMDQ3WhcNMjUxMjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0A0N2Y0YWU3ZmY2YzdiM2U0MjM2ODlkYmViZjI1MmM5YjMx
YWVhNTZhNmVjNWFjNDI4NGMwOTA4MmQ5ODM0MThkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCXmu7LvBj9hS/VfbGD2zTkOOAvIC+Y4bZ9Hi6vkx0wvLyU
7Pw7iboRcCqHDW1h53SDV7sslMvlsPlks6ul+OnOdCQyAlwG9nSL4SZpzOQKFhUD
Brn12sYmmfSsdGLxQ0tKXacolArT10ssSqigzMLY7DVDA+CAjd0JXujnxZz8tAaa
/y1sbdsAEwNX6p0dAtsapyTHmboB+8qdFdPkORGeoItwS5stfBqxYD92sIR+lbr1
ZgRfjs/ToHyPCiQ/7A3NCOBZgfMn4vj06BkHHs8xJZsm5Ro1f1+GQW5rO6vBtzwp
zN4HvQksECvvMncz2PQgDNtGW8HRAxLRefd7pQ59AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlxU+sIC372uGAAU6vGWQZJYm14QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc1ZjEyOTRkLTAzZTctNDE1Yy04ODgxLTUyMjdmMTA3Njg3NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAKIEpgwDQYJKoZIhvcNAQELBQADggEBAAr2JRm1eWZe38EkRzbezuOAwZc/
MhOmkl21tmH+n3EwR3YSnyNpFM0e5DjPtQdlXShl2ClqLFOCsr8Oj+MeL+hFH+61
ka8d6X/oXFFWgplmudLMVJnCLXlWVdUxeTd75X9FlsPbIWPDFvgFC9uEU4OaVX5X
zBwCIx9uNYm0fWvLLTl7uMew7EQFV0Xx0Q+/vkWo3XYONjHh0KykX6dC5elAw6/m
+lzRFkh4K1gX0tmJTiXU1Hc95p/+jmQz7JywbHXAdrXo2P4uxJ+S2uOWoUYKOZ8o
O0VGcgcpGIxyyJHj6AY0S0uW/bEzmNa753nTktmozC2D0D5kgUoGZtd5Xl0=
-----END CERTIFICATE-----