Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8a4b8157-155f-49b1-815b-a783006f50ed.roa
File:                     8a4b8157-155f-49b1-815b-a783006f50ed.roa (raw, json)
Hash identifier:          DV195QIkOiMF5TwIWQ52POIcQy8BN5H+KMS7Kn+jKLo=
Subject key identifier:   6E:97:C0:62:A1:CE:73:DB:8E:16:88:BD:2F:D5:CB:AB:A0:7D:7B:DC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       319F417057C8980DFE673AF490F388DE89693A43
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8a4b8157-155f-49b1-815b-a783006f50ed.roa
Signing time:             Sat 01 Nov 2025 00:50:53 +0000
ROA not before:           Sat 01 Nov 2025 00:50:53 +0000
ROA not after:            Sat 06 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        136.18.128.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:9f:41:70:57:c8:98:0d:fe:67:3a:f4:90:f3:88:de:89:69:3a:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  1 00:50:53 2025 GMT
            Not After : Dec  6 23:59:59 2025 GMT
        Subject: serialNumber=2f18f929ad872cedad2e8052b96836a07f9aec6b40c79e59e640f6d03364c93d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:51:6f:6f:a3:76:62:41:dd:79:4c:6b:ba:ce:
                    ab:7c:d3:c2:1d:81:c8:90:1c:68:31:12:b1:f7:0f:
                    93:69:c5:ea:02:e3:1e:9f:4e:b0:ea:62:75:c0:4a:
                    d5:a3:2e:93:c7:e6:ca:9c:66:dc:2c:83:1c:cc:f9:
                    68:c7:37:70:c3:f8:80:55:38:7e:f7:e7:a7:a3:45:
                    71:28:98:c7:ff:14:4d:ae:75:24:d3:21:3c:48:f0:
                    60:25:08:46:28:3d:d1:33:59:72:05:ea:76:65:09:
                    3e:2a:82:68:de:a8:1b:a2:60:12:06:ef:32:84:6e:
                    98:c1:c5:72:65:d9:fb:18:82:7c:73:2d:08:ef:0f:
                    5b:55:52:cd:35:27:65:ee:b9:b0:19:46:21:83:c3:
                    c6:e2:d9:31:af:b7:b4:d6:1c:57:c8:5a:1c:dc:54:
                    94:4e:1c:b1:ec:4b:45:77:a4:32:f6:2f:fd:3d:44:
                    0b:24:05:8c:a3:63:09:10:b1:6d:76:44:3f:a6:af:
                    19:8f:1b:fc:63:6b:23:d9:44:f7:d0:5d:7e:96:4f:
                    16:89:8e:55:45:7f:ff:23:e6:e2:72:07:96:fe:7e:
                    73:69:e7:0f:d9:b5:d3:f8:fe:9b:0c:fc:fa:53:d3:
                    51:85:66:8f:ac:d1:fa:32:92:da:ff:9c:ce:86:d2:
                    1d:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:97:C0:62:A1:CE:73:DB:8E:16:88:BD:2F:D5:CB:AB:A0:7D:7B:DC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8a4b8157-155f-49b1-815b-a783006f50ed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:11:0c:6c:4c:d3:b9:ea:3f:a0:c7:98:6d:9c:ab:c9:48:6a:
         21:56:20:fd:6c:52:6c:4b:ef:02:0e:2a:8e:14:4c:c8:af:35:
         c0:ca:31:60:49:00:e3:a2:bb:47:f8:05:f3:2c:d7:22:e2:83:
         e7:17:d7:58:b6:5b:96:ba:87:45:c5:58:d2:a1:34:da:63:c4:
         e5:0f:df:21:fe:bf:56:ea:4f:3f:fe:ef:6b:39:fb:19:09:cc:
         37:48:30:aa:43:74:d5:26:2d:9a:f9:1d:1d:77:71:ac:40:51:
         86:89:fc:a0:41:70:e9:f7:dd:aa:82:52:36:dc:35:db:93:8b:
         c4:2b:eb:c0:fc:7d:f8:33:79:33:2d:80:16:ce:3d:6e:18:04:
         0e:e0:63:53:a5:73:07:52:59:4e:b6:fb:3c:5e:aa:1e:47:f2:
         f7:1e:6b:0a:aa:ec:de:a5:4c:bc:85:b9:ef:e4:99:66:26:2f:
         6f:97:f2:9a:5f:aa:15:9b:5c:53:ac:93:e9:12:b4:a2:19:6f:
         dd:fb:00:98:ea:81:92:7e:bf:5f:cf:dc:e5:67:3a:bd:53:61:
         82:5c:ea:b2:c6:ca:e7:2d:c6:6b:01:16:1a:64:71:d8:f8:bd:
         e5:c4:14:56:82:09:c9:36:b7:70:b4:a8:f4:13:dd:b9:ff:6a:
         93:ab:2d:4f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMZ9BcFfImA3+Zzr0kPOI3olpOkMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAxMDA1MDUzWhcNMjUxMjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZjE4ZjkyOWFkODcyY2VkYWQyZTgwNTJiOTY4MzZhMDdm
OWFlYzZiNDBjNzllNTllNjQwZjZkMDMzNjRjOTNkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8UW9vo3ZiQd15TGu6zqt808IdgciQHGgxErH3D5NpxeoC
4x6fTrDqYnXAStWjLpPH5sqcZtwsgxzM+WjHN3DD+IBVOH7356ejRXEomMf/FE2u
dSTTITxI8GAlCEYoPdEzWXIF6nZlCT4qgmjeqBuiYBIG7zKEbpjBxXJl2fsYgnxz
LQjvD1tVUs01J2XuubAZRiGDw8bi2TGvt7TWHFfIWhzcVJROHLHsS0V3pDL2L/09
RAskBYyjYwkQsW12RD+mrxmPG/xjayPZRPfQXX6WTxaJjlVFf/8j5uJyB5b+fnNp
5w/ZtdP4/psM/PpT01GFZo+s0foyktr/nM6G0h1JAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbpfAYqHOc9uOFoi9L9XLq6B9e9wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhhNGI4MTU3LTE1NWYtNDliMS04MTViLWE3ODMwMDZmNTBlZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACIEoAwDQYJKoZIhvcNAQELBQADggEBADgRDGxM07nqP6DHmG2cq8lIaiFW
IP1sUmxL7wIOKo4UTMivNcDKMWBJAOOiu0f4BfMs1yLig+cX11i2W5a6h0XFWNKh
NNpjxOUP3yH+v1bqTz/+72s5+xkJzDdIMKpDdNUmLZr5HR13caxAUYaJ/KBBcOn3
3aqCUjbcNduTi8Qr68D8ffgzeTMtgBbOPW4YBA7gY1OlcwdSWU62+zxeqh5H8vce
awqq7N6lTLyFue/kmWYmL2+X8ppfqhWbXFOsk+kStKIZb937AJjqgZJ+v1/P3OVn
Or1TYYJc6rLGyuctxmsBFhpkcdj4veXEFFaCCck2t3C0qPQT3bn/apOrLU8=
-----END CERTIFICATE-----