Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aebec422-5453-4842-a3d0-552a331eb4af.roa
File:                     aebec422-5453-4842-a3d0-552a331eb4af.roa (raw, json)
Hash identifier:          PA1lYAxOLKVxKoUmgPtdRolkElD3VAhZ6FFqWJ701bE=
Subject key identifier:   21:69:3C:8C:7D:1E:68:73:B8:31:6E:C3:D8:9C:31:76:AA:C2:35:93
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       38D7B63906C03DD71E4F1D969B6C1293231B1DE4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aebec422-5453-4842-a3d0-552a331eb4af.roa
Signing time:             Sat 01 Nov 2025 00:10:34 +0000
ROA not before:           Sat 01 Nov 2025 00:10:34 +0000
ROA not after:            Sat 06 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.18.128.0/17 maxlen: 17
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:d7:b6:39:06:c0:3d:d7:1e:4f:1d:96:9b:6c:12:93:23:1b:1d:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  1 00:10:34 2025 GMT
            Not After : Dec  6 23:59:59 2025 GMT
        Subject: serialNumber=163aaa1b96f708bd63c0f5b783b33a9a1ec7d2f7faba12c6494a2ca98205b0c7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:c3:b6:5d:dc:9c:4d:dd:c5:de:bc:39:c8:08:
                    62:40:7e:69:78:b7:c7:94:81:d2:b7:5e:b3:1b:5f:
                    97:f2:97:a7:25:a3:42:60:16:0c:47:30:90:a5:59:
                    6e:3d:32:ff:71:3b:b1:d2:67:9a:40:b6:98:ef:c9:
                    94:52:87:74:b8:2a:c3:dd:29:10:66:0d:00:ae:39:
                    0e:01:2f:d1:51:93:f4:e0:65:a8:a4:e1:29:4c:ee:
                    f8:a8:55:a1:ad:6a:f9:85:90:0f:de:f3:7b:0c:73:
                    fb:15:be:ae:ff:fa:12:39:d8:91:1a:ac:67:0a:f2:
                    96:a9:8f:ba:29:d1:a8:24:1a:c4:9e:af:86:06:7b:
                    aa:4e:5e:c2:ea:12:8f:c5:e3:e7:75:d4:b8:ba:a0:
                    41:11:e1:57:95:69:66:72:a0:68:eb:f8:3d:73:49:
                    9d:ac:d0:8d:a8:d7:54:9d:ed:eb:ae:ea:7e:96:51:
                    39:0d:c2:c4:1e:2f:68:61:03:51:1e:49:e5:d8:96:
                    c9:dc:88:03:49:2c:ac:b7:6b:88:67:ab:b0:80:33:
                    db:b4:38:7d:4f:63:3b:72:b1:9d:84:e8:36:46:1f:
                    35:d3:fd:e4:a3:54:2a:d4:66:99:87:15:01:23:1d:
                    e5:61:f1:24:5f:9f:df:e7:a5:76:13:b2:fe:2b:b9:
                    53:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:69:3C:8C:7D:1E:68:73:B8:31:6E:C3:D8:9C:31:76:AA:C2:35:93
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aebec422-5453-4842-a3d0-552a331eb4af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         af:db:99:19:3d:41:1c:df:5b:1f:64:a9:b9:ee:f5:f3:75:d4:
         37:93:b0:f9:0f:45:50:ab:0c:c8:54:cb:cb:31:93:f6:77:77:
         c5:c4:57:c0:ad:08:d1:97:be:c7:83:17:7d:52:6d:92:13:75:
         17:42:69:4a:18:60:87:e5:e3:a9:20:c8:6d:7e:2c:2b:23:5c:
         76:7d:d1:18:e9:ca:82:e0:0d:41:67:62:4c:70:8f:f3:19:6a:
         74:e2:d1:ab:ad:7d:ba:8f:e5:4d:05:15:f3:f9:5d:59:87:23:
         e9:4b:73:e5:31:3c:ed:bf:d0:c9:63:98:56:20:3a:0d:ca:08:
         16:9c:58:a9:67:b0:d4:d8:bf:cb:a8:08:78:a7:ac:0a:6c:91:
         94:3b:75:98:0d:7b:39:f5:6f:8e:5e:af:75:25:ab:30:68:6c:
         12:72:f1:e6:21:0e:45:44:28:fd:9f:d7:01:23:f6:72:e4:59:
         a1:1d:68:91:e9:fd:24:30:97:fc:83:e4:2e:5d:59:d4:4d:c6:
         8d:22:6a:13:62:4b:98:c5:52:15:86:04:91:23:74:a2:99:e1:
         47:e4:70:ab:2e:1f:3b:3a:aa:2a:07:95:a1:76:f7:58:28:61:
         e1:0f:f7:a9:91:f1:1a:7f:66:11:ba:74:37:e5:f0:4e:bc:30:
         53:7d:ec:fc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUONe2OQbAPdceTx2Wm2wSkyMbHeQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAxMDAxMDM0WhcNMjUxMjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNjNhYWExYjk2ZjcwOGJkNjNjMGY1Yjc4M2IzM2E5YTFl
YzdkMmY3ZmFiYTEyYzY0OTRhMmNhOTgyMDViMGM3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDcw7Zd3JxN3cXevDnICGJAfml4t8eUgdK3XrMbX5fyl6cl
o0JgFgxHMJClWW49Mv9xO7HSZ5pAtpjvyZRSh3S4KsPdKRBmDQCuOQ4BL9FRk/Tg
Zaik4SlM7vioVaGtavmFkA/e83sMc/sVvq7/+hI52JEarGcK8papj7op0agkGsSe
r4YGe6pOXsLqEo/F4+d11Li6oEER4VeVaWZyoGjr+D1zSZ2s0I2o11Sd7euu6n6W
UTkNwsQeL2hhA1EeSeXYlsnciANJLKy3a4hnq7CAM9u0OH1PYztysZ2E6DZGHzXT
/eSjVCrUZpmHFQEjHeVh8SRfn9/npXYTsv4ruVOrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIWk8jH0eaHO4MW7D2JwxdqrCNZMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FlYmVjNDIyLTU0NTMtNDg0Mi1hM2QwLTU1MmEzMzFlYjRhZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAeIEoAwDQYJKoZIhvcNAQELBQADggEBAK/bmRk9QRzfWx9kqbnu9fN11DeT
sPkPRVCrDMhUy8sxk/Z3d8XEV8CtCNGXvseDF31SbZITdRdCaUoYYIfl46kgyG1+
LCsjXHZ90RjpyoLgDUFnYkxwj/MZanTi0autfbqP5U0FFfP5XVmHI+lLc+UxPO2/
0MljmFYgOg3KCBacWKlnsNTYv8uoCHinrApskZQ7dZgNezn1b45er3UlqzBobBJy
8eYhDkVEKP2f1wEj9nLkWaEdaJHp/SQwl/yD5C5dWdRNxo0iahNiS5jFUhWGBJEj
dKKZ4UfkcKsuHzs6qioHlaF291goYeEP96mR8Rp/ZhG6dDfl8E68MFN97Pw=
-----END CERTIFICATE-----