Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d39e187c-88a8-41ad-918d-6d6c9508c20e.roa
File:                     d39e187c-88a8-41ad-918d-6d6c9508c20e.roa (raw, json)
Hash identifier:          t3eJPWsq9JFrLHv4f/LDIRk8+4/sGG/+tjABPKbtrzU=
Subject key identifier:   F0:D0:2D:F3:8B:A7:BD:CB:7F:24:6B:AB:2C:5B:43:3C:92:9F:49:02
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0445D3A6DFEDC840BB9077DC51A0268433DE681B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d39e187c-88a8-41ad-918d-6d6c9508c20e.roa
Signing time:             Tue 28 Oct 2025 00:00:11 +0000
ROA not before:           Tue 28 Oct 2025 00:00:11 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        76.223.136.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:45:d3:a6:df:ed:c8:40:bb:90:77:dc:51:a0:26:84:33:de:68:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:00:11 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=710f426b35199beec1c6db6dd29dcec003153df4520622a93d55b40974621750, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:7c:55:5b:75:01:b0:8d:93:93:39:b2:71:a9:
                    d9:9e:ae:2d:5e:e3:e9:f3:fa:c3:1a:ed:40:27:43:
                    f6:38:95:14:b5:7d:22:32:53:72:c8:bd:70:46:5d:
                    90:02:f5:06:89:ea:d5:70:ea:f4:b8:a1:aa:d5:a1:
                    c9:83:16:1a:99:04:b3:ee:74:dd:41:ff:7a:63:8a:
                    bd:05:d4:46:da:eb:0d:c1:f2:67:7a:84:42:13:6b:
                    c1:0f:5c:89:e8:01:bb:34:45:81:3f:0c:bc:45:d5:
                    8f:02:af:c1:b6:9f:03:8f:e0:77:9b:69:ba:f8:4a:
                    53:be:2a:21:f1:1e:2f:45:df:c1:19:43:0b:c9:39:
                    ef:81:ea:e3:cb:20:de:d2:da:c1:b4:53:d7:e6:2e:
                    16:9c:08:4b:b6:40:fa:f7:2c:14:4c:ce:6c:93:d6:
                    f0:4f:39:97:aa:5a:c8:e0:c9:32:57:96:a8:61:81:
                    33:40:3c:2f:ad:aa:a5:e1:1e:fe:95:51:fc:fb:0b:
                    14:31:c4:47:70:53:ad:53:00:e6:3e:e0:c2:ce:7c:
                    37:72:29:7c:80:6c:6f:a1:36:c1:de:da:6f:5c:1b:
                    9c:b3:43:40:f9:de:24:c7:aa:99:a2:23:2a:2c:5c:
                    ee:8c:0d:7c:6f:7b:d0:c9:5b:48:7f:4d:3f:22:14:
                    ec:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:D0:2D:F3:8B:A7:BD:CB:7F:24:6B:AB:2C:5B:43:3C:92:9F:49:02
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d39e187c-88a8-41ad-918d-6d6c9508c20e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.223.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         42:e8:58:90:c7:e1:86:40:88:dc:c9:df:ce:2c:2f:94:a1:62:
         3c:10:1a:72:37:b5:c4:5e:28:4b:92:4e:be:d8:a6:8e:85:af:
         28:9b:31:43:94:8e:b0:e2:c5:a4:8c:d3:89:8f:5b:1a:4b:f9:
         7d:08:18:db:fa:ad:12:65:28:ca:52:90:5f:92:7d:1b:17:b6:
         89:18:d3:3e:78:20:e0:63:fe:6e:e1:d4:01:4a:41:0d:0c:e3:
         03:77:d2:2a:17:93:d8:5e:b6:2c:36:ee:f5:62:0a:88:78:d6:
         c0:06:54:52:9d:d5:e6:af:9a:48:01:9a:7f:03:00:a4:02:d5:
         7e:60:a4:7d:25:eb:af:68:78:d1:e5:b3:b4:28:3b:94:ac:62:
         b6:33:2d:a9:74:76:31:c6:ed:6a:97:24:17:ba:91:e4:67:19:
         02:c7:ba:e7:41:08:c0:cb:2d:ae:84:e7:53:a2:c1:9a:b6:c7:
         67:75:6e:a0:b7:be:9b:9e:bd:86:91:38:98:8a:eb:b0:ed:30:
         9a:5d:8b:2d:da:c6:4d:89:88:9c:41:0e:eb:23:71:bc:02:5c:
         c4:3a:8e:fd:bc:73:94:ce:ff:3a:b7:a5:82:b3:66:41:c9:c8:
         48:00:e7:09:bd:16:89:19:73:82:28:0b:e4:0a:8b:46:31:d4:
         6f:ae:45:a5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBEXTpt/tyEC7kHfcUaAmhDPeaBswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDAwMDExWhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3MTBmNDI2YjM1MTk5YmVlYzFjNmRiNmRkMjlkY2VjMDAz
MTUzZGY0NTIwNjIyYTkzZDU1YjQwOTc0NjIxNzUwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6fFVbdQGwjZOTObJxqdmeri1e4+nz+sMa7UAnQ/Y4lRS1
fSIyU3LIvXBGXZAC9QaJ6tVw6vS4oarVocmDFhqZBLPudN1B/3pjir0F1Eba6w3B
8md6hEITa8EPXInoAbs0RYE/DLxF1Y8Cr8G2nwOP4Hebabr4SlO+KiHxHi9F38EZ
QwvJOe+B6uPLIN7S2sG0U9fmLhacCEu2QPr3LBRMzmyT1vBPOZeqWsjgyTJXlqhh
gTNAPC+tqqXhHv6VUfz7CxQxxEdwU61TAOY+4MLOfDdyKXyAbG+hNsHe2m9cG5yz
Q0D53iTHqpmiIyosXO6MDXxve9DJW0h/TT8iFOwNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8NAt84unvct/JGurLFtDPJKfSQIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QzOWUxODdjLTg4YTgtNDFhZC05MThkLTZkNmM5NTA4YzIwZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANM34gwDQYJKoZIhvcNAQELBQADggEBAELoWJDH4YZAiNzJ384sL5ShYjwQ
GnI3tcReKEuSTr7Ypo6FryibMUOUjrDixaSM04mPWxpL+X0IGNv6rRJlKMpSkF+S
fRsXtokY0z54IOBj/m7h1AFKQQ0M4wN30ioXk9hetiw27vViCoh41sAGVFKd1eav
mkgBmn8DAKQC1X5gpH0l669oeNHls7QoO5SsYrYzLal0djHG7WqXJBe6keRnGQLH
uudBCMDLLa6E51OiwZq2x2d1bqC3vpuevYaROJiK67DtMJpdiy3axk2JiJxBDusj
cbwCXMQ6jv28c5TO/zq3pYKzZkHJyEgA5wm9FokZc4IoC+QKi0Yx1G+uRaU=
-----END CERTIFICATE-----