Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d32d1e22-993d-4ec7-ac95-98f30ee5cdb9.roa
File:                     d32d1e22-993d-4ec7-ac95-98f30ee5cdb9.roa (raw, json)
Hash identifier:          qGBm/FKVRowF7gynr6UakJbCvrbANUQryq61R8+oYUQ=
Subject key identifier:   33:D6:8E:3B:0C:51:9E:29:2F:B6:93:66:09:7A:06:A4:39:EF:E7:67
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3305DBF18F550CB602C4FACBC6933F74DFB9A1A7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d32d1e22-993d-4ec7-ac95-98f30ee5cdb9.roa
Signing time:             Tue 11 Nov 2025 02:30:16 +0000
ROA not before:           Tue 11 Nov 2025 02:30:16 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.18.0.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:05:db:f1:8f:55:0c:b6:02:c4:fa:cb:c6:93:3f:74:df:b9:a1:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 02:30:16 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=45893781d95fa1c6aaabd8819c6aeeb19bc838cf18de1e9904c1d572432130f3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:21:56:ce:d7:74:5c:45:c1:51:5b:fb:5a:6b:
                    8c:6e:90:a5:64:5c:33:e2:0b:56:50:d3:72:08:e9:
                    aa:2d:d1:66:68:cd:68:d4:7d:20:c3:b1:84:9c:75:
                    15:db:31:90:92:97:73:e1:e0:7e:8d:aa:60:3e:00:
                    03:35:19:ea:ab:38:0a:af:9a:f8:9f:a3:a3:02:fd:
                    2e:8b:b3:87:58:83:b9:a5:ec:f1:c1:8e:c1:83:46:
                    cb:b6:23:8c:5c:b2:8d:fc:d2:c8:ab:e6:f9:96:1c:
                    eb:e6:1a:61:58:6d:c7:d5:5e:aa:d8:cc:e4:07:c6:
                    e8:db:d7:9c:78:68:96:ef:49:e5:2a:b9:00:21:58:
                    18:ad:32:82:73:c1:f8:89:b0:3c:f0:09:e8:9f:bb:
                    04:47:11:2e:01:a4:02:36:cb:02:82:51:36:22:dc:
                    89:a8:62:79:54:95:9a:a4:37:42:98:12:71:bd:f3:
                    4c:97:9c:0c:82:6e:19:8b:61:be:4d:fe:a9:92:19:
                    b1:42:e5:97:b8:a8:37:b6:5e:cc:4e:a4:24:80:bb:
                    30:b3:0e:26:52:07:6e:2c:5c:63:ed:3f:d7:6b:13:
                    a7:83:2b:23:e5:0d:d6:7a:07:1b:45:d2:09:78:28:
                    85:15:b4:42:83:02:a4:b2:7b:d0:7d:ba:1e:fd:b7:
                    ff:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:D6:8E:3B:0C:51:9E:29:2F:B6:93:66:09:7A:06:A4:39:EF:E7:67
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d32d1e22-993d-4ec7-ac95-98f30ee5cdb9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3b:94:8f:12:ed:95:b2:2d:9a:a1:7d:f1:9b:ce:b7:1d:20:26:
         66:14:f5:5b:d1:c8:53:9c:24:6e:f3:7a:05:32:3f:5d:a0:59:
         ec:c9:e9:04:24:e2:31:18:85:e3:d1:ef:25:a2:48:a6:c0:07:
         b6:2a:44:14:cb:48:39:2d:9c:bb:c2:eb:cf:8f:83:f0:13:36:
         c8:e8:22:8e:01:a0:68:0f:e4:4f:e3:03:b3:59:1c:4d:43:9a:
         91:5f:36:3e:fc:ff:33:ee:08:b1:f9:ff:ef:73:df:97:e3:12:
         3d:91:87:bd:95:07:f3:6f:48:df:19:6e:7a:41:91:0a:91:67:
         b6:b1:0a:a2:30:e1:3c:9a:d9:be:b1:90:62:e3:32:06:66:e8:
         e9:94:51:b2:0c:92:24:65:15:41:27:0a:0b:86:11:2d:09:19:
         d4:3f:36:8b:8a:9b:f1:71:09:ab:f9:f4:b0:ef:41:33:40:6a:
         c8:7f:cb:57:32:e1:2d:72:26:d8:c7:74:d3:36:8e:99:62:49:
         6a:ee:97:1e:67:41:d1:8e:fc:c3:d4:fd:34:30:ef:38:1f:a4:
         ba:d7:06:a0:91:87:d6:90:9e:35:76:11:a0:33:46:25:59:9b:
         df:88:1c:dc:dc:da:17:2f:f0:45:18:d7:98:48:95:78:74:cc:
         6c:a3:12:b6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMwXb8Y9VDLYCxPrLxpM/dN+5oacwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDIzMDE2WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NTg5Mzc4MWQ5NWZhMWM2YWFhYmQ4ODE5YzZhZWViMTli
YzgzOGNmMThkZTFlOTkwNGMxZDU3MjQzMjEzMGYzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSIVbO13RcRcFRW/taa4xukKVkXDPiC1ZQ03II6aot0WZo
zWjUfSDDsYScdRXbMZCSl3Ph4H6NqmA+AAM1GeqrOAqvmvifo6MC/S6Ls4dYg7ml
7PHBjsGDRsu2I4xcso380sir5vmWHOvmGmFYbcfVXqrYzOQHxujb15x4aJbvSeUq
uQAhWBitMoJzwfiJsDzwCeifuwRHES4BpAI2ywKCUTYi3ImoYnlUlZqkN0KYEnG9
80yXnAyCbhmLYb5N/qmSGbFC5Ze4qDe2XsxOpCSAuzCzDiZSB24sXGPtP9drE6eD
KyPlDdZ6BxtF0gl4KIUVtEKDAqSye9B9uh79t//lAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUM9aOOwxRnikvtpNmCXoGpDnv52cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QzMmQxZTIyLTk5M2QtNGVjNy1hYzk1LTk4ZjMwZWU1Y2RiOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAGIEgAwDQYJKoZIhvcNAQELBQADggEBADuUjxLtlbItmqF98ZvOtx0gJmYU
9VvRyFOcJG7zegUyP12gWezJ6QQk4jEYhePR7yWiSKbAB7YqRBTLSDktnLvC68+P
g/ATNsjoIo4BoGgP5E/jA7NZHE1DmpFfNj78/zPuCLH5/+9z35fjEj2Rh72VB/Nv
SN8ZbnpBkQqRZ7axCqIw4Tya2b6xkGLjMgZm6OmUUbIMkiRlFUEnCguGES0JGdQ/
NouKm/FxCav59LDvQTNAash/y1cy4S1yJtjHdNM2jpliSWrulx5nQdGO/MPU/TQw
7zgfpLrXBqCRh9aQnjV2EaAzRiVZm9+IHNzc2hcv8EUY15hIlXh0zGyjErY=
-----END CERTIFICATE-----