Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4391dc68-2a33-4b79-8713-4af8518a52be.roa
File:                     4391dc68-2a33-4b79-8713-4af8518a52be.roa (raw, json)
Hash identifier:          t+Udi+y1I1oU1s33wzXQ5dhLpGhxmuqUUKfgwEjohC0=
Subject key identifier:   27:8B:67:58:80:D9:17:8D:8F:83:7D:B3:4F:53:03:A1:29:41:3A:D9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       40254DA740CC4EFC9EAE340D04549F9BE6A589B7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4391dc68-2a33-4b79-8713-4af8518a52be.roa
Signing time:             Sat 27 Sep 2025 00:40:39 +0000
ROA not before:           Sat 27 Sep 2025 00:40:39 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        76.255.64.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:25:4d:a7:40:cc:4e:fc:9e:ae:34:0d:04:54:9f:9b:e6:a5:89:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 27 00:40:39 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=62e1853ef364605b9a729e52a27deb2bf54c5de380e48e6f607379d360f35c66, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c9:3e:8f:9b:aa:75:4a:9f:a6:40:49:d8:75:
                    b7:39:ec:27:13:05:3e:7c:da:a4:47:fc:81:2a:24:
                    f2:90:29:65:85:e1:df:df:8e:64:eb:e2:6e:a0:d8:
                    e2:1f:56:a5:bb:d8:1e:ee:91:c7:24:9b:a3:7b:a7:
                    a6:8b:9d:04:e4:a0:36:77:56:22:71:af:d7:a7:30:
                    3b:44:db:e9:48:4c:e2:cb:7b:e4:dc:96:de:df:4d:
                    ab:92:43:a8:ac:27:ab:45:27:a6:be:e0:28:b9:83:
                    70:68:f2:fe:6f:25:8a:b5:61:a3:0d:14:46:11:fc:
                    ff:76:eb:f7:79:8d:41:be:17:52:f5:c0:3e:cd:d0:
                    11:ec:82:4d:26:bb:f5:2b:51:89:c7:57:dc:34:9e:
                    f9:13:22:3f:44:6d:dc:7a:62:41:7c:28:6d:c9:11:
                    77:d3:54:07:88:c0:84:3d:72:ae:be:56:ad:9a:3f:
                    d7:c5:40:0b:2c:05:cf:85:2a:b6:5f:d0:14:a6:30:
                    99:0b:75:52:2d:43:de:c8:89:e6:cb:45:8f:3b:41:
                    3e:f2:c9:b7:19:e6:40:be:88:f6:1b:80:10:5f:33:
                    98:97:32:4d:4c:2e:4c:c8:c1:e2:94:ff:d2:91:cd:
                    7f:a0:5f:b8:b7:66:54:d3:45:06:8a:cb:52:c2:e3:
                    fe:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:8B:67:58:80:D9:17:8D:8F:83:7D:B3:4F:53:03:A1:29:41:3A:D9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4391dc68-2a33-4b79-8713-4af8518a52be.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.255.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         48:17:23:22:72:30:29:03:7e:69:38:0c:ce:28:39:cd:67:42:
         3f:b3:79:9c:d5:9e:e8:00:87:74:f7:26:f6:a1:78:c4:e7:b9:
         6c:2b:37:dc:f7:d1:f5:c9:60:42:85:d3:59:57:10:db:b4:b6:
         f4:0f:42:a2:1b:a5:58:b9:65:9d:fe:22:12:ba:81:e8:51:d1:
         6f:57:5a:a4:fa:b3:55:d3:97:f4:f3:1f:22:29:f3:79:74:e0:
         5c:e4:cf:ea:a5:4d:2d:a3:86:90:71:06:c5:c4:1a:c3:39:03:
         8a:2c:6a:9a:e4:cb:39:8b:41:dc:6c:80:db:13:0d:d6:08:37:
         87:38:dd:9b:12:fb:a5:b2:3f:33:ff:cc:97:cf:b9:8b:d4:c3:
         04:5b:81:56:74:65:1d:c7:d5:19:b7:c3:c9:d4:01:a5:27:b5:
         e4:b6:a0:17:17:97:2e:67:4c:ed:75:7f:6c:7e:cb:7f:53:dd:
         24:72:1f:e2:ba:e7:55:56:c4:3e:db:4c:f7:33:35:8d:97:58:
         49:06:1e:b0:49:d3:14:4b:41:9f:bb:a1:4f:b7:65:1d:dd:65:
         0b:de:15:79:58:dd:2a:c9:f6:ab:23:30:d1:3e:66:71:6c:3c:
         15:5c:7b:27:f1:65:14:68:f8:1e:79:4f:ed:ab:1b:b9:c9:77:
         2f:fe:4d:63
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQCVNp0DMTvyerjQNBFSfm+alibcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI3MDA0MDM5WhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MmUxODUzZWYzNjQ2MDViOWE3MjllNTJhMjdkZWIyYmY1
NGM1ZGUzODBlNDhlNmY2MDczNzlkMzYwZjM1YzY2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyyT6Pm6p1Sp+mQEnYdbc57CcTBT582qRH/IEqJPKQKWWF
4d/fjmTr4m6g2OIfVqW72B7ukcckm6N7p6aLnQTkoDZ3ViJxr9enMDtE2+lITOLL
e+Tclt7fTauSQ6isJ6tFJ6a+4Ci5g3Bo8v5vJYq1YaMNFEYR/P926/d5jUG+F1L1
wD7N0BHsgk0mu/UrUYnHV9w0nvkTIj9Ebdx6YkF8KG3JEXfTVAeIwIQ9cq6+Vq2a
P9fFQAssBc+FKrZf0BSmMJkLdVItQ97IiebLRY87QT7yybcZ5kC+iPYbgBBfM5iX
Mk1MLkzIweKU/9KRzX+gX7i3ZlTTRQaKy1LC4/5vAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJ4tnWIDZF42Pg32zT1MDoSlBOtkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQzOTFkYzY4LTJhMzMtNGI3OS04NzEzLTRhZjg1MThhNTJiZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZM/0AwDQYJKoZIhvcNAQELBQADggEBAEgXIyJyMCkDfmk4DM4oOc1nQj+z
eZzVnugAh3T3JvaheMTnuWwrN9z30fXJYEKF01lXENu0tvQPQqIbpVi5ZZ3+IhK6
gehR0W9XWqT6s1XTl/TzHyIp83l04Fzkz+qlTS2jhpBxBsXEGsM5A4osaprkyzmL
QdxsgNsTDdYIN4c43ZsS+6WyPzP/zJfPuYvUwwRbgVZ0ZR3H1Rm3w8nUAaUnteS2
oBcXly5nTO11f2x+y39T3SRyH+K651VWxD7bTPczNY2XWEkGHrBJ0xRLQZ+7oU+3
ZR3dZQveFXlY3SrJ9qsjMNE+ZnFsPBVceyfxZRRo+B55T+2rG7nJdy/+TWM=
-----END CERTIFICATE-----