Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8d7ea324-6e51-4ebe-953f-a65042988297.roa
File:                     8d7ea324-6e51-4ebe-953f-a65042988297.roa (raw, json)
Hash identifier:          PMtCPvUH49ea5W/eXl/6rEWoC3JlJiHV2kxNPWWq5/o=
Subject key identifier:   0D:91:1B:45:13:52:BC:0D:DF:4A:06:EA:F0:E6:47:61:91:2A:68:DC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6667E9C93FBE419C470BF3B373B540CA8486B875
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8d7ea324-6e51-4ebe-953f-a65042988297.roa
Signing time:             Tue 14 Oct 2025 00:21:25 +0000
ROA not before:           Tue 14 Oct 2025 00:21:25 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        130.176.2.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:67:e9:c9:3f:be:41:9c:47:0b:f3:b3:73:b5:40:ca:84:86:b8:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 00:21:25 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=2cba5c73255c691e5ac656821b63e162a07517c1d2eb2b3820b0683084033dac, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ce:fd:c5:c0:39:8b:1e:05:4b:c6:9e:9d:c0:
                    b7:85:da:ff:4d:fc:87:c0:0c:e2:13:60:54:42:15:
                    0e:53:9a:fb:78:d2:3b:ac:49:d2:56:7a:7a:bb:1d:
                    61:eb:e3:4c:dd:b0:10:1c:e8:2d:e2:2b:43:3e:4b:
                    3a:ec:66:3c:b1:29:2d:5a:cc:ba:e2:74:a2:3e:5b:
                    ce:91:29:59:81:db:24:e1:fd:40:ac:cd:8a:16:35:
                    7b:78:1e:95:5c:ee:b5:52:af:9e:2d:de:8f:81:87:
                    46:87:77:6d:fa:bb:60:2b:f9:b4:40:9a:fb:68:49:
                    b3:15:ae:4b:91:e6:05:03:fc:b4:82:51:69:6d:43:
                    6c:f3:91:bc:dd:ae:4b:14:b4:3f:9e:a8:62:97:3f:
                    1f:20:02:ba:ff:7a:e7:ca:3e:a6:12:24:d4:aa:7a:
                    98:74:12:d4:de:ab:4e:0e:fb:39:0b:85:56:82:48:
                    f3:8a:43:9e:c1:1f:42:f5:2f:2b:30:a1:94:57:26:
                    da:2d:81:d3:e5:7b:12:bb:24:7a:ff:96:50:22:17:
                    38:48:45:e8:97:30:bf:e6:b2:73:36:cb:09:2d:b5:
                    a4:0a:e6:d5:69:78:bd:a2:d9:1f:54:f0:0f:3e:72:
                    23:d7:69:0d:e3:44:5f:02:63:1d:5e:a1:68:eb:0a:
                    98:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:91:1B:45:13:52:BC:0D:DF:4A:06:EA:F0:E6:47:61:91:2A:68:DC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8d7ea324-6e51-4ebe-953f-a65042988297.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.176.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:9d:76:81:d6:85:14:b3:a5:5c:c6:db:2a:5d:d7:a8:7b:ff:
         56:2b:88:fa:1c:03:e6:92:c2:b1:07:62:1a:5a:b1:8e:9f:e1:
         e8:a3:9f:bf:52:db:d8:f4:3e:85:ba:ab:cf:a2:12:66:f3:23:
         f3:80:1f:22:5d:a1:9f:d3:6e:4d:d8:3d:98:28:dd:b1:fd:2e:
         af:5e:fe:8a:71:d5:8f:72:72:6b:f7:ed:b7:85:80:b4:5c:5a:
         b7:8c:79:f9:03:6b:9b:cc:23:20:f7:b3:eb:cf:fd:64:d8:06:
         6c:64:b3:23:9e:e8:62:c2:d8:0d:72:0d:65:36:2e:a4:0c:af:
         87:b0:93:04:a9:66:6c:39:bd:6f:6c:3b:37:f9:5f:cf:15:e6:
         0a:84:88:16:60:95:30:1b:1f:aa:e8:e0:86:23:4b:0e:df:17:
         42:cb:af:d5:4f:04:70:5d:84:e0:57:7c:18:b9:71:1f:a9:cd:
         5a:7e:30:73:e8:58:8b:02:86:d9:6e:21:ce:97:a9:19:07:01:
         de:5f:5b:19:6d:7a:c2:27:0b:cf:7e:c6:01:78:5d:4b:9d:bd:
         1c:15:63:c2:91:7f:1d:ae:cf:15:00:b2:0f:b0:dd:07:4d:d4:
         a1:74:dd:67:dd:8b:b5:a1:c8:81:93:7b:27:81:46:38:2a:52:
         8b:08:e5:4c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZmfpyT++QZxHC/Ozc7VAyoSGuHUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MDAyMTI1WhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyY2JhNWM3MzI1NWM2OTFlNWFjNjU2ODIxYjYzZTE2MmEw
NzUxN2MxZDJlYjJiMzgyMGIwNjgzMDg0MDMzZGFjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCKzv3FwDmLHgVLxp6dwLeF2v9N/IfADOITYFRCFQ5Tmvt4
0jusSdJWenq7HWHr40zdsBAc6C3iK0M+SzrsZjyxKS1azLridKI+W86RKVmB2yTh
/UCszYoWNXt4HpVc7rVSr54t3o+Bh0aHd236u2Ar+bRAmvtoSbMVrkuR5gUD/LSC
UWltQ2zzkbzdrksUtD+eqGKXPx8gArr/eufKPqYSJNSqeph0EtTeq04O+zkLhVaC
SPOKQ57BH0L1LyswoZRXJtotgdPlexK7JHr/llAiFzhIReiXML/msnM2ywkttaQK
5tVpeL2i2R9U8A8+ciPXaQ3jRF8CYx1eoWjrCphVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDZEbRRNSvA3fSgbq8OZHYZEqaNwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhkN2VhMzI0LTZlNTEtNGViZS05NTNmLWE2NTA0Mjk4ODI5Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACCsAIwDQYJKoZIhvcNAQELBQADggEBALCddoHWhRSzpVzG2ypd16h7/1Yr
iPocA+aSwrEHYhpasY6f4eijn79S29j0PoW6q8+iEmbzI/OAHyJdoZ/Tbk3YPZgo
3bH9Lq9e/opx1Y9ycmv37beFgLRcWreMefkDa5vMIyD3s+vP/WTYBmxksyOe6GLC
2A1yDWU2LqQMr4ewkwSpZmw5vW9sOzf5X88V5gqEiBZglTAbH6ro4IYjSw7fF0LL
r9VPBHBdhOBXfBi5cR+pzVp+MHPoWIsChtluIc6XqRkHAd5fWxltesInC89+xgF4
XUudvRwVY8KRfx2uzxUAsg+w3QdN1KF03Wfdi7WhyIGTeyeBRjgqUosI5Uw=
-----END CERTIFICATE-----