Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8e798f49-6f12-4729-9f49-3867638298bb.roa
File:                     8e798f49-6f12-4729-9f49-3867638298bb.roa (raw, json)
Hash identifier:          vLyC6QayIOD4eaakhpp0dBoI8ta/VP33qULvOmYnyfE=
Subject key identifier:   E5:DF:36:AD:3D:AA:42:C4:09:6A:25:DD:24:3A:0D:D7:A7:F4:1B:63
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       73887D5F843EDC650CA1486F91E224026F3FCC92
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8e798f49-6f12-4729-9f49-3867638298bb.roa
Signing time:             Tue 14 Oct 2025 15:02:08 +0000
ROA not before:           Tue 14 Oct 2025 15:02:08 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        130.176.109.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:88:7d:5f:84:3e:dc:65:0c:a1:48:6f:91:e2:24:02:6f:3f:cc:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 15:02:08 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=a6d99fd74043ef2a128c8f9d7406a6f1a268375bf72955a4eabd43b28cbf68e6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:57:9a:27:5f:67:50:6d:7b:36:04:ef:dc:a5:
                    af:86:c2:b2:56:33:41:6d:0e:80:47:01:15:69:ad:
                    79:4a:9d:57:b8:46:b7:6a:97:30:e2:43:3f:01:10:
                    09:20:38:2b:cd:69:af:7d:6e:a0:1d:ac:6c:22:f2:
                    3e:93:bd:f8:e7:ce:4e:91:d2:f0:e2:63:2f:aa:5f:
                    ae:39:9b:88:8a:05:bf:3f:42:e0:6c:62:e5:e1:7d:
                    0c:f5:2e:a2:bc:6c:d8:c5:7a:bc:74:4b:27:3d:cc:
                    1a:f9:c0:c6:03:b6:07:0f:21:95:b7:f9:02:bd:85:
                    02:0b:24:c6:3f:04:84:62:f8:b4:30:70:af:05:6c:
                    c5:e5:83:4e:52:34:e8:71:f8:45:f1:c7:67:16:3f:
                    15:26:05:df:cd:ce:7e:4e:28:1a:f7:71:73:2c:67:
                    41:74:ff:e0:99:8e:87:18:63:f2:60:ae:47:e8:f0:
                    4e:ef:06:dd:6f:af:63:e3:a7:f3:db:65:80:4c:32:
                    1d:fc:a7:ef:cf:f2:b2:a9:8f:f3:f1:2c:12:1c:fe:
                    52:6b:50:60:0c:47:f7:92:88:ec:f3:3a:3b:88:26:
                    9b:82:95:b6:c2:5c:bb:7e:67:dd:a6:79:3c:b9:f9:
                    90:9c:95:29:2e:58:b1:28:b5:41:54:db:75:48:e5:
                    b0:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:DF:36:AD:3D:AA:42:C4:09:6A:25:DD:24:3A:0D:D7:A7:F4:1B:63
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8e798f49-6f12-4729-9f49-3867638298bb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.176.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:31:4e:1c:db:f1:ba:42:64:c1:5e:bb:88:83:7c:e6:c3:3a:
         5b:93:7c:bc:ab:a1:fc:ac:8d:78:cf:8a:08:f8:fb:ff:2a:6e:
         a8:92:73:25:63:a1:f2:2c:a3:e4:2c:fc:16:12:ef:9b:8b:f3:
         ec:a7:dc:08:e6:e7:e3:e5:8a:cc:b6:35:c7:4b:c0:74:4d:32:
         1a:3c:ae:3d:ac:08:a6:55:9e:75:a9:4f:88:f1:36:ac:9c:8e:
         17:94:cf:74:e6:84:e9:78:40:4d:a4:a1:c1:33:9a:cf:b8:a8:
         5b:cc:5b:0e:db:2c:73:e6:41:5d:0d:92:2c:cf:e5:8c:b9:04:
         c8:19:98:27:b1:ce:dc:1e:36:76:c6:7b:61:87:ca:fa:9a:d0:
         d6:fe:62:87:1c:96:5d:f0:eb:b9:07:59:4b:7f:b9:14:3d:34:
         00:13:6d:00:28:a0:75:c4:dd:ea:2c:82:b4:36:86:a7:27:50:
         9e:52:34:8a:4c:51:76:31:be:1b:e2:cc:a4:5f:37:9c:8a:8b:
         0f:45:9a:da:6c:2b:8e:c3:24:61:fd:f6:b1:ea:41:b5:2b:d3:
         76:9b:cd:22:bf:19:b2:40:d2:ab:3e:00:5f:ac:28:a0:8c:d1:
         79:e6:f0:aa:d1:16:fc:98:f2:10:a4:ff:af:59:27:84:67:24:
         2c:8d:5a:df
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUc4h9X4Q+3GUMoUhvkeIkAm8/zJIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTUwMjA4WhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNmQ5OWZkNzQwNDNlZjJhMTI4YzhmOWQ3NDA2YTZmMWEy
NjgzNzViZjcyOTU1YTRlYWJkNDNiMjhjYmY2OGU2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDoV5onX2dQbXs2BO/cpa+GwrJWM0FtDoBHARVprXlKnVe4
RrdqlzDiQz8BEAkgOCvNaa99bqAdrGwi8j6Tvfjnzk6R0vDiYy+qX645m4iKBb8/
QuBsYuXhfQz1LqK8bNjFerx0Syc9zBr5wMYDtgcPIZW3+QK9hQILJMY/BIRi+LQw
cK8FbMXlg05SNOhx+EXxx2cWPxUmBd/Nzn5OKBr3cXMsZ0F0/+CZjocYY/Jgrkfo
8E7vBt1vr2Pjp/PbZYBMMh38p+/P8rKpj/PxLBIc/lJrUGAMR/eSiOzzOjuIJpuC
lbbCXLt+Z92meTy5+ZCclSkuWLEotUFU23VI5bCdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5d82rT2qQsQJaiXdJDoN16f0G2MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhlNzk4ZjQ5LTZmMTItNDcyOS05ZjQ5LTM4Njc2MzgyOThiYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACCsG0wDQYJKoZIhvcNAQELBQADggEBAMkxThzb8bpCZMFeu4iDfObDOluT
fLyrofysjXjPigj4+/8qbqiScyVjofIso+Qs/BYS75uL8+yn3Ajm5+Plisy2NcdL
wHRNMho8rj2sCKZVnnWpT4jxNqycjheUz3TmhOl4QE2kocEzms+4qFvMWw7bLHPm
QV0NkizP5Yy5BMgZmCexztweNnbGe2GHyvqa0Nb+Yoccll3w67kHWUt/uRQ9NAAT
bQAooHXE3eosgrQ2hqcnUJ5SNIpMUXYxvhvizKRfN5yKiw9FmtpsK47DJGH99rHq
QbUr03abzSK/GbJA0qs+AF+sKKCM0Xnm8KrRFvyY8hCk/69ZJ4RnJCyNWt8=
-----END CERTIFICATE-----