Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da395588-d89b-4035-b834-7552c1e5a259.roa
File:                     da395588-d89b-4035-b834-7552c1e5a259.roa (raw, json)
Hash identifier:          NQ9Tc453HyhNIIFxd6nOA7AkVwoAkGUPPzDJwt8Ua+s=
Subject key identifier:   07:63:19:78:34:34:FC:5F:9B:D9:A2:0B:04:79:8A:10:78:A7:24:CD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       45A2DF5D8EC06F45DD10C0A2FFD7D171A6131445
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da395588-d89b-4035-b834-7552c1e5a259.roa
Signing time:             Wed 22 Oct 2025 00:00:13 +0000
ROA not before:           Wed 22 Oct 2025 00:00:13 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        76.223.168.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:a2:df:5d:8e:c0:6f:45:dd:10:c0:a2:ff:d7:d1:71:a6:13:14:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:00:13 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=2ac2af00a467f8cb91c0415fbb00d51dc26fa66f7d21d98bce8c2dddeae21c6b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:88:db:07:f2:16:9b:07:99:7b:7e:f6:11:ad:
                    1b:5b:b6:34:92:2a:03:df:13:35:c7:4d:3d:87:14:
                    a2:0a:bd:10:33:f1:06:e4:8c:50:10:cd:38:9a:0c:
                    c4:4d:ff:01:73:ea:ff:af:08:4c:18:ec:93:30:04:
                    8e:eb:6e:5f:9a:8e:31:f9:4d:fb:f6:ff:2b:94:f2:
                    eb:ce:65:a1:00:dd:02:13:b4:a6:7e:98:a1:de:93:
                    31:69:c9:02:04:e5:ee:9b:31:d9:7c:a4:26:f5:02:
                    55:e8:ae:27:4f:29:d2:79:61:22:68:12:a8:97:9c:
                    41:6d:ec:92:2f:4d:30:6c:fe:98:23:08:dc:e2:6b:
                    bd:60:e1:be:1e:4d:c6:bc:fc:1f:75:3d:49:bf:2d:
                    c1:cf:63:fb:0c:54:b5:bb:1d:73:ce:c4:2b:72:a5:
                    74:84:ae:5b:9c:67:01:b1:01:8f:d8:60:f9:ee:58:
                    e3:09:ea:b9:a1:75:2b:64:a6:3d:e0:36:58:e6:a7:
                    0a:40:3e:33:f1:eb:48:c1:5d:25:50:60:2f:43:a4:
                    59:69:a7:11:df:e3:9e:79:54:0f:bf:6a:20:35:d3:
                    87:8a:73:35:64:96:12:17:4c:a7:09:2a:96:c8:2a:
                    f4:de:4e:34:36:50:19:3a:39:01:93:f1:69:67:0b:
                    fe:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:63:19:78:34:34:FC:5F:9B:D9:A2:0B:04:79:8A:10:78:A7:24:CD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da395588-d89b-4035-b834-7552c1e5a259.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.223.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:07:d9:9e:1c:cd:c7:71:8d:59:b1:90:c8:5d:b2:03:7b:dc:
         2c:66:ba:91:0a:49:15:ba:4c:bb:24:d0:0d:92:10:ef:13:4c:
         a6:16:12:6a:32:ab:40:c4:37:3e:86:e5:43:0d:9c:4b:60:1c:
         35:be:62:61:e7:97:48:b2:90:e3:43:5b:5a:94:5b:3f:a0:04:
         b1:b0:c9:5a:a9:17:3c:5e:d6:9e:71:d8:9a:1a:ce:0e:89:9d:
         f1:7e:6e:08:a0:d2:de:35:80:0e:61:e7:ec:46:42:71:ab:2f:
         fb:f7:b9:c7:d1:e8:05:d9:11:41:dc:a1:64:d8:fe:d0:d3:fc:
         2a:c9:8b:91:df:3a:dc:41:1e:0a:56:8a:c9:6b:03:e4:81:7f:
         51:c3:2e:49:af:ce:db:0a:64:77:d4:16:0c:a7:cc:24:91:57:
         a9:85:d6:f4:07:a4:af:01:68:da:ad:15:f1:7e:12:cb:b1:3a:
         27:cd:15:6f:57:30:60:ca:79:ec:fc:9a:58:22:98:a4:25:53:
         ae:3a:21:74:57:1f:d3:cf:e9:a2:7c:ba:bc:d4:9b:4c:38:ff:
         a2:e3:50:85:3b:07:44:8c:e9:f8:95:f6:2f:3a:a8:34:08:cb:
         73:ec:2f:34:21:8d:08:b2:ce:eb:9d:50:f1:64:6a:c5:0f:79:
         b0:19:a9:b8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURaLfXY7Ab0XdEMCi/9fRcaYTFEUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAwMDEzWhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0AyYWMyYWYwMGE0NjdmOGNiOTFjMDQxNWZiYjAwZDUxZGMy
NmZhNjZmN2QyMWQ5OGJjZThjMmRkZGVhZTIxYzZiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbiNsH8habB5l7fvYRrRtbtjSSKgPfEzXHTT2HFKIKvRAz
8QbkjFAQzTiaDMRN/wFz6v+vCEwY7JMwBI7rbl+ajjH5Tfv2/yuU8uvOZaEA3QIT
tKZ+mKHekzFpyQIE5e6bMdl8pCb1AlXoridPKdJ5YSJoEqiXnEFt7JIvTTBs/pgj
CNzia71g4b4eTca8/B91PUm/LcHPY/sMVLW7HXPOxCtypXSErlucZwGxAY/YYPnu
WOMJ6rmhdStkpj3gNljmpwpAPjPx60jBXSVQYC9DpFlppxHf4555VA+/aiA104eK
czVklhIXTKcJKpbIKvTeTjQ2UBk6OQGT8WlnC/7VAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUB2MZeDQ0/F+b2aILBHmKEHinJM0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RhMzk1NTg4LWQ4OWItNDAzNS1iODM0LTc1NTJjMWU1YTI1OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABM36gwDQYJKoZIhvcNAQELBQADggEBADsH2Z4czcdxjVmxkMhdsgN73Cxm
upEKSRW6TLsk0A2SEO8TTKYWEmoyq0DENz6G5UMNnEtgHDW+YmHnl0iykONDW1qU
Wz+gBLGwyVqpFzxe1p5x2Joazg6JnfF+bgig0t41gA5h5+xGQnGrL/v3ucfR6AXZ
EUHcoWTY/tDT/CrJi5HfOtxBHgpWislrA+SBf1HDLkmvztsKZHfUFgynzCSRV6mF
1vQHpK8BaNqtFfF+EsuxOifNFW9XMGDKeez8mlgimKQlU646IXRXH9PP6aJ8urzU
m0w4/6LjUIU7B0SM6fiV9i86qDQIy3PsLzQhjQiyzuudUPFkasUPebAZqbg=
-----END CERTIFICATE-----