Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e71dac1d-7e4c-4d19-8ca9-0a142705ffad.roa
File:                     e71dac1d-7e4c-4d19-8ca9-0a142705ffad.roa (raw, json)
Hash identifier:          yd7ACsesN73XyXWaN5VmZWpwiC5CFrhgoT3BMd+c+kU=
Subject key identifier:   99:A4:5F:C7:01:29:01:5A:ED:A9:E4:BD:60:E0:F9:F0:F1:D1:D9:AE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3F4567F03412E7FF6199B2A9A8B073B97E477C0A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e71dac1d-7e4c-4d19-8ca9-0a142705ffad.roa
Signing time:             Fri 24 Oct 2025 00:00:23 +0000
ROA not before:           Fri 24 Oct 2025 00:00:23 +0000
ROA not after:            Fri 28 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.10.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:45:67:f0:34:12:e7:ff:61:99:b2:a9:a8:b0:73:b9:7e:47:7c:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 24 00:00:23 2025 GMT
            Not After : Nov 28 23:59:59 2025 GMT
        Subject: serialNumber=03497584658c2d171a5cef35327db1a143088227ace051528d867727ccfa99f3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:3c:7f:02:6b:5c:6c:cd:32:05:b3:91:49:c3:
                    84:eb:2a:5a:07:f2:11:05:66:b4:41:5c:c8:1f:e1:
                    b8:a8:4d:63:77:e2:d8:48:0e:78:88:04:d0:22:1a:
                    ae:d8:66:5a:01:05:ac:a6:fa:4e:ce:5a:7f:23:56:
                    f3:a5:aa:fe:16:92:e8:53:dd:2e:26:7e:a4:36:2c:
                    84:4d:a1:9c:cf:fd:9c:79:58:7f:a1:3d:9f:14:d0:
                    77:ed:64:27:8d:91:87:4a:2e:30:d0:29:ce:3c:60:
                    1d:01:1e:5f:5a:3c:c9:4c:d8:7f:e4:7c:58:05:71:
                    9c:62:11:6a:55:13:ed:6e:0b:42:45:72:24:fb:f2:
                    4b:be:7b:a7:f1:5f:41:4f:c0:de:9e:d6:e1:d5:79:
                    0e:04:af:a1:04:96:23:34:15:53:c7:95:46:50:b8:
                    55:56:62:13:65:e4:82:46:4b:e3:bb:8b:96:89:4e:
                    1b:f7:df:34:63:56:12:fc:84:94:cf:e5:a2:9f:9d:
                    10:01:e2:f6:f9:2c:84:d9:7d:60:d1:e9:5b:f7:ef:
                    2b:12:5f:02:57:59:cd:2f:11:ac:d5:70:61:79:7f:
                    d4:be:44:05:db:a7:e2:cd:3b:18:78:37:2a:51:6a:
                    27:a1:f6:3e:45:3a:f8:4f:a7:6a:2b:26:63:5a:68:
                    83:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:A4:5F:C7:01:29:01:5A:ED:A9:E4:BD:60:E0:F9:F0:F1:D1:D9:AE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e71dac1d-7e4c-4d19-8ca9-0a142705ffad.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.10.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ad:d9:ae:3d:41:b8:1f:e2:13:07:c4:9d:d3:8d:74:a4:3a:64:
         92:89:94:ea:f8:8b:35:93:d2:f3:81:03:0c:9e:b3:e0:10:87:
         e8:f6:6f:30:13:a0:83:1b:03:2e:89:5a:a6:dd:5d:c4:5c:e2:
         d8:53:c5:7e:c7:04:d6:61:cd:56:35:4d:76:47:f0:db:54:28:
         33:55:c3:0f:fe:29:a9:54:d3:34:08:31:4a:fe:c7:0e:8a:58:
         67:bc:9b:8e:d3:ad:08:ed:28:e3:e9:75:e2:72:45:8c:a3:42:
         59:e9:6d:58:4a:24:5e:88:c0:9c:b5:9b:fb:e4:a9:4c:a1:fb:
         be:78:fd:4f:33:b0:81:0d:7a:e3:45:8e:a9:7d:6f:fe:2c:7b:
         20:da:4b:b2:b0:40:5d:16:75:0f:8b:e4:6c:53:0e:2a:5c:d5:
         20:00:96:bc:36:a5:b5:b8:4a:af:af:03:46:07:a7:fa:96:d0:
         cf:7d:42:b5:b0:d8:e7:1c:a5:a8:2c:23:c5:fb:ce:cc:e2:6a:
         9e:87:53:81:81:e4:d7:d7:40:4e:d2:33:f0:72:d8:78:86:91:
         0c:a6:dd:44:0f:be:74:49:6e:94:af:65:08:28:c7:6d:06:22:
         64:a6:b8:3a:97:d1:7c:24:3f:c6:ab:95:8c:2f:2f:fc:84:18:
         43:b9:55:17
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUP0Vn8DQS5/9hmbKpqLBzuX5HfAowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI0MDAwMDIzWhcNMjUxMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMzQ5NzU4NDY1OGMyZDE3MWE1Y2VmMzUzMjdkYjFhMTQz
MDg4MjI3YWNlMDUxNTI4ZDg2NzcyN2NjZmE5OWYzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSPH8Ca1xszTIFs5FJw4TrKloH8hEFZrRBXMgf4bioTWN3
4thIDniIBNAiGq7YZloBBaym+k7OWn8jVvOlqv4WkuhT3S4mfqQ2LIRNoZzP/Zx5
WH+hPZ8U0HftZCeNkYdKLjDQKc48YB0BHl9aPMlM2H/kfFgFcZxiEWpVE+1uC0JF
ciT78ku+e6fxX0FPwN6e1uHVeQ4Er6EEliM0FVPHlUZQuFVWYhNl5IJGS+O7i5aJ
Thv33zRjVhL8hJTP5aKfnRAB4vb5LITZfWDR6Vv37ysSXwJXWc0vEazVcGF5f9S+
RAXbp+LNOxh4NypRaieh9j5FOvhPp2orJmNaaIMnAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUmaRfxwEpAVrtqeS9YOD58PHR2a4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U3MWRhYzFkLTdlNGMtNGQxOS04Y2E5LTBhMTQyNzA1ZmZhZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCICjANBgkqhkiG9w0BAQsFAAOCAQEArdmuPUG4H+ITB8Sd0410pDpkkomU
6viLNZPS84EDDJ6z4BCH6PZvMBOggxsDLolapt1dxFzi2FPFfscE1mHNVjVNdkfw
21QoM1XDD/4pqVTTNAgxSv7HDopYZ7ybjtOtCO0o4+l14nJFjKNCWeltWEokXojA
nLWb++SpTKH7vnj9TzOwgQ1640WOqX1v/ix7INpLsrBAXRZ1D4vkbFMOKlzVIACW
vDaltbhKr68DRgen+pbQz31CtbDY5xylqCwjxfvOzOJqnodTgYHk19dATtIz8HLY
eIaRDKbdRA++dElulK9lCCjHbQYiZKa4OpfRfCQ/xquVjC8v/IQYQ7lVFw==
-----END CERTIFICATE-----