Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14c4e7a7-8562-4d0f-abae-93619bdf103a.roa
File:                     14c4e7a7-8562-4d0f-abae-93619bdf103a.roa (raw, json)
Hash identifier:          kcVOB0dDtYSvWL+E+IrsG7XG22PE/agOi8sZ4hXzsVc=
Subject key identifier:   1D:F8:B8:F2:53:95:1E:9B:22:B9:8B:A8:AB:98:E6:FE:F9:2A:28:DF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       13C39A5E121BF3CB0D48A0B0938994A3AF9CF00A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14c4e7a7-8562-4d0f-abae-93619bdf103a.roa
Signing time:             Wed 01 Oct 2025 00:52:48 +0000
ROA not before:           Wed 01 Oct 2025 00:52:48 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        76.238.0.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:c3:9a:5e:12:1b:f3:cb:0d:48:a0:b0:93:89:94:a3:af:9c:f0:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:52:48 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=d2bda5837a9918706a8e3b6d525e9e670d649af54ecb0e46ef361867cd3bda9b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:62:4f:e4:66:cd:f5:90:af:7c:37:e7:16:f8:
                    15:39:94:95:67:58:92:d5:c8:bc:14:5c:76:60:2e:
                    b8:4d:ed:1b:c8:9a:d9:ab:52:e5:02:8e:fe:9b:f8:
                    7e:cc:44:51:bb:7d:82:de:d9:93:02:b6:8e:65:c6:
                    73:89:6e:cb:54:95:28:e8:6d:38:c7:d7:75:03:52:
                    21:fa:bc:34:c4:24:60:71:ac:c7:34:9a:ea:c5:65:
                    91:57:4c:3a:cd:e2:3f:73:a7:a5:28:58:a6:40:a4:
                    fa:f8:c5:5c:fc:c6:5c:f3:8d:f6:25:55:7e:5e:e8:
                    ff:c5:00:52:eb:eb:a1:14:35:57:20:cb:da:13:ab:
                    e7:2f:ac:72:1a:d7:50:9f:b3:1b:9e:62:9f:b8:77:
                    b9:11:1e:9f:13:e2:b8:4d:a7:4a:e5:43:e2:19:66:
                    f0:ca:87:1c:20:48:ce:a9:66:d3:01:a3:21:ce:e6:
                    b3:a2:10:52:d4:f1:91:12:d9:45:60:21:89:8c:ca:
                    9c:1d:df:c5:c9:f9:ae:c0:74:2e:a3:d7:59:2a:5c:
                    b5:d3:14:a4:6c:58:92:6b:69:82:ab:94:d2:88:ed:
                    2e:8d:24:cf:f6:ef:c1:08:7d:2c:f3:4e:8f:85:ee:
                    25:91:33:23:9e:e5:1b:02:52:8b:8a:e5:34:a5:91:
                    40:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:F8:B8:F2:53:95:1E:9B:22:B9:8B:A8:AB:98:E6:FE:F9:2A:28:DF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14c4e7a7-8562-4d0f-abae-93619bdf103a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.238.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         a4:1f:ee:a0:d7:2c:0c:67:a5:72:d9:30:7f:6a:ce:57:9f:91:
         f5:db:7e:ed:e5:e9:ca:24:a8:7b:0f:b9:88:b4:c5:04:52:f7:
         b4:7a:d9:33:e7:05:4f:98:c6:7b:8c:bb:3a:77:40:b0:c1:ac:
         3b:9f:2d:ab:a5:d1:0c:08:aa:68:ff:67:bd:d3:7a:61:d2:e4:
         a9:f2:cc:ef:00:5d:86:19:f7:53:72:7a:45:95:51:9c:33:3a:
         69:09:e4:a1:59:bd:ac:1f:61:0f:41:04:14:cf:fe:3a:e1:ab:
         5d:51:d2:f6:1b:b8:08:22:67:cc:23:60:63:65:58:f0:a3:84:
         00:fc:e7:0d:fd:a5:b8:b3:bc:71:b5:a0:1f:77:a1:18:04:6f:
         b3:5d:15:5f:79:59:d8:9a:cc:39:69:1a:7b:08:f0:c7:54:96:
         a5:dd:f3:0a:58:34:2a:7d:33:9e:8b:8e:23:94:ef:64:c3:ac:
         5c:b7:0c:b9:74:82:bc:33:3c:1e:97:be:93:5b:5e:f4:80:8b:
         79:b4:e1:cf:62:bc:39:c8:e1:a3:6b:96:5d:7d:5e:7b:df:56:
         6e:2a:13:a6:2a:e6:62:7e:9b:f0:27:da:53:3d:56:b5:06:48:
         f5:22:97:57:12:1e:8d:90:ad:17:2b:dc:49:9d:78:68:06:c5:
         d5:ff:40:3b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUE8OaXhIb88sNSKCwk4mUo6+c8AowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDA1MjQ4WhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMmJkYTU4MzdhOTkxODcwNmE4ZTNiNmQ1MjVlOWU2NzBk
NjQ5YWY1NGVjYjBlNDZlZjM2MTg2N2NkM2JkYTliMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuYk/kZs31kK98N+cW+BU5lJVnWJLVyLwUXHZgLrhN7RvI
mtmrUuUCjv6b+H7MRFG7fYLe2ZMCto5lxnOJbstUlSjobTjH13UDUiH6vDTEJGBx
rMc0murFZZFXTDrN4j9zp6UoWKZApPr4xVz8xlzzjfYlVX5e6P/FAFLr66EUNVcg
y9oTq+cvrHIa11CfsxueYp+4d7kRHp8T4rhNp0rlQ+IZZvDKhxwgSM6pZtMBoyHO
5rOiEFLU8ZES2UVgIYmMypwd38XJ+a7AdC6j11kqXLXTFKRsWJJraYKrlNKI7S6N
JM/278EIfSzzTo+F7iWRMyOe5RsCUouK5TSlkUDzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHfi48lOVHpsiuYuoq5jm/vkqKN8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE0YzRlN2E3LTg1NjItNGQwZi1hYmFlLTkzNjE5YmRmMTAzYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZM7gAwDQYJKoZIhvcNAQELBQADggEBAKQf7qDXLAxnpXLZMH9qzlefkfXb
fu3l6cokqHsPuYi0xQRS97R62TPnBU+YxnuMuzp3QLDBrDufLaul0QwIqmj/Z73T
emHS5KnyzO8AXYYZ91NyekWVUZwzOmkJ5KFZvawfYQ9BBBTP/jrhq11R0vYbuAgi
Z8wjYGNlWPCjhAD85w39pbizvHG1oB93oRgEb7NdFV95WdiazDlpGnsI8MdUlqXd
8wpYNCp9M56LjiOU72TDrFy3DLl0grwzPB6XvpNbXvSAi3m04c9ivDnI4aNrll19
XnvfVm4qE6Yq5mJ+m/An2lM9VrUGSPUil1cSHo2QrRcr3EmdeGgGxdX/QDs=
-----END CERTIFICATE-----