Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1923a56c-3eda-41d9-895a-e345ae9611d0.roa
File:                     1923a56c-3eda-41d9-895a-e345ae9611d0.roa (raw, json)
Hash identifier:          gkZIP/gA1bTJnqNHzokezhXFk5jERrRpJ7qL9hIeXmQ=
Subject key identifier:   58:05:DA:96:79:1A:A3:0C:E8:D6:2B:26:81:FB:0A:83:E4:E6:E4:F7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3700F1087E5EAF8759CB891545C1FCA4C9A91005
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1923a56c-3eda-41d9-895a-e345ae9611d0.roa
Signing time:             Wed 01 Oct 2025 00:52:07 +0000
ROA not before:           Wed 01 Oct 2025 00:52:07 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        76.205.64.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:00:f1:08:7e:5e:af:87:59:cb:89:15:45:c1:fc:a4:c9:a9:10:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:52:07 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=1f7fda7f88c77ea4fbf11b271ca014c34b260807315ecd55f5caf7e7929b7439, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:13:77:3c:d3:eb:9f:f3:4a:fa:20:a2:6e:2e:
                    12:a9:24:c1:49:9b:6f:5e:32:e0:27:63:4f:ea:cb:
                    b0:9d:ce:38:a4:b1:4a:18:81:e3:10:d1:11:f8:a7:
                    ca:2a:10:54:9d:2f:2e:f2:7a:ec:b1:99:ea:bc:b9:
                    ff:43:c6:04:d3:4b:f6:64:b4:0d:73:4a:cb:29:26:
                    27:26:07:ac:fc:1d:03:36:d9:d6:85:fc:f6:38:a4:
                    7a:14:74:01:ac:e3:1b:a7:49:67:60:38:b8:d9:5a:
                    20:e1:fa:d1:a4:b7:b8:07:39:10:aa:ef:8b:43:51:
                    7e:ac:3f:a2:9c:8e:48:a7:9c:e8:cb:87:b8:f8:ae:
                    38:91:2a:55:f6:59:76:31:ab:79:df:a4:80:66:3e:
                    98:01:bd:db:e4:c8:19:12:e6:a9:df:7d:55:02:b0:
                    1d:b3:e8:6a:ef:11:a6:9c:21:d9:57:56:74:a8:f1:
                    72:02:db:cd:fa:3e:df:36:b5:dd:04:5f:ca:e3:e6:
                    ca:b2:3d:2b:9f:41:df:8f:0c:e7:f5:ab:5d:f0:66:
                    c9:2e:dd:cf:bf:d5:bf:58:ba:98:eb:9b:d4:6c:80:
                    be:86:51:5d:90:48:1b:d4:3f:c2:be:cf:0a:54:68:
                    df:9c:14:ce:4b:6a:66:33:40:6f:62:ba:44:c5:d1:
                    9b:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:05:DA:96:79:1A:A3:0C:E8:D6:2B:26:81:FB:0A:83:E4:E6:E4:F7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1923a56c-3eda-41d9-895a-e345ae9611d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.205.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         b8:ea:d5:62:aa:5a:81:ef:0a:ea:fb:35:9a:8c:37:4e:2b:c9:
         37:6e:e7:9f:f0:62:5d:11:73:15:f7:25:43:f8:29:2b:2f:b9:
         e5:b6:79:d3:18:f1:d6:e6:e3:40:87:ea:bf:3b:c8:36:79:d0:
         4a:d9:a9:3a:78:da:23:52:2e:51:80:a0:3a:3d:f0:ed:ed:f3:
         71:f4:8a:de:23:05:28:c9:96:ff:93:25:99:82:7d:67:37:e0:
         b6:7c:be:f2:9e:73:50:99:56:69:c8:f7:1b:04:73:3f:bb:47:
         6c:6a:6c:ae:26:3e:ac:64:af:1e:49:c5:9e:ae:ac:97:5d:14:
         85:59:32:a1:77:bb:8f:d1:36:71:a5:b3:e3:b8:e7:95:d2:68:
         fd:ca:60:01:7c:2f:65:c8:fb:86:f1:1e:15:65:ce:78:62:64:
         80:c0:b0:63:bf:80:66:c2:68:05:ff:be:fc:66:7a:f9:27:ec:
         ee:87:aa:f1:44:2c:c4:f0:fd:1f:b8:77:cc:35:7e:32:93:4b:
         a5:91:f9:7d:68:a2:5c:c3:70:3d:16:34:34:20:23:b0:04:06:
         0e:88:94:7b:ab:d1:42:6b:53:0c:a6:3f:1e:86:37:6a:35:b3:
         d0:31:4e:ba:7e:a1:0f:9c:f5:7a:9c:41:9e:8e:79:10:8a:28:
         a6:21:d3:0e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNwDxCH5er4dZy4kVRcH8pMmpEAUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDA1MjA3WhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZjdmZGE3Zjg4Yzc3ZWE0ZmJmMTFiMjcxY2EwMTRjMzRi
MjYwODA3MzE1ZWNkNTVmNWNhZjdlNzkyOWI3NDM5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmE3c80+uf80r6IKJuLhKpJMFJm29eMuAnY0/qy7Cdzjik
sUoYgeMQ0RH4p8oqEFSdLy7yeuyxmeq8uf9DxgTTS/ZktA1zSsspJicmB6z8HQM2
2daF/PY4pHoUdAGs4xunSWdgOLjZWiDh+tGkt7gHORCq74tDUX6sP6KcjkinnOjL
h7j4rjiRKlX2WXYxq3nfpIBmPpgBvdvkyBkS5qnffVUCsB2z6GrvEaacIdlXVnSo
8XIC2836Pt82td0EX8rj5sqyPSufQd+PDOf1q13wZsku3c+/1b9Yupjrm9RsgL6G
UV2QSBvUP8K+zwpUaN+cFM5LamYzQG9iukTF0ZvFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWAXalnkaowzo1ismgfsKg+Tm5PcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE5MjNhNTZjLTNlZGEtNDFkOS04OTVhLWUzNDVhZTk2MTFkMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZMzUAwDQYJKoZIhvcNAQELBQADggEBALjq1WKqWoHvCur7NZqMN04ryTdu
55/wYl0RcxX3JUP4KSsvueW2edMY8dbm40CH6r87yDZ50ErZqTp42iNSLlGAoDo9
8O3t83H0it4jBSjJlv+TJZmCfWc34LZ8vvKec1CZVmnI9xsEcz+7R2xqbK4mPqxk
rx5JxZ6urJddFIVZMqF3u4/RNnGls+O455XSaP3KYAF8L2XI+4bxHhVlznhiZIDA
sGO/gGbCaAX/vvxmevkn7O6HqvFELMTw/R+4d8w1fjKTS6WR+X1oolzDcD0WNDQg
I7AEBg6IlHur0UJrUwymPx6GN2o1s9AxTrp+oQ+c9XqcQZ6OeRCKKKYh0w4=
-----END CERTIFICATE-----