Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2017c636-3c80-4aff-817c-ddf18477cc2b.roa
File:                     2017c636-3c80-4aff-817c-ddf18477cc2b.roa (raw, json)
Hash identifier:          8Bp19Pe/HOn3llmK0b/qw1H/3/oUnD01hmgQ7jgrqVQ=
Subject key identifier:   28:E4:8C:59:3E:25:07:E4:8E:BE:3A:1E:3F:48:CC:F3:C9:9C:80:75
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6D47D382594839336B2F01105E03673E557E71F7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2017c636-3c80-4aff-817c-ddf18477cc2b.roa
Signing time:             Tue 14 Oct 2025 00:41:58 +0000
ROA not before:           Tue 14 Oct 2025 00:41:58 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        130.176.239.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:47:d3:82:59:48:39:33:6b:2f:01:10:5e:03:67:3e:55:7e:71:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 00:41:58 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=037866a2e96dd389309fc68554040e0ea87f0d95eb27c5d0fe3e985f2c7427f5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:4e:77:7e:a4:2b:64:08:b5:5a:3e:83:e1:6c:
                    b9:8e:15:3a:5e:55:70:e2:8f:25:69:a8:24:4c:48:
                    f4:34:01:a9:c3:c4:02:a7:93:43:7a:b7:8d:c1:08:
                    9e:ab:33:79:20:57:a6:b4:a0:2c:df:83:0a:02:08:
                    59:31:84:c5:a8:ce:7c:7b:5c:0f:b0:2b:94:f9:5c:
                    3e:b3:5f:08:63:d4:45:68:19:1f:8e:e9:6b:53:ec:
                    6c:50:86:76:73:56:6e:7c:a3:fc:56:f7:6f:9f:d7:
                    11:7a:65:f0:36:e9:ca:ec:60:2c:04:d4:7f:36:aa:
                    e1:09:9c:96:dd:36:6f:cd:41:a6:f8:34:09:73:84:
                    aa:f7:fa:06:e7:50:78:3d:70:e3:82:ab:14:c2:4b:
                    a0:9e:d9:65:36:8d:00:06:e4:03:62:47:01:91:99:
                    50:a1:48:c6:23:26:f6:ff:64:71:fb:63:65:ce:68:
                    32:25:ab:ae:0b:3d:4c:cf:25:0c:f6:d9:6f:ec:d9:
                    6f:e2:9f:a5:62:05:f0:50:ca:5c:35:f7:92:20:ca:
                    7b:94:07:1a:5a:ef:f6:23:08:7e:6a:fd:ca:dd:ed:
                    e5:74:a3:3e:94:22:b8:2b:1d:dd:49:e6:7a:ca:f7:
                    35:ae:3a:c0:a9:0a:c8:33:d6:d2:3d:b5:35:c0:e7:
                    f6:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:E4:8C:59:3E:25:07:E4:8E:BE:3A:1E:3F:48:CC:F3:C9:9C:80:75
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2017c636-3c80-4aff-817c-ddf18477cc2b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.176.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:f3:d3:c5:51:56:7e:b8:2b:d5:41:65:27:d9:8c:7c:f9:b2:
         78:90:2a:70:73:fb:66:b2:ac:44:16:aa:06:2d:6f:55:ab:a0:
         77:ae:2e:bd:5c:53:ee:a3:80:70:64:49:e1:1d:d9:5a:e1:10:
         a4:30:d6:ca:c5:51:7b:be:71:51:53:4d:b3:7b:32:58:72:76:
         a8:8c:fe:b4:24:01:e2:cf:11:d7:69:6e:f8:1c:5e:7f:a5:b6:
         f6:fa:7a:02:f5:78:39:2f:48:93:e7:0c:72:91:50:87:93:ce:
         8d:f2:53:95:0a:12:1a:06:bd:11:aa:5e:60:26:8b:27:b5:63:
         4f:70:bf:2c:97:7e:e2:6e:b9:f3:0c:2c:a6:0d:3c:5a:43:f1:
         9f:49:20:53:ef:b6:81:0d:d1:c4:66:8b:25:73:19:e8:1d:3d:
         54:00:69:6f:55:54:af:5b:41:c4:0b:1f:71:78:8f:40:dd:42:
         8c:8a:f7:ef:97:8b:67:35:ac:96:12:a1:61:18:26:e4:93:ef:
         30:fb:ab:96:aa:0a:50:eb:f2:e1:a1:ba:cb:59:ea:11:0a:09:
         4e:85:a3:21:f7:19:63:8a:8d:ee:ca:da:ee:9f:b4:59:e3:e6:
         55:b4:64:35:fa:aa:6b:5e:53:ae:ad:04:d8:d8:ca:52:cd:b8:
         e0:cc:d4:19
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbUfTgllIOTNrLwEQXgNnPlV+cfcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MDA0MTU4WhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMzc4NjZhMmU5NmRkMzg5MzA5ZmM2ODU1NDA0MGUwZWE4
N2YwZDk1ZWIyN2M1ZDBmZTNlOTg1ZjJjNzQyN2Y1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCXTnd+pCtkCLVaPoPhbLmOFTpeVXDijyVpqCRMSPQ0AanD
xAKnk0N6t43BCJ6rM3kgV6a0oCzfgwoCCFkxhMWoznx7XA+wK5T5XD6zXwhj1EVo
GR+O6WtT7GxQhnZzVm58o/xW92+f1xF6ZfA26crsYCwE1H82quEJnJbdNm/NQab4
NAlzhKr3+gbnUHg9cOOCqxTCS6Ce2WU2jQAG5ANiRwGRmVChSMYjJvb/ZHH7Y2XO
aDIlq64LPUzPJQz22W/s2W/in6ViBfBQylw195IgynuUBxpa7/YjCH5q/crd7eV0
oz6UIrgrHd1J5nrK9zWuOsCpCsgz1tI9tTXA5/aDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKOSMWT4lB+SOvjoeP0jM88mcgHUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIwMTdjNjM2LTNjODAtNGFmZi04MTdjLWRkZjE4NDc3Y2MyYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACCsO8wDQYJKoZIhvcNAQELBQADggEBAGzz08VRVn64K9VBZSfZjHz5sniQ
KnBz+2ayrEQWqgYtb1WroHeuLr1cU+6jgHBkSeEd2VrhEKQw1srFUXu+cVFTTbN7
MlhydqiM/rQkAeLPEddpbvgcXn+ltvb6egL1eDkvSJPnDHKRUIeTzo3yU5UKEhoG
vRGqXmAmiye1Y09wvyyXfuJuufMMLKYNPFpD8Z9JIFPvtoEN0cRmiyVzGegdPVQA
aW9VVK9bQcQLH3F4j0DdQoyK9++Xi2c1rJYSoWEYJuST7zD7q5aqClDr8uGhustZ
6hEKCU6FoyH3GWOKje7K2u6ftFnj5lW0ZDX6qmteU66tBNjYylLNuODM1Bk=
-----END CERTIFICATE-----