Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f9ec487-664e-4418-bc4a-75e8cb6cc751.roa
File:                     2f9ec487-664e-4418-bc4a-75e8cb6cc751.roa (raw, json)
Hash identifier:          wxnD31xoKiTqjt0wrhi7DvFF1i56RgZSTIbQ5Waclsg=
Subject key identifier:   EA:41:B3:BC:DE:65:BA:AD:C1:91:0B:6C:51:EB:84:8D:8F:2D:C0:3D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4DD3557479765FDDAC1BF9A2D49D875E70682A6D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f9ec487-664e-4418-bc4a-75e8cb6cc751.roa
Signing time:             Tue 14 Oct 2025 00:43:21 +0000
ROA not before:           Tue 14 Oct 2025 00:43:21 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        130.176.138.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:d3:55:74:79:76:5f:dd:ac:1b:f9:a2:d4:9d:87:5e:70:68:2a:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 00:43:21 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=6c9457f239fc0b067dce4baf58e87a64d83706ab233b7d6656691181d88bb545, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:1f:58:d7:6d:86:da:00:a8:3b:2c:5b:d1:83:
                    58:91:8a:ab:33:51:8f:1d:8e:25:1c:90:9b:63:ea:
                    3a:6e:d6:fb:cd:1c:e2:0f:b5:da:59:73:16:93:b5:
                    6e:40:b5:6a:08:19:58:19:14:37:5c:6a:e9:8d:c0:
                    a5:40:e6:f3:06:0d:41:41:7f:f4:56:f9:1f:2b:b7:
                    31:d9:13:ea:c0:9a:a0:a4:80:95:fc:71:58:87:b8:
                    ba:f0:4b:03:31:d3:37:02:bf:75:af:7f:bb:60:51:
                    a8:bd:80:c7:08:b0:97:8a:cd:e1:32:8b:77:6f:c7:
                    9d:1c:71:f8:57:d3:28:a5:8a:98:a2:d6:71:0e:36:
                    d5:b2:08:97:85:aa:51:1a:76:af:9b:61:22:75:31:
                    28:4d:02:fa:92:37:1c:42:a2:5f:5f:45:04:2f:83:
                    e5:2c:59:1f:b7:fa:de:11:ea:7b:84:0d:0c:f8:6f:
                    9f:eb:cd:82:94:8c:eb:33:d1:72:c4:c4:d6:6c:d1:
                    4e:49:3e:f8:28:a1:60:11:13:0f:09:f5:90:ad:79:
                    41:1e:cd:04:68:0b:e2:75:0f:f6:57:cf:ce:18:ee:
                    ae:9c:5d:08:6d:a2:bd:de:dd:58:23:d9:fb:11:21:
                    5f:8b:f6:ea:2b:95:82:1d:39:2e:75:59:87:11:c1:
                    2c:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:41:B3:BC:DE:65:BA:AD:C1:91:0B:6C:51:EB:84:8D:8F:2D:C0:3D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f9ec487-664e-4418-bc4a-75e8cb6cc751.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.176.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:76:ff:38:bb:4e:60:fc:14:bb:70:bd:cd:00:14:53:90:ba:
         36:82:9d:14:6a:80:d8:70:2a:42:03:28:39:88:b6:ee:9f:62:
         5f:5a:d6:f6:59:31:98:e7:85:63:7b:1d:a8:a2:91:ff:78:bb:
         a6:79:9b:1c:c5:c7:d4:05:61:48:73:82:b8:aa:84:95:de:a7:
         c7:e4:3c:cf:0a:83:79:b5:a9:8a:e2:a3:71:14:19:e9:3d:a5:
         c6:b4:78:ba:d6:0d:e9:96:52:81:af:95:77:33:33:48:e4:98:
         89:4d:34:d3:a4:6d:19:d4:3b:6c:10:97:fa:4c:a9:a4:06:a5:
         cf:ef:d4:7a:5f:0e:85:2e:18:b8:98:05:0c:02:fc:2b:ff:79:
         22:6e:09:25:c7:17:d5:60:3e:9b:a8:9a:7f:27:b7:36:56:5e:
         8d:53:53:eb:09:59:f7:29:b4:d8:45:09:22:52:dc:03:bb:d6:
         c8:55:9d:af:71:5d:1e:45:6f:d5:f9:8a:27:8b:84:7f:9a:d0:
         cd:13:fa:bc:58:7b:0c:1d:09:83:42:7a:1f:6e:e1:65:bd:2b:
         42:8b:90:37:a0:19:db:2c:53:1c:19:0e:e5:65:b1:59:e3:f3:
         b7:4b:2c:74:75:13:07:98:ba:85:30:e7:74:ab:fd:d6:e2:8a:
         68:8d:8f:b1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTdNVdHl2X92sG/mi1J2HXnBoKm0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MDA0MzIxWhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A2Yzk0NTdmMjM5ZmMwYjA2N2RjZTRiYWY1OGU4N2E2NGQ4
MzcwNmFiMjMzYjdkNjY1NjY5MTE4MWQ4OGJiNTQ1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWH1jXbYbaAKg7LFvRg1iRiqszUY8djiUckJtj6jpu1vvN
HOIPtdpZcxaTtW5AtWoIGVgZFDdcaumNwKVA5vMGDUFBf/RW+R8rtzHZE+rAmqCk
gJX8cViHuLrwSwMx0zcCv3Wvf7tgUai9gMcIsJeKzeEyi3dvx50ccfhX0yilipii
1nEONtWyCJeFqlEadq+bYSJ1MShNAvqSNxxCol9fRQQvg+UsWR+3+t4R6nuEDQz4
b5/rzYKUjOsz0XLExNZs0U5JPvgooWAREw8J9ZCteUEezQRoC+J1D/ZXz84Y7q6c
XQhtor3e3Vgj2fsRIV+L9uorlYIdOS51WYcRwSwlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6kGzvN5luq3BkQtsUeuEjY8twD0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJmOWVjNDg3LTY2NGUtNDQxOC1iYzRhLTc1ZThjYjZjYzc1MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACCsIowDQYJKoZIhvcNAQELBQADggEBAGV2/zi7TmD8FLtwvc0AFFOQujaC
nRRqgNhwKkIDKDmItu6fYl9a1vZZMZjnhWN7Haiikf94u6Z5mxzFx9QFYUhzgriq
hJXep8fkPM8Kg3m1qYrio3EUGek9pca0eLrWDemWUoGvlXczM0jkmIlNNNOkbRnU
O2wQl/pMqaQGpc/v1HpfDoUuGLiYBQwC/Cv/eSJuCSXHF9VgPpuomn8ntzZWXo1T
U+sJWfcptNhFCSJS3AO71shVna9xXR5Fb9X5iieLhH+a0M0T+rxYewwdCYNCeh9u
4WW9K0KLkDegGdssUxwZDuVlsVnj87dLLHR1EweYuoUw53Sr/dbiimiNj7E=
-----END CERTIFICATE-----