Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/302a0bec-0b10-4c77-b285-d1148e5d4aac.roa
File:                     302a0bec-0b10-4c77-b285-d1148e5d4aac.roa (raw, json)
Hash identifier:          jzj8682j/o1Rn8KK6w3s6H7vOAZy5pSkmvhmen2LD20=
Subject key identifier:   1E:21:61:AE:FC:23:9F:DF:5E:F6:78:24:72:16:C7:55:CC:E2:C2:42
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       579A95DE1C8B5C7ECC0852C80FF1E77851524175
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/302a0bec-0b10-4c77-b285-d1148e5d4aac.roa
Signing time:             Tue 14 Oct 2025 00:41:52 +0000
ROA not before:           Tue 14 Oct 2025 00:41:52 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        130.176.3.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:9a:95:de:1c:8b:5c:7e:cc:08:52:c8:0f:f1:e7:78:51:52:41:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 00:41:52 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=3972271c44198e8fae4e49c930725a6ce326f7d2a4ef56180861e5fac4c23efb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:9c:d3:e4:6a:4a:22:fc:ee:90:4a:45:75:ff:
                    51:ed:42:99:90:09:6c:f0:b9:b9:99:23:71:62:c9:
                    23:1a:6b:b7:ff:a5:0b:88:70:7a:0d:fd:91:36:02:
                    6c:bb:77:b5:ea:ac:6d:f7:f3:42:5e:39:81:2d:7d:
                    bd:55:48:04:5f:f3:6e:67:0f:02:31:2d:13:7a:06:
                    d3:95:22:98:14:9b:e9:9c:81:7b:40:79:a7:e6:14:
                    ca:9b:50:b9:9e:65:01:92:67:81:57:03:42:81:b6:
                    10:28:67:c1:25:9d:a9:db:90:78:c0:89:41:b8:73:
                    41:4b:6a:33:43:74:1f:bf:ef:e5:b1:1e:dd:3a:d1:
                    a3:7e:a7:ce:61:e0:f7:a2:9f:30:9d:49:f8:cf:50:
                    22:18:f0:e9:da:a3:0a:6b:70:ff:95:ec:46:3c:3f:
                    95:f6:6d:0e:ff:6f:5e:9a:e5:10:4a:3b:ba:78:a7:
                    8f:79:ac:fa:85:1a:c3:0e:1f:d3:a8:c6:cd:a7:28:
                    3a:24:97:7a:22:4c:18:f4:97:de:de:56:94:ab:d8:
                    c9:84:aa:16:91:8f:4f:25:6e:79:99:f4:ad:c7:ab:
                    f9:52:e2:58:3a:6e:c9:63:ef:22:5b:b3:ac:8c:9d:
                    f8:90:23:cd:c9:c8:87:96:e9:35:0f:e9:91:9a:92:
                    00:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:21:61:AE:FC:23:9F:DF:5E:F6:78:24:72:16:C7:55:CC:E2:C2:42
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/302a0bec-0b10-4c77-b285-d1148e5d4aac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.176.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:e2:f3:08:ea:2b:09:34:80:b0:94:56:66:5b:7e:1f:3a:7b:
         6e:e4:61:cb:ec:d1:61:6d:b1:1f:dc:9c:32:73:ee:55:ec:af:
         de:69:98:ba:b6:24:48:8f:12:92:de:61:dd:58:5c:b3:81:ae:
         c3:46:49:e5:68:05:24:b1:19:50:8c:24:ea:30:fa:7a:51:f4:
         f3:f4:e9:b6:6a:89:71:fe:94:a7:52:c5:db:fc:99:68:b5:2f:
         bb:da:ca:b2:4e:99:84:cc:61:39:4c:46:19:41:f6:cf:54:7d:
         af:32:db:f1:c5:97:cd:50:2d:91:c0:a3:4a:08:33:79:59:7d:
         8f:c1:8a:1c:2c:26:a8:7d:94:37:42:a0:c4:41:89:74:e1:c7:
         65:3a:8e:b3:04:b9:5f:83:6e:06:f0:36:db:dd:0f:f6:57:5c:
         98:fe:40:bf:90:6b:da:3b:47:94:20:81:c7:a6:c9:6e:24:a4:
         bf:a7:e3:b4:ea:db:d0:d2:4a:d5:c4:3a:5a:74:b8:e2:b2:50:
         ca:40:50:cf:00:6b:3d:02:f5:eb:48:70:f8:f7:c4:71:df:a0:
         0c:da:4c:be:3d:1c:26:cb:32:76:49:15:ea:75:29:48:4b:87:
         e4:fa:5d:a1:b9:98:2b:e5:ef:9f:46:ba:9a:66:13:4c:87:ce:
         e0:e7:5d:9d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUV5qV3hyLXH7MCFLID/HneFFSQXUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MDA0MTUyWhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzOTcyMjcxYzQ0MTk4ZThmYWU0ZTQ5YzkzMDcyNWE2Y2Uz
MjZmN2QyYTRlZjU2MTgwODYxZTVmYWM0YzIzZWZiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTnNPkakoi/O6QSkV1/1HtQpmQCWzwubmZI3FiySMaa7f/
pQuIcHoN/ZE2Amy7d7XqrG3380JeOYEtfb1VSARf825nDwIxLRN6BtOVIpgUm+mc
gXtAeafmFMqbULmeZQGSZ4FXA0KBthAoZ8ElnanbkHjAiUG4c0FLajNDdB+/7+Wx
Ht060aN+p85h4PeinzCdSfjPUCIY8OnaowprcP+V7EY8P5X2bQ7/b16a5RBKO7p4
p495rPqFGsMOH9Ooxs2nKDokl3oiTBj0l97eVpSr2MmEqhaRj08lbnmZ9K3Hq/lS
4lg6bslj7yJbs6yMnfiQI83JyIeW6TUP6ZGakgBpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHiFhrvwjn99e9ngkchbHVcziwkIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMwMmEwYmVjLTBiMTAtNGM3Ny1iMjg1LWQxMTQ4ZTVkNGFhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACCsAMwDQYJKoZIhvcNAQELBQADggEBAAvi8wjqKwk0gLCUVmZbfh86e27k
Ycvs0WFtsR/cnDJz7lXsr95pmLq2JEiPEpLeYd1YXLOBrsNGSeVoBSSxGVCMJOow
+npR9PP06bZqiXH+lKdSxdv8mWi1L7vayrJOmYTMYTlMRhlB9s9Ufa8y2/HFl81Q
LZHAo0oIM3lZfY/BihwsJqh9lDdCoMRBiXThx2U6jrMEuV+DbgbwNtvdD/ZXXJj+
QL+Qa9o7R5QggcemyW4kpL+n47Tq29DSStXEOlp0uOKyUMpAUM8Aaz0C9etIcPj3
xHHfoAzaTL49HCbLMnZJFep1KUhLh+T6XaG5mCvl759GuppmE0yHzuDnXZ0=
-----END CERTIFICATE-----