Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/347888cb-61ca-4405-8189-2c03a4e05bc6.roa
File:                     347888cb-61ca-4405-8189-2c03a4e05bc6.roa (raw, json)
Hash identifier:          Iz9BLF4crioBF2mCqZV9PE3PuIjbnbiVKeWpNSK+Uds=
Subject key identifier:   BF:51:B0:C3:66:31:6E:D2:4D:42:E7:59:11:A0:27:72:0B:A6:F4:9B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       276E9F5AEC47298C66BEEE79B41B2850384F2862
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/347888cb-61ca-4405-8189-2c03a4e05bc6.roa
Signing time:             Fri 03 Oct 2025 00:41:38 +0000
ROA not before:           Fri 03 Oct 2025 00:41:38 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        76.223.165.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:6e:9f:5a:ec:47:29:8c:66:be:ee:79:b4:1b:28:50:38:4f:28:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:41:38 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=e2eed49c6698548f9ae3a8234d1acbec8d1ca9b4575c15c79bc360973c0799c7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:2d:05:63:79:e9:78:2c:a4:8a:15:61:34:dc:
                    50:55:5e:eb:91:3f:70:38:c9:c3:04:8e:93:a3:88:
                    6f:49:f4:03:a8:ae:7b:b1:73:d8:77:e2:22:08:d8:
                    41:ca:5e:b1:d4:84:4c:b8:f0:b0:e9:de:5b:7b:f5:
                    d4:d5:1b:03:57:fb:aa:9b:6c:7f:19:78:be:72:85:
                    c5:91:b0:e0:91:c3:72:20:81:c1:93:31:5b:db:81:
                    69:31:d4:59:1e:10:94:aa:aa:0e:64:0e:f2:5e:21:
                    74:62:27:57:bd:20:25:da:11:61:f7:cf:e9:ae:51:
                    9f:3e:e9:ab:cb:68:5e:ea:93:cb:34:04:7c:be:52:
                    c4:79:a5:3a:c9:dc:f8:b2:0f:5d:13:26:da:62:29:
                    bd:f7:bb:13:7f:3d:7c:b2:6d:4b:02:45:e1:90:12:
                    80:57:93:27:94:66:48:2a:bc:10:98:60:0c:e0:be:
                    2f:0a:90:79:fc:88:d0:7f:a2:64:7b:45:36:05:9c:
                    c2:81:ad:fb:e6:e4:dc:f0:79:87:c7:08:8d:8d:b8:
                    ec:be:96:5f:3a:97:81:dd:4d:64:97:84:2f:d1:1d:
                    47:82:1a:43:59:93:23:30:eb:a8:e5:c8:0e:23:59:
                    17:80:d4:04:1c:5d:5f:88:74:90:25:41:b0:7b:f4:
                    13:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:51:B0:C3:66:31:6E:D2:4D:42:E7:59:11:A0:27:72:0B:A6:F4:9B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/347888cb-61ca-4405-8189-2c03a4e05bc6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.223.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:f7:1e:b2:c2:32:8a:2c:46:04:4f:4b:95:be:d5:e1:94:67:
         4e:66:8c:2f:b8:cd:41:bd:1d:76:d7:bf:53:7a:46:f1:09:a5:
         cc:a3:82:5b:21:67:90:1c:bc:73:8f:3f:c6:a0:13:a1:ab:a8:
         99:67:85:76:80:aa:61:f2:ae:76:31:51:be:ff:73:d0:a9:c6:
         78:6e:84:88:95:73:47:83:92:43:cd:c8:4e:a2:96:b7:e3:7a:
         54:3e:09:26:0d:52:49:9f:84:6f:15:6e:fd:3f:5c:c9:95:5a:
         51:83:fc:67:89:d7:5b:ea:b2:15:a3:de:2c:94:1b:d7:39:8f:
         d6:ba:7d:59:98:3c:c1:af:e5:45:9a:56:19:5b:08:bf:e6:70:
         ce:eb:07:93:a3:94:e5:05:df:25:cf:1e:43:1a:d3:60:67:1a:
         1f:7f:92:f5:e6:44:2b:0d:eb:1c:ee:26:a0:95:a4:e7:1e:12:
         b4:7f:6f:33:00:30:77:5f:69:69:03:98:17:ae:e7:fc:57:69:
         cf:1c:71:69:80:d3:b0:39:c0:a8:05:a3:5a:1b:43:cc:39:82:
         5c:6a:a3:4d:e6:56:32:51:be:ed:42:6a:89:d0:b7:20:ec:61:
         f2:0c:8a:45:e3:51:28:7b:0d:68:91:d8:31:d7:1a:e4:ea:85:
         77:36:f5:aa
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJ26fWuxHKYxmvu55tBsoUDhPKGIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDA0MTM4WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMmVlZDQ5YzY2OTg1NDhmOWFlM2E4MjM0ZDFhY2JlYzhk
MWNhOWI0NTc1YzE1Yzc5YmMzNjA5NzNjMDc5OWM3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtLQVjeel4LKSKFWE03FBVXuuRP3A4ycMEjpOjiG9J9AOo
rnuxc9h34iII2EHKXrHUhEy48LDp3lt79dTVGwNX+6qbbH8ZeL5yhcWRsOCRw3Ig
gcGTMVvbgWkx1FkeEJSqqg5kDvJeIXRiJ1e9ICXaEWH3z+muUZ8+6avLaF7qk8s0
BHy+UsR5pTrJ3PiyD10TJtpiKb33uxN/PXyybUsCReGQEoBXkyeUZkgqvBCYYAzg
vi8KkHn8iNB/omR7RTYFnMKBrfvm5NzweYfHCI2NuOy+ll86l4HdTWSXhC/RHUeC
GkNZkyMw66jlyA4jWReA1AQcXV+IdJAlQbB79BOdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUv1Gww2YxbtJNQudZEaAncgum9JswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM0Nzg4OGNiLTYxY2EtNDQwNS04MTg5LTJjMDNhNGUwNWJjNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABM36UwDQYJKoZIhvcNAQELBQADggEBALX3HrLCMoosRgRPS5W+1eGUZ05m
jC+4zUG9HXbXv1N6RvEJpcyjglshZ5AcvHOPP8agE6GrqJlnhXaAqmHyrnYxUb7/
c9CpxnhuhIiVc0eDkkPNyE6ilrfjelQ+CSYNUkmfhG8Vbv0/XMmVWlGD/GeJ11vq
shWj3iyUG9c5j9a6fVmYPMGv5UWaVhlbCL/mcM7rB5OjlOUF3yXPHkMa02BnGh9/
kvXmRCsN6xzuJqCVpOceErR/bzMAMHdfaWkDmBeu5/xXac8ccWmA07A5wKgFo1ob
Q8w5glxqo03mVjJRvu1CaonQtyDsYfIMikXjUSh7DWiR2DHXGuTqhXc29ao=
-----END CERTIFICATE-----