Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3d6c20c8-51a8-4a01-982f-1879ea5a55cb.roa
File:                     3d6c20c8-51a8-4a01-982f-1879ea5a55cb.roa (raw, json)
Hash identifier:          t5R5jf4A+hrcqglbsgA9Xjq5ZyV3QOODWHcyHd44I9g=
Subject key identifier:   BA:C0:24:2D:17:DD:17:7B:8C:E5:77:A0:98:48:34:55:8B:5C:B9:FD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1CB052368D2178F1245509A0488FFC6065022FA4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3d6c20c8-51a8-4a01-982f-1879ea5a55cb.roa
Signing time:             Tue 07 Oct 2025 00:11:46 +0000
ROA not before:           Tue 07 Oct 2025 00:11:46 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.18.140.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:b0:52:36:8d:21:78:f1:24:55:09:a0:48:8f:fc:60:65:02:2f:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:11:46 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=79cf5bde8993d3ebe2ad7b15caf7eda6bb5730c2b50c0dfcc472c8d67d5be7d4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:83:72:42:fb:cc:99:54:c0:0d:e7:53:ea:5a:
                    65:d7:2c:9a:3d:b7:ae:51:b4:9d:1a:61:9f:65:ad:
                    55:b7:7c:74:57:df:14:07:9f:9e:c2:31:90:a8:98:
                    51:f3:6f:cc:31:5b:fc:53:5e:3f:49:0c:82:a0:93:
                    62:ca:04:2d:2e:3a:f5:bc:fc:0d:b5:1c:0f:03:0b:
                    f2:4c:85:19:cb:b4:c5:6d:40:9e:09:2a:c0:58:bc:
                    95:f2:73:0c:6d:b8:9c:f9:1b:7a:e3:82:18:9e:30:
                    57:88:3d:9a:bc:25:39:89:28:8c:b9:4e:be:95:e8:
                    1f:06:46:2d:a2:04:0d:a5:50:3b:5b:a1:2f:a8:4c:
                    95:ca:bf:3f:26:72:94:35:28:41:ca:01:b6:3f:ba:
                    a6:0a:55:7e:dd:df:3c:a8:fb:77:e5:75:67:56:53:
                    cd:65:07:ed:eb:ff:b4:5e:6e:67:a9:ec:68:bd:1c:
                    b1:d4:7c:22:fe:ae:14:05:cd:48:ae:55:cf:9c:fd:
                    49:86:d4:a1:7b:59:f1:00:aa:bd:f4:20:f9:41:73:
                    07:02:97:70:4f:0d:9d:da:5f:b4:04:28:83:21:2e:
                    2b:f7:32:31:70:6f:e5:7e:ea:e4:1f:f6:af:3c:7e:
                    12:27:99:9d:33:4a:ae:f2:a9:40:05:0a:c0:c4:09:
                    73:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:C0:24:2D:17:DD:17:7B:8C:E5:77:A0:98:48:34:55:8B:5C:B9:FD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3d6c20c8-51a8-4a01-982f-1879ea5a55cb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:80:39:f5:b0:f2:a1:87:2e:bf:4b:a1:7d:ed:d0:ba:06:7a:
         c9:9a:42:57:ae:28:fd:c2:c9:c0:30:5c:24:0a:14:12:85:fd:
         d7:35:e8:a2:cc:9f:96:20:f0:49:9a:09:e7:15:b6:b7:0f:10:
         13:62:9b:ad:20:a1:d3:53:cd:e9:0d:9d:83:f5:60:79:4c:90:
         19:3b:24:23:bf:f4:1a:38:d9:60:78:90:8a:a8:8b:53:a0:03:
         5f:2b:65:d4:4e:65:ce:0c:fa:38:d1:b7:76:4b:e8:2b:07:8c:
         2e:a9:fb:ec:36:3d:07:73:35:67:f1:94:00:86:ae:23:a7:ba:
         93:e6:00:9d:79:32:0f:9f:d6:70:75:91:eb:2d:01:ed:97:29:
         49:f1:99:e5:e0:05:b5:db:6d:1a:aa:5d:9f:03:8c:5e:d9:32:
         a2:31:f3:21:15:30:c2:9c:10:e5:28:32:77:7f:19:30:6e:df:
         86:92:e1:25:36:83:81:69:83:9e:77:04:c7:e8:70:25:45:f3:
         c8:48:2b:26:b4:ec:59:9f:6d:09:28:53:26:d8:a7:ab:82:93:
         bf:df:7b:05:24:30:5c:78:43:95:0a:36:96:e7:10:28:d9:70:
         c2:60:1f:0b:07:bb:22:85:b1:e8:58:00:7f:7a:3c:1f:27:ec:
         87:98:10:40
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHLBSNo0hePEkVQmgSI/8YGUCL6QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDAxMTQ2WhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0A3OWNmNWJkZTg5OTNkM2ViZTJhZDdiMTVjYWY3ZWRhNmJi
NTczMGMyYjUwYzBkZmNjNDcyYzhkNjdkNWJlN2Q0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCXg3JC+8yZVMAN51PqWmXXLJo9t65RtJ0aYZ9lrVW3fHRX
3xQHn57CMZComFHzb8wxW/xTXj9JDIKgk2LKBC0uOvW8/A21HA8DC/JMhRnLtMVt
QJ4JKsBYvJXycwxtuJz5G3rjghieMFeIPZq8JTmJKIy5Tr6V6B8GRi2iBA2lUDtb
oS+oTJXKvz8mcpQ1KEHKAbY/uqYKVX7d3zyo+3fldWdWU81lB+3r/7Rebmep7Gi9
HLHUfCL+rhQFzUiuVc+c/UmG1KF7WfEAqr30IPlBcwcCl3BPDZ3aX7QEKIMhLiv3
MjFwb+V+6uQf9q88fhInmZ0zSq7yqUAFCsDECXMBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUusAkLRfdF3uM5XegmEg0VYtcuf0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNkNmMyMGM4LTUxYTgtNGEwMS05ODJmLTE4NzllYTVhNTVjYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACIEowwDQYJKoZIhvcNAQELBQADggEBALKAOfWw8qGHLr9LoX3t0LoGesma
QleuKP3CycAwXCQKFBKF/dc16KLMn5Yg8EmaCecVtrcPEBNim60godNTzekNnYP1
YHlMkBk7JCO/9Bo42WB4kIqoi1OgA18rZdROZc4M+jjRt3ZL6CsHjC6p++w2PQdz
NWfxlACGriOnupPmAJ15Mg+f1nB1kestAe2XKUnxmeXgBbXbbRqqXZ8DjF7ZMqIx
8yEVMMKcEOUoMnd/GTBu34aS4SU2g4Fpg553BMfocCVF88hIKya07FmfbQkoUybY
p6uCk7/fewUkMFx4Q5UKNpbnECjZcMJgHwsHuyKFsehYAH96PB8n7IeYEEA=
-----END CERTIFICATE-----