Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43670a2e-057d-42dc-92c9-04d175dba99a.roa
File:                     43670a2e-057d-42dc-92c9-04d175dba99a.roa (raw, json)
Hash identifier:          5c80z8hifTsIrJCqC0wVWz3lVVdjxY1OOJ7fpB6blR8=
Subject key identifier:   77:71:B2:36:69:CC:A6:BE:18:BD:C1:F6:86:64:73:7F:5C:92:2F:C2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2802D49C42EFC4F71CB41AB4FD24CC714D19AA8A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43670a2e-057d-42dc-92c9-04d175dba99a.roa
Signing time:             Tue 14 Oct 2025 00:51:17 +0000
ROA not before:           Tue 14 Oct 2025 00:51:17 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        130.176.56.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:02:d4:9c:42:ef:c4:f7:1c:b4:1a:b4:fd:24:cc:71:4d:19:aa:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 00:51:17 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=1ebc1105d7647ed661b39247dce6896cb5c9f50a7087ebdfad267f3c7a14b063, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:aa:02:ef:b2:e2:71:bb:6f:56:a7:b5:59:e1:
                    33:33:65:21:4c:63:5d:a4:1d:9d:f2:c5:fd:bc:d6:
                    ec:08:44:68:3f:99:74:8e:68:44:8f:d7:56:cd:98:
                    12:1d:d4:9a:dc:a7:5e:dd:42:f5:30:2b:e6:51:4b:
                    34:cb:9d:a4:f8:dd:96:46:ea:32:a3:65:63:54:3a:
                    ad:3f:0f:b3:f3:25:ab:25:93:a2:d4:e7:07:0f:92:
                    27:48:7b:df:69:9e:7e:24:e6:9d:e6:44:19:17:94:
                    60:22:7a:eb:64:97:6e:29:dc:a7:63:45:60:93:08:
                    20:07:a1:69:9d:2f:2f:b9:bc:ae:e2:31:e2:8e:5a:
                    af:14:10:a4:25:88:9c:22:01:d5:dd:3c:47:b3:38:
                    8f:ca:e5:19:b8:69:13:9c:c7:b7:c1:20:8f:cb:06:
                    46:d9:3f:ac:a7:e4:0a:d9:3c:a6:5c:93:7d:ce:15:
                    77:4d:c5:38:8a:5a:29:23:0d:9e:21:58:bf:ed:b7:
                    bd:bd:c9:88:14:b6:8d:6a:d6:c8:50:03:ca:41:16:
                    f4:96:18:03:cb:7f:68:a1:9a:ba:cb:5a:4f:8d:d8:
                    c0:fd:9b:ee:04:9d:0f:d7:1b:6a:05:9d:91:7f:c0:
                    d0:19:58:7f:9f:8d:5b:52:84:f5:6f:69:7b:4d:46:
                    bf:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:71:B2:36:69:CC:A6:BE:18:BD:C1:F6:86:64:73:7F:5C:92:2F:C2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43670a2e-057d-42dc-92c9-04d175dba99a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.176.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:84:e1:e9:fa:0c:19:6b:ec:fa:60:35:a3:11:65:ce:52:83:
         13:77:c6:6c:0b:2a:de:fe:a9:a0:9e:13:c9:60:33:5e:3f:b3:
         a7:62:6c:a4:61:3e:e4:30:78:02:45:75:76:13:ba:4e:fd:c0:
         c5:7c:45:96:69:7b:6c:eb:9d:a6:61:be:52:6a:71:50:4d:58:
         8c:3d:4c:1e:6d:4c:ab:a3:2b:1d:79:f0:20:31:ce:cb:03:5b:
         9b:fd:7b:7a:d3:7c:1e:ec:f6:b8:ac:fb:c1:74:e8:4d:28:0c:
         d0:1a:fa:a6:7f:8c:d2:23:9e:fb:dd:cb:c7:5e:3b:4b:88:a1:
         3b:c8:bf:56:a3:40:88:40:ad:ee:1b:e5:98:52:84:c4:0c:8c:
         aa:81:a0:91:1c:82:bd:31:d5:e4:88:7f:a3:5b:0e:36:6d:13:
         39:85:6b:37:70:d5:d2:59:3a:6e:e7:02:67:74:c0:8c:23:ec:
         2c:df:16:76:2b:51:88:43:d1:a6:43:ad:1e:3d:ef:ed:df:21:
         18:c3:cd:fb:60:f4:27:a0:c2:f7:3d:78:8f:34:28:51:66:a5:
         cd:74:8d:cc:4c:f0:64:28:56:8a:27:55:1e:25:bb:e5:c3:bb:
         2e:26:d3:84:98:7c:10:78:80:61:46:a8:4d:21:3a:91:2e:90:
         81:9c:3c:3c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKALUnELvxPcctBq0/STMcU0ZqoowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MDA1MTE3WhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZWJjMTEwNWQ3NjQ3ZWQ2NjFiMzkyNDdkY2U2ODk2Y2I1
YzlmNTBhNzA4N2ViZGZhZDI2N2YzYzdhMTRiMDYzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDoqgLvsuJxu29Wp7VZ4TMzZSFMY12kHZ3yxf281uwIRGg/
mXSOaESP11bNmBId1Jrcp17dQvUwK+ZRSzTLnaT43ZZG6jKjZWNUOq0/D7PzJasl
k6LU5wcPkidIe99pnn4k5p3mRBkXlGAieutkl24p3KdjRWCTCCAHoWmdLy+5vK7i
MeKOWq8UEKQliJwiAdXdPEezOI/K5Rm4aROcx7fBII/LBkbZP6yn5ArZPKZck33O
FXdNxTiKWikjDZ4hWL/tt729yYgUto1q1shQA8pBFvSWGAPLf2ihmrrLWk+N2MD9
m+4EnQ/XG2oFnZF/wNAZWH+fjVtShPVvaXtNRr/JAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUd3GyNmnMpr4YvcH2hmRzf1ySL8IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQzNjcwYTJlLTA1N2QtNDJkYy05MmM5LTA0ZDE3NWRiYTk5YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACCsDgwDQYJKoZIhvcNAQELBQADggEBAIaE4en6DBlr7PpgNaMRZc5SgxN3
xmwLKt7+qaCeE8lgM14/s6dibKRhPuQweAJFdXYTuk79wMV8RZZpe2zrnaZhvlJq
cVBNWIw9TB5tTKujKx158CAxzssDW5v9e3rTfB7s9ris+8F06E0oDNAa+qZ/jNIj
nvvdy8deO0uIoTvIv1ajQIhAre4b5ZhShMQMjKqBoJEcgr0x1eSIf6NbDjZtEzmF
azdw1dJZOm7nAmd0wIwj7CzfFnYrUYhD0aZDrR497+3fIRjDzftg9Cegwvc9eI80
KFFmpc10jcxM8GQoVoonVR4lu+XDuy4m04SYfBB4gGFGqE0hOpEukIGcPDw=
-----END CERTIFICATE-----