Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/470cece1-c07f-41b4-a7bb-a332605350ab.roa
File:                     470cece1-c07f-41b4-a7bb-a332605350ab.roa (raw, json)
Hash identifier:          ZTggsjwhOru+Ob87Ha27n+S27cOERkYO26VEzQriiB8=
Subject key identifier:   C1:63:0F:A7:D6:F8:01:31:42:A0:31:5B:AF:B5:85:79:EF:0F:D9:FC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3B4BEE51658933A87024CA7E2EABBE8B25AA9EFD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/470cece1-c07f-41b4-a7bb-a332605350ab.roa
Signing time:             Tue 14 Oct 2025 15:40:47 +0000
ROA not before:           Tue 14 Oct 2025 15:40:47 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        130.176.240.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:4b:ee:51:65:89:33:a8:70:24:ca:7e:2e:ab:be:8b:25:aa:9e:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 15:40:47 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=b29571beceef9403fb0e4cf60a2d9f5afa46ecc984e707895b11cc134bec8174, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d6:3a:85:66:81:87:aa:31:50:23:92:b1:8a:
                    1d:74:68:c2:07:d6:3f:3b:7d:c6:6b:6f:a7:21:f5:
                    07:74:56:4e:da:7d:5c:48:68:8a:c1:f0:63:1a:e2:
                    fa:71:2c:33:fe:3a:c1:4f:d9:54:46:92:ac:64:cc:
                    69:87:59:e3:90:6f:19:2f:96:dd:93:d3:e2:59:12:
                    28:fd:ff:40:c2:a5:0f:5e:b3:75:33:46:8b:a0:74:
                    13:2e:48:e3:1c:8c:fd:03:02:30:24:3b:e6:60:e8:
                    6b:ed:59:6c:63:33:26:84:cd:0f:fa:6a:ee:f2:65:
                    66:ec:f6:6a:29:91:44:d2:32:a9:aa:c8:d3:af:dd:
                    77:91:ae:f2:5f:cb:e8:5a:b5:80:8c:2a:be:b4:b0:
                    ec:3a:62:a6:0c:be:ee:0f:57:58:33:bd:1a:2f:ea:
                    15:c4:b8:fb:7e:8c:42:62:d2:91:5f:71:eb:b9:a4:
                    61:b4:0c:47:67:e7:38:19:a6:ff:6b:32:b0:7b:74:
                    84:2d:e7:a9:46:3d:4a:33:a3:21:3d:ad:6a:a3:ee:
                    f9:00:78:ac:9e:4e:61:25:c0:e7:3d:eb:96:4a:d7:
                    38:58:13:44:5f:7d:0f:0d:d0:7e:7c:63:47:85:1b:
                    e5:bf:74:99:41:ea:49:ec:71:df:d0:ec:b2:86:1d:
                    a8:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:63:0F:A7:D6:F8:01:31:42:A0:31:5B:AF:B5:85:79:EF:0F:D9:FC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/470cece1-c07f-41b4-a7bb-a332605350ab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.176.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:da:09:ff:d7:b7:d4:93:13:ff:64:da:36:2b:f5:fe:f5:d7:
         c2:e5:6d:72:83:ba:f5:e7:c1:72:0d:04:0f:08:3b:c3:33:a9:
         02:75:76:02:d0:b6:0a:a3:cf:35:cd:c1:a8:f2:eb:22:b1:d9:
         3f:fc:63:ca:03:cd:32:cc:16:4b:9f:8f:57:b2:14:38:99:78:
         ad:f4:ca:5b:18:5d:67:a3:62:f4:d5:48:06:57:49:bf:04:2c:
         39:26:bd:4d:35:d0:ea:07:9f:0e:cc:e6:44:e2:12:25:9b:8a:
         c2:90:dc:d5:58:3f:63:7f:db:bb:fd:ea:0d:94:51:bc:0e:2e:
         c0:51:48:94:c1:d3:2b:49:02:50:1e:d2:f4:0d:5f:35:3c:aa:
         60:2a:90:16:28:94:2c:81:ab:81:c3:18:91:e1:ff:fc:31:45:
         b7:c5:3b:26:14:3a:45:22:98:ba:47:8f:94:29:40:80:f8:f9:
         9c:19:cd:26:9a:32:ca:bc:7c:c6:da:05:3a:51:a5:63:78:d4:
         39:be:39:99:b1:8a:4e:e7:8c:33:2e:6f:e8:40:3e:bd:a9:9e:
         c5:cf:f3:d0:42:e7:fa:c4:7a:2c:8b:4e:b0:48:d2:d9:43:3b:
         73:c4:35:8c:94:e2:3f:1a:f9:49:5c:99:41:e9:3a:44:de:1f:
         ec:2b:de:d3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUO0vuUWWJM6hwJMp+Lqu+iyWqnv0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTU0MDQ3WhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMjk1NzFiZWNlZWY5NDAzZmIwZTRjZjYwYTJkOWY1YWZh
NDZlY2M5ODRlNzA3ODk1YjExY2MxMzRiZWM4MTc0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC51jqFZoGHqjFQI5Kxih10aMIH1j87fcZrb6ch9Qd0Vk7a
fVxIaIrB8GMa4vpxLDP+OsFP2VRGkqxkzGmHWeOQbxkvlt2T0+JZEij9/0DCpQ9e
s3UzRougdBMuSOMcjP0DAjAkO+Zg6GvtWWxjMyaEzQ/6au7yZWbs9mopkUTSMqmq
yNOv3XeRrvJfy+hatYCMKr60sOw6YqYMvu4PV1gzvRov6hXEuPt+jEJi0pFfceu5
pGG0DEdn5zgZpv9rMrB7dIQt56lGPUozoyE9rWqj7vkAeKyeTmElwOc965ZK1zhY
E0RffQ8N0H58Y0eFG+W/dJlB6knscd/Q7LKGHajzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwWMPp9b4ATFCoDFbr7WFee8P2fwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ3MGNlY2UxLWMwN2YtNDFiNC1hN2JiLWEzMzI2MDUzNTBhYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACCsPAwDQYJKoZIhvcNAQELBQADggEBAALaCf/Xt9STE/9k2jYr9f7118Ll
bXKDuvXnwXINBA8IO8MzqQJ1dgLQtgqjzzXNwajy6yKx2T/8Y8oDzTLMFkufj1ey
FDiZeK30ylsYXWejYvTVSAZXSb8ELDkmvU010OoHnw7M5kTiEiWbisKQ3NVYP2N/
27v96g2UUbwOLsBRSJTB0ytJAlAe0vQNXzU8qmAqkBYolCyBq4HDGJHh//wxRbfF
OyYUOkUimLpHj5QpQID4+ZwZzSaaMsq8fMbaBTpRpWN41Dm+OZmxik7njDMub+hA
Pr2pnsXP89BC5/rEeiyLTrBI0tlDO3PENYyU4j8a+UlcmUHpOkTeH+wr3tM=
-----END CERTIFICATE-----