Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/55a1b39c-73cf-4a03-a54b-58e8ee77e2c8.roa
File:                     55a1b39c-73cf-4a03-a54b-58e8ee77e2c8.roa (raw, json)
Hash identifier:          ltt1dtYrBXxoa+aLB7ocgfQhKejmh5G04CjVC2Qdn/s=
Subject key identifier:   B0:3E:CC:69:97:DB:21:31:36:6C:08:49:52:6B:92:A5:B4:26:EE:69
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       39AD3754477BB8F0C52C8F156738A79A422B02C0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/55a1b39c-73cf-4a03-a54b-58e8ee77e2c8.roa
Signing time:             Fri 26 Sep 2025 00:42:09 +0000
ROA not before:           Fri 26 Sep 2025 00:42:09 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        76.197.128.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:ad:37:54:47:7b:b8:f0:c5:2c:8f:15:67:38:a7:9a:42:2b:02:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 26 00:42:09 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=8cfd389b7ac0ab5c8f6dfb48658dcfea3e71c41fa810ef6226fec12989a72cf9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:93:aa:e5:9c:1f:e6:71:4a:22:f9:1d:e5:d6:
                    b4:0b:cd:ce:74:ce:70:93:63:43:ce:94:8a:21:43:
                    99:76:ab:a2:7f:97:f2:3b:f9:58:3b:70:43:67:65:
                    4a:49:9c:68:1d:51:e0:93:7b:b9:5f:52:5f:a0:88:
                    a4:a4:4a:1d:a4:a2:df:24:5e:1d:03:93:3f:6f:9e:
                    1b:1e:c5:61:7f:19:4f:01:66:38:2e:16:92:39:2b:
                    4a:ee:4c:81:3e:66:e5:88:c2:d1:03:73:ba:f1:f9:
                    e3:7a:ad:b7:e0:1e:a9:5a:82:42:74:27:14:0e:5a:
                    83:cc:8d:b9:e9:8d:70:b0:34:94:ba:a5:ce:98:6e:
                    d4:5e:1f:57:cb:3a:3d:ab:ae:ab:9f:70:d9:85:4b:
                    dc:ca:b0:ec:cd:5d:45:d3:ef:00:aa:f5:76:a6:d5:
                    64:b1:ae:50:56:ef:72:73:cc:af:41:ec:b0:06:f2:
                    64:15:17:e6:50:74:04:4f:b2:ea:29:30:46:93:48:
                    a6:85:95:f2:fd:10:ae:d3:58:cf:71:d9:43:cb:50:
                    8d:ed:28:fa:7f:79:25:a9:79:e2:76:a2:14:3f:1d:
                    16:29:ad:87:1a:31:cc:d4:77:0b:05:42:e7:6c:46:
                    b9:cf:b0:0a:aa:0c:b9:32:fb:6a:0d:d4:45:91:4f:
                    32:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:3E:CC:69:97:DB:21:31:36:6C:08:49:52:6B:92:A5:B4:26:EE:69
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/55a1b39c-73cf-4a03-a54b-58e8ee77e2c8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.197.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         d7:bd:a8:11:1a:16:c8:9c:8f:15:cc:e9:cd:7a:4e:a6:46:f6:
         7c:98:85:82:54:ff:49:43:ee:23:f1:85:98:11:da:85:2f:88:
         2b:e0:7e:3e:00:a4:d3:a7:6b:a8:44:d3:22:64:30:4e:d2:5d:
         0c:74:7c:df:0f:b3:fa:28:56:88:42:a1:c2:ad:20:c4:ae:4f:
         c0:8e:9d:54:97:6b:b0:6d:04:b2:13:d7:e0:e5:4c:0c:88:77:
         b7:6f:86:9a:1a:c5:2f:81:9c:53:83:ab:36:4f:b0:00:e0:0a:
         b1:03:e2:52:88:b6:6e:ba:ad:1f:35:1f:e7:f1:65:60:ae:4b:
         bd:91:17:df:8e:7b:00:42:7d:f7:c9:67:5d:11:8d:a0:1b:ee:
         0a:03:f6:96:d8:a8:c8:32:a0:6c:45:58:9e:32:d7:c0:c9:dd:
         c1:ca:b9:81:7a:6f:94:36:fe:30:e5:8c:b1:79:15:74:4d:ea:
         be:91:e1:58:98:2f:55:56:18:a4:5e:1b:e2:f8:a9:2e:1f:39:
         4b:65:34:a5:79:1d:01:ba:02:76:c2:20:82:ec:74:f6:af:9b:
         e4:08:d0:4f:16:46:8c:60:c2:32:ac:1a:4a:1c:d4:58:6e:70:
         64:92:e2:34:4d:ee:65:f9:25:b4:32:26:0a:df:76:09:da:30:
         5a:61:b8:21
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOa03VEd7uPDFLI8VZzinmkIrAsAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI2MDA0MjA5WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4Y2ZkMzg5YjdhYzBhYjVjOGY2ZGZiNDg2NThkY2ZlYTNl
NzFjNDFmYTgxMGVmNjIyNmZlYzEyOTg5YTcyY2Y5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXk6rlnB/mcUoi+R3l1rQLzc50znCTY0POlIohQ5l2q6J/
l/I7+Vg7cENnZUpJnGgdUeCTe7lfUl+giKSkSh2kot8kXh0Dkz9vnhsexWF/GU8B
ZjguFpI5K0ruTIE+ZuWIwtEDc7rx+eN6rbfgHqlagkJ0JxQOWoPMjbnpjXCwNJS6
pc6YbtReH1fLOj2rrqufcNmFS9zKsOzNXUXT7wCq9Xam1WSxrlBW73JzzK9B7LAG
8mQVF+ZQdARPsuopMEaTSKaFlfL9EK7TWM9x2UPLUI3tKPp/eSWpeeJ2ohQ/HRYp
rYcaMczUdwsFQudsRrnPsAqqDLky+2oN1EWRTzJxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsD7MaZfbITE2bAhJUmuSpbQm7mkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU1YTFiMzljLTczY2YtNGEwMy1hNTRiLTU4ZThlZTc3ZTJjOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZMxYAwDQYJKoZIhvcNAQELBQADggEBANe9qBEaFsicjxXM6c16TqZG9nyY
hYJU/0lD7iPxhZgR2oUviCvgfj4ApNOna6hE0yJkME7SXQx0fN8Ps/ooVohCocKt
IMSuT8COnVSXa7BtBLIT1+DlTAyId7dvhpoaxS+BnFODqzZPsADgCrED4lKItm66
rR81H+fxZWCuS72RF9+OewBCfffJZ10RjaAb7goD9pbYqMgyoGxFWJ4y18DJ3cHK
uYF6b5Q2/jDljLF5FXRN6r6R4ViYL1VWGKReG+L4qS4fOUtlNKV5HQG6AnbCIILs
dPavm+QI0E8WRoxgwjKsGkoc1FhucGSS4jRN7mX5JbQyJgrfdgnaMFphuCE=
-----END CERTIFICATE-----