Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8a4b8157-155f-49b1-815b-a783006f50ed.roa
File:                     8a4b8157-155f-49b1-815b-a783006f50ed.roa (raw, json)
Hash identifier:          sFknBCH+XK1gMYwwgmYlEJokBRaK1CbKzI7BJFGn504=
Subject key identifier:   34:81:37:88:BF:38:34:FD:D7:91:80:CB:D3:F3:F0:98:6E:68:BF:B1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1F619C509468CAD76638836F72FBC1FF616D047D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8a4b8157-155f-49b1-815b-a783006f50ed.roa
Signing time:             Tue 07 Oct 2025 00:11:12 +0000
ROA not before:           Tue 07 Oct 2025 00:11:12 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        136.18.128.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:61:9c:50:94:68:ca:d7:66:38:83:6f:72:fb:c1:ff:61:6d:04:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:11:12 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=62f1deda80e056c12ef5d6fa4ad71f0210e8f85e72e0c83ea9b1234ef22027e3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:5b:89:13:bb:7e:30:df:dc:41:28:b2:c4:4a:
                    a4:b2:97:4f:7c:73:f9:96:2f:7a:b1:a3:49:45:1d:
                    da:89:8b:7e:5e:99:6c:dd:76:4b:43:bc:be:e5:da:
                    45:e8:60:e4:77:89:25:d2:92:2a:93:00:3a:31:95:
                    06:8e:58:ad:29:e0:76:d4:09:ae:45:e0:de:90:92:
                    6b:3a:1d:8a:72:d9:68:68:f8:a5:ee:24:bf:1c:2c:
                    32:5d:d5:1f:73:c6:82:ab:09:f5:4f:7a:12:5d:ff:
                    91:72:fb:d8:89:21:e6:59:bb:7f:16:7d:1f:62:f5:
                    c6:f0:02:85:85:07:d2:df:42:51:8d:6d:4a:5f:56:
                    61:b1:3b:7f:d1:ef:cd:bf:d9:37:20:b4:db:bb:21:
                    51:24:f2:c8:35:1b:39:87:0e:12:42:51:9d:07:e8:
                    09:6d:e6:37:c8:e3:13:29:cf:65:96:70:67:bf:62:
                    c5:a4:2f:43:0d:e1:3b:63:10:b5:c0:98:b2:ef:a6:
                    b0:ff:fa:23:9e:4a:ff:5b:32:d4:56:e3:b8:f9:3e:
                    8c:ca:b1:f1:db:c5:5e:06:9e:39:9f:a3:78:bc:98:
                    5b:a9:35:60:5a:2e:e7:05:b1:7f:87:92:ef:88:26:
                    82:00:27:9a:e4:4f:55:3a:aa:ad:27:6e:7b:db:7f:
                    f5:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:81:37:88:BF:38:34:FD:D7:91:80:CB:D3:F3:F0:98:6E:68:BF:B1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8a4b8157-155f-49b1-815b-a783006f50ed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:9a:fb:ca:20:b5:44:0d:bf:e5:f5:bb:78:8e:e8:c9:2c:2a:
         dd:3f:41:c7:3d:59:27:b8:18:49:a1:9c:2b:4f:33:d2:19:c6:
         17:6f:71:11:da:83:d5:6d:53:27:18:76:af:f1:80:32:9d:00:
         16:f8:84:a5:0c:9d:88:51:6a:1f:ac:b9:2a:c8:b7:ef:09:e6:
         a5:13:54:3c:fc:65:ed:16:ce:6d:ed:45:42:9d:3f:65:78:9c:
         fc:31:f4:be:a9:d1:8e:ee:70:e2:3b:e9:8b:7d:a7:bf:0a:3c:
         a6:cb:00:12:78:94:a9:4c:12:55:90:d2:85:53:f8:cd:a2:e2:
         39:ac:f0:6d:b0:00:30:d7:78:7f:85:c2:f3:42:2b:27:da:79:
         1e:49:66:0c:91:1a:d4:df:b0:80:68:ec:89:62:8e:2b:01:c5:
         91:c3:c4:1d:89:81:0d:c0:2f:35:44:19:b0:4f:b3:7c:a5:59:
         05:b3:4e:fd:bc:be:1a:13:41:0f:b9:d2:ba:37:8a:b3:5b:dc:
         04:f3:fb:dd:14:aa:a1:cb:db:b1:53:6a:88:92:90:fe:4d:9c:
         45:a3:aa:30:19:6c:8f:44:1e:4b:f9:59:5f:2e:bc:6f:fa:5f:
         1e:65:bb:8a:bb:4d:6c:20:b2:f9:69:71:a4:74:95:81:53:61:
         77:95:0b:64
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUH2GcUJRoytdmOINvcvvB/2FtBH0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDAxMTEyWhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MmYxZGVkYTgwZTA1NmMxMmVmNWQ2ZmE0YWQ3MWYwMjEw
ZThmODVlNzJlMGM4M2VhOWIxMjM0ZWYyMjAyN2UzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCaW4kTu34w39xBKLLESqSyl098c/mWL3qxo0lFHdqJi35e
mWzddktDvL7l2kXoYOR3iSXSkiqTADoxlQaOWK0p4HbUCa5F4N6Qkms6HYpy2Who
+KXuJL8cLDJd1R9zxoKrCfVPehJd/5Fy+9iJIeZZu38WfR9i9cbwAoWFB9LfQlGN
bUpfVmGxO3/R782/2TcgtNu7IVEk8sg1GzmHDhJCUZ0H6Alt5jfI4xMpz2WWcGe/
YsWkL0MN4TtjELXAmLLvprD/+iOeSv9bMtRW47j5PozKsfHbxV4Gnjmfo3i8mFup
NWBaLucFsX+Hku+IJoIAJ5rkT1U6qq0nbnvbf/W1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNIE3iL84NP3XkYDL0/PwmG5ov7EwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhhNGI4MTU3LTE1NWYtNDliMS04MTViLWE3ODMwMDZmNTBlZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACIEoAwDQYJKoZIhvcNAQELBQADggEBALqa+8ogtUQNv+X1u3iO6MksKt0/
Qcc9WSe4GEmhnCtPM9IZxhdvcRHag9VtUycYdq/xgDKdABb4hKUMnYhRah+suSrI
t+8J5qUTVDz8Ze0Wzm3tRUKdP2V4nPwx9L6p0Y7ucOI76Yt9p78KPKbLABJ4lKlM
ElWQ0oVT+M2i4jms8G2wADDXeH+FwvNCKyfaeR5JZgyRGtTfsIBo7IlijisBxZHD
xB2JgQ3ALzVEGbBPs3ylWQWzTv28vhoTQQ+50ro3irNb3ATz+90UqqHL27FTaoiS
kP5NnEWjqjAZbI9EHkv5WV8uvG/6Xx5lu4q7TWwgsvlpcaR0lYFTYXeVC2Q=
-----END CERTIFICATE-----