Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8c4bf097-d8a8-476c-a175-6b763ab54239.roa
File:                     8c4bf097-d8a8-476c-a175-6b763ab54239.roa (raw, json)
Hash identifier:          hsRWg2U/FMJO30jL0S7qqR3qaYkHI+xpOmrkR8m7hw8=
Subject key identifier:   4F:69:93:47:12:9F:4D:94:96:C5:25:40:84:35:DA:61:FA:76:83:72
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       58E84BD3A124F7753B4C3A97B198DCB36ECAD92D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8c4bf097-d8a8-476c-a175-6b763ab54239.roa
Signing time:             Fri 03 Oct 2025 00:01:28 +0000
ROA not before:           Fri 03 Oct 2025 00:01:28 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        136.18.4.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:e8:4b:d3:a1:24:f7:75:3b:4c:3a:97:b1:98:dc:b3:6e:ca:d9:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:01:28 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=e425cdc1f529cc86c6cf3b5a2b581bb6c0620cdea2fdabd6258718edde01c915, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:96:c5:2a:f6:69:0c:57:98:15:1b:de:bb:03:
                    16:1e:c0:5b:49:73:36:7c:97:f3:ba:08:2c:8e:36:
                    99:5a:2c:c3:10:9c:92:54:f6:b9:ba:84:16:fc:72:
                    74:94:0f:c3:67:0d:e7:09:cb:24:d6:bc:dd:8f:6c:
                    d3:dd:7e:72:86:2b:66:17:57:00:d7:bc:c2:ee:be:
                    71:b0:7c:1b:0d:75:75:25:bf:67:1d:09:eb:c3:f3:
                    2e:e7:94:33:38:2d:cd:03:85:fc:be:9d:52:80:93:
                    f0:57:7e:b0:c7:5e:bb:30:50:3f:6f:bc:65:79:1e:
                    30:70:90:51:a2:32:90:82:be:9f:ea:59:01:90:be:
                    19:32:62:b9:dd:98:42:a5:1c:11:e7:c5:74:6f:47:
                    c0:47:52:32:ac:a5:c9:16:e5:4a:9a:4a:17:da:f8:
                    59:a3:25:50:f1:e2:22:05:41:03:0a:07:ed:b6:d0:
                    6b:77:68:22:91:4e:12:04:79:0e:49:b4:a3:74:f6:
                    90:83:db:25:fd:1f:ab:d1:be:c0:71:2c:46:ce:4f:
                    b0:0c:3d:2b:2a:bb:31:bf:c3:b8:7b:5b:51:f2:0a:
                    c7:33:b4:45:ab:1b:72:96:54:b3:ac:ca:99:30:96:
                    e6:15:5c:bb:bc:65:12:a8:47:e2:2d:56:d3:23:51:
                    8e:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:69:93:47:12:9F:4D:94:96:C5:25:40:84:35:DA:61:FA:76:83:72
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8c4bf097-d8a8-476c-a175-6b763ab54239.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:05:50:8d:58:2f:e0:43:b7:5a:9f:df:71:d7:89:73:6c:44:
         a7:9b:f9:a9:46:45:1a:99:03:bf:dc:fd:7b:b8:b0:79:ad:5d:
         70:a2:92:ba:79:55:27:f2:d3:50:5f:87:f8:66:09:aa:a3:37:
         4a:4a:63:74:9f:cb:0b:ed:39:3f:ea:78:eb:b5:70:d4:cb:14:
         c6:de:06:4c:45:68:9b:57:7a:b5:7e:b9:d3:02:84:d4:cd:ca:
         69:04:68:0a:a1:b9:b2:1a:d3:34:81:6e:64:f2:eb:8e:27:77:
         28:2d:96:5b:09:5e:07:45:91:1f:47:de:c8:f3:df:80:78:76:
         35:07:04:07:cc:0d:bd:d6:01:07:7a:f4:aa:9c:5a:e2:6f:3e:
         24:06:fe:f7:c3:23:96:7b:50:df:ae:ff:8e:af:2c:af:7d:69:
         db:e3:92:4c:34:74:59:aa:2b:02:67:a8:16:ae:70:7c:20:0b:
         5b:46:c4:79:ac:d8:2c:a4:93:58:f0:bf:29:ae:7c:9b:e7:25:
         09:a0:40:07:95:7f:8d:d1:71:c2:9b:96:48:61:9b:ca:7c:62:
         2b:54:01:28:c9:f7:0b:82:f2:35:62:c4:4d:e2:51:e5:e7:c8:
         1d:3a:e7:4e:26:e4:4e:59:72:e3:eb:ac:f7:96:1f:d1:3a:8f:
         d5:e5:67:fc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWOhL06Ek93U7TDqXsZjcs27K2S0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDAwMTI4WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNDI1Y2RjMWY1MjljYzg2YzZjZjNiNWEyYjU4MWJiNmMw
NjIwY2RlYTJmZGFiZDYyNTg3MThlZGRlMDFjOTE1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCIlsUq9mkMV5gVG967AxYewFtJczZ8l/O6CCyONplaLMMQ
nJJU9rm6hBb8cnSUD8NnDecJyyTWvN2PbNPdfnKGK2YXVwDXvMLuvnGwfBsNdXUl
v2cdCevD8y7nlDM4Lc0Dhfy+nVKAk/BXfrDHXrswUD9vvGV5HjBwkFGiMpCCvp/q
WQGQvhkyYrndmEKlHBHnxXRvR8BHUjKspckW5UqaShfa+FmjJVDx4iIFQQMKB+22
0Gt3aCKRThIEeQ5JtKN09pCD2yX9H6vRvsBxLEbOT7AMPSsquzG/w7h7W1HyCscz
tEWrG3KWVLOsypkwluYVXLu8ZRKoR+ItVtMjUY49AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUT2mTRxKfTZSWxSVAhDXaYfp2g3IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhjNGJmMDk3LWQ4YTgtNDc2Yy1hMTc1LTZiNzYzYWI1NDIzOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAKIEgQwDQYJKoZIhvcNAQELBQADggEBAH4FUI1YL+BDt1qf33HXiXNsRKeb
+alGRRqZA7/c/Xu4sHmtXXCikrp5VSfy01Bfh/hmCaqjN0pKY3SfywvtOT/qeOu1
cNTLFMbeBkxFaJtXerV+udMChNTNymkEaAqhubIa0zSBbmTy644ndygtllsJXgdF
kR9H3sjz34B4djUHBAfMDb3WAQd69KqcWuJvPiQG/vfDI5Z7UN+u/46vLK99advj
kkw0dFmqKwJnqBaucHwgC1tGxHms2Cykk1jwvymufJvnJQmgQAeVf43RccKblkhh
m8p8YitUASjJ9wuC8jVixE3iUeXnyB06504m5E5ZcuPrrPeWH9E6j9XlZ/w=
-----END CERTIFICATE-----