Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/94c7d246-be3d-42bd-bbc9-120f38252e6d.roa
File:                     94c7d246-be3d-42bd-bbc9-120f38252e6d.roa (raw, json)
Hash identifier:          AywJJEceFzIvkUIOfZSgY7C2vAkNaUC7kGahT8zDVjA=
Subject key identifier:   E4:66:49:C5:7A:9B:93:0D:55:85:F2:DA:B8:E0:7A:9A:8F:2F:48:BB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1C5053D8EFBE2CD676EDF757A5C8331781F52C22
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/94c7d246-be3d-42bd-bbc9-120f38252e6d.roa
Signing time:             Tue 14 Oct 2025 17:51:58 +0000
ROA not before:           Tue 14 Oct 2025 17:51:58 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        71.152.76.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:50:53:d8:ef:be:2c:d6:76:ed:f7:57:a5:c8:33:17:81:f5:2c:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 17:51:58 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=7854ea6d8f3c1dc8d60815b233f7ba4c622dab3cd0ff32d7277301aa8d1df62c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:76:17:45:cb:a0:1d:b7:43:91:4f:3c:aa:0d:
                    44:79:dc:eb:5b:db:f0:61:3d:67:e4:5a:91:0a:4c:
                    da:9c:6b:c9:39:21:42:7b:75:a1:09:f1:04:ed:d4:
                    0d:16:d3:16:7f:9f:cc:51:67:55:f6:4e:da:51:c4:
                    e1:19:5a:1c:12:4d:12:b4:f8:17:c6:eb:b4:46:17:
                    e9:0f:f5:43:80:de:ca:f1:48:b2:7d:25:52:80:53:
                    7c:56:03:37:61:fd:bc:54:eb:89:24:28:09:e2:ec:
                    65:70:e8:70:ab:b0:a0:98:c4:e5:90:19:2b:9f:4b:
                    d6:18:66:e1:cc:07:d9:29:10:63:a9:e7:62:f3:6d:
                    3b:67:82:56:5f:1a:90:2d:a3:64:ea:8c:45:e1:91:
                    b2:ea:0c:17:3c:de:7c:ef:e3:60:47:4d:0c:28:6b:
                    88:06:b6:b5:c6:6c:d4:57:d8:26:e6:d7:5f:af:1b:
                    9f:97:ff:2e:83:35:10:25:00:5e:96:42:d9:f9:aa:
                    bc:9c:d1:69:0a:d4:8b:97:b7:e4:68:b3:65:af:34:
                    f0:8c:aa:3d:c2:93:35:23:2b:5f:ac:fc:9c:77:94:
                    e5:04:fb:a7:d9:5a:32:63:14:b7:c9:8e:18:6e:b3:
                    c6:ee:3e:a6:a4:28:7c:e6:fc:58:be:dc:a1:70:06:
                    43:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:66:49:C5:7A:9B:93:0D:55:85:F2:DA:B8:E0:7A:9A:8F:2F:48:BB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/94c7d246-be3d-42bd-bbc9-120f38252e6d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  71.152.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:91:2b:ca:6a:92:cc:46:7d:36:1b:64:10:ce:ff:90:10:81:
         a8:f2:63:83:5f:6b:4b:e6:c4:f6:96:1f:9b:53:7b:11:cb:d2:
         f2:a2:c7:a8:1c:a0:50:0d:99:8d:df:be:09:7f:e8:2a:c1:f2:
         ed:2c:36:43:26:0d:66:ae:81:83:68:ae:41:0b:f9:02:b9:43:
         2a:f0:d5:0d:cc:5e:90:85:b1:eb:47:bc:3c:d4:d3:2a:71:85:
         d8:12:5d:1e:e0:8b:51:22:57:33:e7:db:14:58:fe:59:cf:74:
         fd:4f:79:64:84:0c:e0:28:1b:48:f0:83:77:e8:3b:22:c0:9b:
         95:d2:cd:29:a1:f5:d1:e8:3a:c9:b8:29:d8:0b:fa:ac:bb:53:
         cc:ff:4a:c5:6e:e8:2f:3c:2e:be:b0:d9:15:9b:59:40:9c:c2:
         04:05:5c:9c:ee:1c:ce:53:63:3d:70:13:94:16:be:a5:27:29:
         59:52:ae:5a:8e:93:a8:82:42:68:99:54:c0:2f:80:26:e3:1b:
         2c:7e:e0:cb:fe:e2:f7:b4:85:84:5d:67:3e:da:3a:73:f8:3a:
         69:e2:b2:ae:6e:4a:96:3b:d7:e7:cd:67:48:1c:24:3d:d4:fa:
         f0:c2:cb:98:70:00:85:ee:53:00:9a:c1:23:d3:83:0f:3e:b1:
         2b:7e:c4:6c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHFBT2O++LNZ27fdXpcgzF4H1LCIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTc1MTU4WhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ODU0ZWE2ZDhmM2MxZGM4ZDYwODE1YjIzM2Y3YmE0YzYy
MmRhYjNjZDBmZjMyZDcyNzczMDFhYThkMWRmNjJjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjdhdFy6Adt0ORTzyqDUR53Otb2/BhPWfkWpEKTNqca8k5
IUJ7daEJ8QTt1A0W0xZ/n8xRZ1X2TtpRxOEZWhwSTRK0+BfG67RGF+kP9UOA3srx
SLJ9JVKAU3xWAzdh/bxU64kkKAni7GVw6HCrsKCYxOWQGSufS9YYZuHMB9kpEGOp
52LzbTtnglZfGpAto2TqjEXhkbLqDBc83nzv42BHTQwoa4gGtrXGbNRX2Cbm11+v
G5+X/y6DNRAlAF6WQtn5qryc0WkK1IuXt+Ros2WvNPCMqj3CkzUjK1+s/Jx3lOUE
+6fZWjJjFLfJjhhus8buPqakKHzm/Fi+3KFwBkOLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5GZJxXqbkw1VhfLauOB6mo8vSLswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk0YzdkMjQ2LWJlM2QtNDJiZC1iYmM5LTEyMGYzODI1MmU2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABHmEwwDQYJKoZIhvcNAQELBQADggEBAC2RK8pqksxGfTYbZBDO/5AQgajy
Y4Nfa0vmxPaWH5tTexHL0vKix6gcoFANmY3fvgl/6CrB8u0sNkMmDWaugYNorkEL
+QK5Qyrw1Q3MXpCFsetHvDzU0ypxhdgSXR7gi1EiVzPn2xRY/lnPdP1PeWSEDOAo
G0jwg3foOyLAm5XSzSmh9dHoOsm4KdgL+qy7U8z/SsVu6C88Lr6w2RWbWUCcwgQF
XJzuHM5TYz1wE5QWvqUnKVlSrlqOk6iCQmiZVMAvgCbjGyx+4Mv+4ve0hYRdZz7a
OnP4Omnisq5uSpY71+fNZ0gcJD3U+vDCy5hwAIXuUwCawSPTgw8+sSt+xGw=
-----END CERTIFICATE-----