Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/96e7390c-1715-4144-8b0d-958835bcc976.roa
File:                     96e7390c-1715-4144-8b0d-958835bcc976.roa (raw, json)
Hash identifier:          u2sNzHvKZmdngzd15gPKp40scfRC9Er1ZtRs3YU4q2U=
Subject key identifier:   17:D7:D3:A0:E2:A7:2F:83:F3:00:6A:F6:83:52:71:A7:04:DA:85:E6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       57A0CFF6F9E234D6D82D3A1BA8215631EE6EC5C0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/96e7390c-1715-4144-8b0d-958835bcc976.roa
Signing time:             Tue 14 Oct 2025 00:52:06 +0000
ROA not before:           Tue 14 Oct 2025 00:52:06 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        130.176.232.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:a0:cf:f6:f9:e2:34:d6:d8:2d:3a:1b:a8:21:56:31:ee:6e:c5:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 00:52:06 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=edb70b3a5a73a39ff07f616b4837ca7461503597e2b4f72d14415d069a6d427e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f8:0d:c2:4a:5d:72:8b:b0:6d:ca:a0:bb:d1:
                    04:88:78:65:8c:c2:66:b2:7b:bc:cc:54:0f:f5:59:
                    c5:21:59:53:07:c1:71:a7:0d:49:f3:33:69:3d:45:
                    c4:3f:d3:22:3f:e7:4e:fb:79:c2:df:20:be:86:55:
                    0f:38:a7:99:3e:b0:55:d1:78:f8:32:a2:34:a0:ab:
                    74:50:27:55:f2:e8:3b:1a:b2:45:91:c1:ea:72:b2:
                    fc:96:a1:82:2a:10:1c:0c:43:32:22:c4:61:9f:e1:
                    65:74:8d:f3:ad:6c:af:07:b0:54:0f:37:c0:3c:9e:
                    e8:ba:b7:d6:c0:28:06:8e:a8:6e:0c:5d:e0:c6:97:
                    dd:94:0d:48:fd:e6:69:dc:31:ca:b1:b7:5a:e5:57:
                    36:75:ac:eb:e7:ae:e1:ca:dd:af:36:f4:12:97:92:
                    82:ee:68:ea:2d:ce:68:b9:05:96:30:b3:b9:c7:41:
                    63:88:53:dd:0f:f2:45:19:36:4d:31:15:bd:64:8e:
                    5e:08:b9:65:52:06:37:3d:7e:bf:d3:71:36:48:7a:
                    cb:83:3f:4f:21:5e:fe:3a:b4:eb:03:a3:d1:6a:13:
                    d0:cd:1c:5d:36:32:66:59:a2:16:20:0b:0d:60:0e:
                    f1:45:81:b7:3f:15:3d:24:50:8a:72:13:a3:23:eb:
                    2b:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:D7:D3:A0:E2:A7:2F:83:F3:00:6A:F6:83:52:71:A7:04:DA:85:E6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/96e7390c-1715-4144-8b0d-958835bcc976.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.176.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:2e:26:91:bf:46:4a:b2:4d:9f:44:02:4a:65:03:ed:a9:57:
         da:2b:f3:ec:f3:6d:7f:dc:8f:8e:78:7b:54:d5:33:c5:16:0b:
         93:30:6b:a6:3e:f9:f5:40:7d:bd:72:da:03:6d:b5:ef:a0:a7:
         df:57:33:29:f6:52:b2:99:f3:37:5d:04:6d:65:ce:69:76:8d:
         35:cf:81:94:4a:70:e3:0f:06:0b:e6:15:f4:7c:46:2d:34:0e:
         64:80:50:26:e5:37:ca:de:3b:ee:31:88:3b:9b:27:77:22:4e:
         32:94:e6:a8:58:b1:27:f5:40:b0:c9:b0:fe:ba:79:11:ce:dd:
         a2:12:e1:1f:4b:f6:58:f5:3e:d6:57:e7:08:b9:86:6e:2b:8b:
         15:a4:c6:2f:ee:14:03:ae:b3:55:83:25:68:f1:e8:30:36:1e:
         05:3f:ed:20:96:64:15:92:41:84:b3:3b:a4:17:1c:44:a6:bd:
         21:72:76:0e:a1:4b:83:a1:4d:26:58:22:60:28:9b:d1:24:b5:
         f2:5f:dc:7a:68:4e:ce:b5:4e:68:54:1a:19:dd:44:e5:21:85:
         3a:7b:89:ea:e5:2f:dc:e9:2e:34:d1:3a:61:64:89:71:b1:87:
         74:ba:7b:18:14:5e:09:a9:59:40:64:48:b6:cf:73:ac:0a:1e:
         ad:f2:d9:c9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUV6DP9vniNNbYLTobqCFWMe5uxcAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MDA1MjA2WhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZGI3MGIzYTVhNzNhMzlmZjA3ZjYxNmI0ODM3Y2E3NDYx
NTAzNTk3ZTJiNGY3MmQxNDQxNWQwNjlhNmQ0MjdlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCn+A3CSl1yi7BtyqC70QSIeGWMwmaye7zMVA/1WcUhWVMH
wXGnDUnzM2k9RcQ/0yI/5077ecLfIL6GVQ84p5k+sFXRePgyojSgq3RQJ1Xy6Dsa
skWRwepysvyWoYIqEBwMQzIixGGf4WV0jfOtbK8HsFQPN8A8nui6t9bAKAaOqG4M
XeDGl92UDUj95mncMcqxt1rlVzZ1rOvnruHK3a829BKXkoLuaOotzmi5BZYws7nH
QWOIU90P8kUZNk0xFb1kjl4IuWVSBjc9fr/TcTZIesuDP08hXv46tOsDo9FqE9DN
HF02MmZZohYgCw1gDvFFgbc/FT0kUIpyE6Mj6ytlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUF9fToOKnL4PzAGr2g1JxpwTaheYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk2ZTczOTBjLTE3MTUtNDE0NC04YjBkLTk1ODgzNWJjYzk3Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACCsOgwDQYJKoZIhvcNAQELBQADggEBABAuJpG/RkqyTZ9EAkplA+2pV9or
8+zzbX/cj454e1TVM8UWC5Mwa6Y++fVAfb1y2gNtte+gp99XMyn2UrKZ8zddBG1l
zml2jTXPgZRKcOMPBgvmFfR8Ri00DmSAUCblN8reO+4xiDubJ3ciTjKU5qhYsSf1
QLDJsP66eRHO3aIS4R9L9lj1PtZX5wi5hm4rixWkxi/uFAOus1WDJWjx6DA2HgU/
7SCWZBWSQYSzO6QXHESmvSFydg6hS4OhTSZYImAom9EktfJf3HpoTs61TmhUGhnd
ROUhhTp7ierlL9zpLjTROmFkiXGxh3S6exgUXgmpWUBkSLbPc6wKHq3y2ck=
-----END CERTIFICATE-----