Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9cb2c346-369b-4c70-8b2a-9e3ce4acc541.roa
File:                     9cb2c346-369b-4c70-8b2a-9e3ce4acc541.roa (raw, json)
Hash identifier:          9NwR/tdLvre2lf/wpBEecugRiD1sMjatbg7QwPfDYnY=
Subject key identifier:   1A:A3:93:70:22:9E:9D:DD:DD:E7:72:4D:2D:57:6A:60:3A:0A:58:73
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5DE7F27F361C436836B3871F625E963B747332AF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9cb2c346-369b-4c70-8b2a-9e3ce4acc541.roa
Signing time:             Mon 29 Sep 2025 15:11:39 +0000
ROA not before:           Mon 29 Sep 2025 15:11:39 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        75.45.128.0/18 maxlen: 18
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:e7:f2:7f:36:1c:43:68:36:b3:87:1f:62:5e:96:3b:74:73:32:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 29 15:11:39 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=f58fc79957ec71e3bdfd4860d64bfcfa22fad2016aba3e8c488f648385d0d63b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:46:3b:8c:07:19:be:c6:8c:ab:2c:ed:20:cf:
                    53:3f:91:9b:54:34:3d:bb:2c:69:37:78:c1:f2:60:
                    6a:8c:10:df:53:fb:f9:21:81:cf:08:30:18:0f:1f:
                    6c:1e:ae:4f:45:9f:7a:52:21:20:3b:f8:64:01:f4:
                    fc:0b:c3:cc:7c:4f:19:01:ca:8e:2a:cd:f4:8f:0a:
                    40:8e:fb:2d:54:73:57:fd:ba:d4:c9:48:6c:07:3a:
                    93:6e:11:42:0e:80:87:3c:28:f5:45:de:14:9c:88:
                    cd:ae:8c:f6:6b:dc:2d:97:ed:b1:1b:bd:40:91:37:
                    0b:b8:b9:56:07:38:e0:3c:c9:fa:8f:3f:77:18:11:
                    81:67:4a:33:00:c4:03:82:62:2c:b3:16:b2:73:3e:
                    cd:fc:61:84:a8:41:28:a0:59:e3:b0:6a:f8:b3:ca:
                    92:cd:7e:4b:9d:27:f4:e8:58:f1:7d:c1:d5:33:10:
                    ff:57:5d:b5:58:1e:4e:6b:59:38:6e:c6:e8:dd:b4:
                    ad:e9:49:3c:98:2f:ac:b6:fd:ed:46:7c:1d:76:62:
                    13:e9:1b:d3:48:8b:61:aa:19:a3:0e:e9:fd:b7:ba:
                    f2:f1:58:c4:71:80:2b:78:d3:e9:0e:74:76:86:9e:
                    80:f3:df:1f:70:00:b6:90:7f:a5:51:81:4d:82:90:
                    ed:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:A3:93:70:22:9E:9D:DD:DD:E7:72:4D:2D:57:6A:60:3A:0A:58:73
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9cb2c346-369b-4c70-8b2a-9e3ce4acc541.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  75.45.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         b6:78:8a:5e:bc:74:db:4b:da:89:f3:28:1c:b1:7b:20:d3:9d:
         e7:5e:2f:f9:30:0d:60:a1:d7:2d:63:f7:ed:86:a9:78:3f:11:
         53:30:d7:ac:ba:bd:27:38:a6:75:8c:a9:7d:86:d5:6d:e2:cf:
         b3:42:86:08:88:0a:93:46:04:39:30:09:51:62:b0:3b:2d:6c:
         18:c3:33:38:a8:33:a6:8b:b8:e8:3e:a0:05:dc:d7:c0:0e:df:
         f0:73:36:2b:42:82:ac:79:d5:11:1f:56:16:1a:7a:a1:90:e0:
         d7:27:3b:ba:05:e1:eb:0d:6c:55:a4:0c:ba:e5:18:1c:2f:98:
         df:98:3f:38:7c:14:26:00:f8:07:16:f1:05:9d:c1:48:23:84:
         e7:4d:25:bd:72:a8:85:12:a8:2c:a3:e9:4a:50:14:d1:7f:b3:
         64:45:6c:53:1d:ef:a3:80:29:eb:f0:b9:5f:ba:b0:41:b3:b1:
         a4:db:eb:af:5b:5c:61:04:17:14:87:5c:fe:82:46:d3:5a:7f:
         f7:a3:2c:a7:40:9f:e4:87:e7:40:55:03:f6:63:92:d8:d7:50:
         12:ec:30:e3:55:18:5d:36:bf:46:41:84:7b:2c:32:cb:3f:bf:
         62:a1:79:d1:e7:93:84:cc:6a:8f:6a:0e:41:a0:60:ed:0a:f8:
         57:a6:f1:31
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXefyfzYcQ2g2s4cfYl6WO3RzMq8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI5MTUxMTM5WhcNMjUxMTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNThmYzc5OTU3ZWM3MWUzYmRmZDQ4NjBkNjRiZmNmYTIy
ZmFkMjAxNmFiYTNlOGM0ODhmNjQ4Mzg1ZDBkNjNiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGRjuMBxm+xoyrLO0gz1M/kZtUND27LGk3eMHyYGqMEN9T
+/khgc8IMBgPH2werk9Fn3pSISA7+GQB9PwLw8x8TxkByo4qzfSPCkCO+y1Uc1f9
utTJSGwHOpNuEUIOgIc8KPVF3hSciM2ujPZr3C2X7bEbvUCRNwu4uVYHOOA8yfqP
P3cYEYFnSjMAxAOCYiyzFrJzPs38YYSoQSigWeOwavizypLNfkudJ/ToWPF9wdUz
EP9XXbVYHk5rWThuxujdtK3pSTyYL6y2/e1GfB12YhPpG9NIi2GqGaMO6f23uvLx
WMRxgCt40+kOdHaGnoDz3x9wALaQf6VRgU2CkO1hAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGqOTcCKend3d53JNLVdqYDoKWHMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzljYjJjMzQ2LTM2OWItNGM3MC04YjJhLTllM2NlNGFjYzU0MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZLLYAwDQYJKoZIhvcNAQELBQADggEBALZ4il68dNtL2onzKByxeyDTnede
L/kwDWCh1y1j9+2GqXg/EVMw16y6vSc4pnWMqX2G1W3iz7NChgiICpNGBDkwCVFi
sDstbBjDMzioM6aLuOg+oAXc18AO3/BzNitCgqx51REfVhYaeqGQ4NcnO7oF4esN
bFWkDLrlGBwvmN+YPzh8FCYA+AcW8QWdwUgjhOdNJb1yqIUSqCyj6UpQFNF/s2RF
bFMd76OAKevwuV+6sEGzsaTb669bXGEEFxSHXP6CRtNaf/ejLKdAn+SH50BVA/Zj
ktjXUBLsMONVGF02v0ZBhHssMss/v2KhedHnk4TMao9qDkGgYO0K+Fem8TE=
-----END CERTIFICATE-----