Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9cbb141b-4875-4336-9c00-31dd3fab35a5.roa
File:                     9cbb141b-4875-4336-9c00-31dd3fab35a5.roa (raw, json)
Hash identifier:          M9aM+qtZU9MnwqzMiAFCmuJtTJVHEQpjrahpIhu0Z70=
Subject key identifier:   2B:D5:9C:D9:75:29:1D:F5:D1:B4:DB:C7:F3:1D:44:A7:20:0E:3D:CA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       29FFF6A8D8656D713A3AF2316D575DF11A38F66C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9cbb141b-4875-4336-9c00-31dd3fab35a5.roa
Signing time:             Tue 14 Oct 2025 00:51:18 +0000
ROA not before:           Tue 14 Oct 2025 00:51:18 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        130.176.125.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:ff:f6:a8:d8:65:6d:71:3a:3a:f2:31:6d:57:5d:f1:1a:38:f6:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 00:51:18 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=12d9496c2e4b0b2011097a3444c79456b8bd35b784f085a98cf631b650a090cd, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:cb:72:51:12:e5:b4:c0:34:71:8d:a7:2f:4b:
                    de:10:f2:29:1b:23:88:96:7d:f1:a3:7c:55:b0:ba:
                    a8:f5:49:ad:f4:d9:28:1c:d4:13:ce:8b:95:40:90:
                    aa:9d:68:c5:0b:70:7b:5b:ff:e9:05:a5:0e:e7:6c:
                    3f:23:f7:24:df:63:4c:b2:ef:46:1d:05:9f:af:e6:
                    1e:22:4b:6a:33:7b:f4:8d:3a:b0:cf:69:cb:80:a3:
                    3a:16:ca:4a:b3:1b:99:d7:e3:94:d3:6e:10:f4:0a:
                    8d:d8:2e:27:53:1d:3f:f9:3c:09:9e:f2:c2:9e:e6:
                    ee:3e:b7:52:02:75:79:3d:be:a4:e4:88:2c:c1:b9:
                    0e:2f:ac:7e:85:63:70:65:78:15:18:1b:af:6d:d6:
                    6b:7c:58:28:97:ec:07:bc:5c:cf:83:14:08:f3:45:
                    55:12:5b:1c:89:39:4e:51:15:93:e3:ee:5e:dc:fc:
                    b1:4f:a0:ab:00:f0:8d:0d:4f:6f:94:49:7c:a9:3b:
                    75:07:06:c2:7d:97:27:26:18:71:db:e4:1b:56:33:
                    83:da:27:71:f5:f9:ab:7a:29:57:e9:61:6d:91:a7:
                    3e:dc:6a:85:4f:92:a7:c6:b4:50:5a:e9:dc:48:75:
                    26:b0:38:d6:8f:aa:57:2d:57:f6:e3:c0:ad:b8:ce:
                    5a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:D5:9C:D9:75:29:1D:F5:D1:B4:DB:C7:F3:1D:44:A7:20:0E:3D:CA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9cbb141b-4875-4336-9c00-31dd3fab35a5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.176.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:10:50:de:88:85:1b:80:a1:84:50:fa:54:32:e6:32:8a:17:
         bb:4a:a7:2c:43:0d:2a:6a:cb:56:cd:59:1b:ae:c1:b5:fe:91:
         5c:26:ce:2e:a3:4c:9b:f5:d3:bd:cb:5e:0c:6d:f1:f0:1c:f8:
         a6:ce:a3:73:76:d1:a4:f2:8b:60:fe:19:f2:fd:a5:bd:e1:05:
         16:a2:b5:4a:43:46:51:a0:cf:51:1d:23:67:b3:65:e5:b3:74:
         d5:ea:3a:f7:78:ab:bf:bd:47:bd:13:86:a8:36:b2:ed:3c:36:
         99:fc:20:fe:90:a4:3e:a6:ab:e5:47:48:b4:1b:1f:69:2f:50:
         a9:48:07:f5:f9:6d:76:78:71:68:50:6b:31:df:85:3a:27:5e:
         17:a2:2a:84:f1:62:b3:61:c5:c4:af:5d:eb:74:51:e2:2e:52:
         97:3b:a5:51:6b:d6:63:03:68:d9:8e:bf:98:df:b9:cf:c3:7c:
         ee:b5:82:75:0f:7d:16:60:07:0b:da:3b:ef:ab:3d:b6:19:ad:
         79:23:04:b5:ab:3d:86:c8:45:0a:79:8e:5a:66:cd:30:02:55:
         0a:93:7b:c0:48:f7:4e:94:0b:6a:da:d8:54:7a:ed:35:85:30:
         68:cd:d9:82:3f:bb:8e:ff:47:f0:4b:38:b8:33:b5:3a:2c:96:
         d7:82:c5:90
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKf/2qNhlbXE6OvIxbVdd8Ro49mwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MDA1MTE4WhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMmQ5NDk2YzJlNGIwYjIwMTEwOTdhMzQ0NGM3OTQ1NmI4
YmQzNWI3ODRmMDg1YTk4Y2Y2MzFiNjUwYTA5MGNkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCNy3JREuW0wDRxjacvS94Q8ikbI4iWffGjfFWwuqj1Sa30
2Sgc1BPOi5VAkKqdaMULcHtb/+kFpQ7nbD8j9yTfY0yy70YdBZ+v5h4iS2oze/SN
OrDPacuAozoWykqzG5nX45TTbhD0Co3YLidTHT/5PAme8sKe5u4+t1ICdXk9vqTk
iCzBuQ4vrH6FY3BleBUYG69t1mt8WCiX7Ae8XM+DFAjzRVUSWxyJOU5RFZPj7l7c
/LFPoKsA8I0NT2+USXypO3UHBsJ9lycmGHHb5BtWM4PaJ3H1+at6KVfpYW2Rpz7c
aoVPkqfGtFBa6dxIdSawONaPqlctV/bjwK24zlqBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUK9Wc2XUpHfXRtNvH8x1EpyAOPcowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzljYmIxNDFiLTQ4NzUtNDMzNi05YzAwLTMxZGQzZmFiMzVhNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACCsH0wDQYJKoZIhvcNAQELBQADggEBALIQUN6IhRuAoYRQ+lQy5jKKF7tK
pyxDDSpqy1bNWRuuwbX+kVwmzi6jTJv1073LXgxt8fAc+KbOo3N20aTyi2D+GfL9
pb3hBRaitUpDRlGgz1EdI2ezZeWzdNXqOvd4q7+9R70Thqg2su08Npn8IP6QpD6m
q+VHSLQbH2kvUKlIB/X5bXZ4cWhQazHfhTonXheiKoTxYrNhxcSvXet0UeIuUpc7
pVFr1mMDaNmOv5jfuc/DfO61gnUPfRZgBwvaO++rPbYZrXkjBLWrPYbIRQp5jlpm
zTACVQqTe8BI906UC2ra2FR67TWFMGjN2YI/u47/R/BLOLgztToslteCxZA=
-----END CERTIFICATE-----