Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af6f705d-216b-4740-bf54-76fd087029b6.roa
File:                     af6f705d-216b-4740-bf54-76fd087029b6.roa (raw, json)
Hash identifier:          QNzgCG2ZZuXNekFecY8PnBsOGg3W6bBr2hOp60tcVB4=
Subject key identifier:   F4:9F:A9:BC:B4:CF:CD:B4:3A:37:44:29:6D:83:CD:BA:65:BF:74:1D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7B0B61F0B02D10C66D41EC60723F0EE6DA93672B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af6f705d-216b-4740-bf54-76fd087029b6.roa
Signing time:             Tue 14 Oct 2025 00:41:55 +0000
ROA not before:           Tue 14 Oct 2025 00:41:55 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        130.176.144.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:0b:61:f0:b0:2d:10:c6:6d:41:ec:60:72:3f:0e:e6:da:93:67:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 00:41:55 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=69655b9c3370774734a24ada3bc0f4e72c3844498cff26bce4f722615a5f87a3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:3f:4b:e4:c2:9c:f5:8a:14:42:f0:2d:0e:42:
                    1a:cb:d2:12:9b:e9:b9:4c:9a:1c:07:b6:a0:d6:ba:
                    13:0c:4c:db:f6:db:41:75:61:6a:a5:7e:24:70:c1:
                    1a:50:cd:46:89:51:3c:e1:cb:22:ea:e9:cd:fb:26:
                    1c:e9:4a:98:4c:3e:5b:70:2c:70:9f:e5:a7:31:60:
                    94:9c:b9:f9:c5:c7:38:86:e6:ca:c8:c8:d2:94:fa:
                    ff:1a:73:43:be:25:99:ce:ea:37:bf:c7:4f:bf:36:
                    de:4a:76:dd:94:c0:4f:b0:aa:61:92:ba:fe:4c:29:
                    42:ea:f2:27:e3:dc:21:3a:6f:1b:3b:6d:a0:d5:f0:
                    7c:6a:03:1a:22:71:0e:fa:33:3e:81:ae:e4:0a:e6:
                    93:50:8d:5d:12:0c:ee:f0:0e:1d:c2:c2:a9:eb:ba:
                    35:f1:ec:0b:18:ef:52:82:23:fc:0d:c0:65:9e:05:
                    4c:79:dc:0c:81:96:8e:ed:4d:23:1e:02:54:57:94:
                    a1:f3:b2:65:c0:d2:ab:7f:e7:7f:1d:be:e6:b1:7c:
                    7e:9a:1a:4b:69:0b:d0:71:d4:aa:cb:b7:2c:1a:7c:
                    71:9f:64:85:03:5a:0a:1b:b6:b8:87:2d:64:72:dd:
                    40:a5:bc:e8:cc:d2:11:50:ce:3d:8a:b4:1b:ec:bd:
                    6f:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:9F:A9:BC:B4:CF:CD:B4:3A:37:44:29:6D:83:CD:BA:65:BF:74:1D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af6f705d-216b-4740-bf54-76fd087029b6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.176.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:00:e5:fd:27:b6:cd:fd:94:2b:fd:e9:25:5c:08:93:e8:68:
         2d:b8:73:4a:29:69:0a:cf:de:d4:98:a2:f3:d4:13:30:39:12:
         be:26:c4:78:30:cb:8f:0f:d3:5e:70:07:66:7c:9a:62:d7:84:
         a4:16:3e:f4:b2:1b:aa:e2:a5:71:25:0a:34:4d:54:5d:16:0c:
         d6:b5:74:c4:a3:3b:fb:18:30:59:b8:6d:48:36:60:73:5b:6b:
         40:11:e9:c6:b2:73:2a:d2:24:c1:58:30:61:c2:9e:eb:96:f0:
         1b:7f:97:1a:47:1d:18:d2:59:f7:56:f7:4d:60:93:e5:48:42:
         3c:f2:b2:d5:b0:da:0c:dd:a3:ca:8b:82:1e:4e:ef:fa:b4:ba:
         59:f0:f8:55:c9:a5:0f:ca:75:ec:39:0e:81:f7:17:62:10:68:
         ff:6c:3b:ee:23:e1:06:1e:b8:79:f7:0e:f2:ec:32:3e:60:de:
         ee:99:a2:07:62:8a:c7:1e:0d:70:eb:16:91:74:ec:f3:19:a5:
         ae:b8:b9:71:c1:71:ee:0f:80:fc:f9:7c:3e:03:24:66:03:65:
         2e:da:77:d6:2d:48:e1:0f:2e:32:5b:47:cb:fa:d6:4d:27:ee:
         d8:53:17:61:d1:40:15:05:b4:21:b7:80:a7:83:39:40:0a:6b:
         60:01:fc:97
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUewth8LAtEMZtQexgcj8O5tqTZyswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MDA0MTU1WhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A2OTY1NWI5YzMzNzA3NzQ3MzRhMjRhZGEzYmMwZjRlNzJj
Mzg0NDQ5OGNmZjI2YmNlNGY3MjI2MTVhNWY4N2EzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDaP0vkwpz1ihRC8C0OQhrL0hKb6blMmhwHtqDWuhMMTNv2
20F1YWqlfiRwwRpQzUaJUTzhyyLq6c37JhzpSphMPltwLHCf5acxYJScufnFxziG
5srIyNKU+v8ac0O+JZnO6je/x0+/Nt5Kdt2UwE+wqmGSuv5MKULq8ifj3CE6bxs7
baDV8HxqAxoicQ76Mz6BruQK5pNQjV0SDO7wDh3CwqnrujXx7AsY71KCI/wNwGWe
BUx53AyBlo7tTSMeAlRXlKHzsmXA0qt/538dvuaxfH6aGktpC9Bx1KrLtywafHGf
ZIUDWgobtriHLWRy3UClvOjM0hFQzj2KtBvsvW/pAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9J+pvLTPzbQ6N0QpbYPNumW/dB0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FmNmY3MDVkLTIxNmItNDc0MC1iZjU0LTc2ZmQwODcwMjliNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACCsJAwDQYJKoZIhvcNAQELBQADggEBAEUA5f0nts39lCv96SVcCJPoaC24
c0opaQrP3tSYovPUEzA5Er4mxHgwy48P015wB2Z8mmLXhKQWPvSyG6ripXElCjRN
VF0WDNa1dMSjO/sYMFm4bUg2YHNba0AR6caycyrSJMFYMGHCnuuW8Bt/lxpHHRjS
WfdW901gk+VIQjzystWw2gzdo8qLgh5O7/q0ulnw+FXJpQ/Kdew5DoH3F2IQaP9s
O+4j4QYeuHn3DvLsMj5g3u6ZogdiisceDXDrFpF07PMZpa64uXHBce4PgPz5fD4D
JGYDZS7ad9YtSOEPLjJbR8v61k0n7thTF2HRQBUFtCG3gKeDOUAKa2AB/Jc=
-----END CERTIFICATE-----