Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b0502478-c4a8-4717-9e70-a4097c476dd8.roa
File:                     b0502478-c4a8-4717-9e70-a4097c476dd8.roa (raw, json)
Hash identifier:          D1Zgf/j3ocHxty4XbM4YtP1aTCVIGpzaQUx8LH55DcM=
Subject key identifier:   5C:EC:62:25:28:0B:18:05:2B:AA:60:F2:CF:36:19:1F:D9:92:43:BF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1035D781B6C264300AB3159399FAE471B80B74A3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b0502478-c4a8-4717-9e70-a4097c476dd8.roa
Signing time:             Tue 14 Oct 2025 15:02:13 +0000
ROA not before:           Tue 14 Oct 2025 15:02:13 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        130.176.248.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:35:d7:81:b6:c2:64:30:0a:b3:15:93:99:fa:e4:71:b8:0b:74:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 15:02:13 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=655bc19c4862b85e4d3667cb69f73420786f863344647d6cb24413b7c6f36cd9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:8c:27:11:f5:2f:a5:20:fd:c8:7c:59:01:9a:
                    a3:5d:1f:c1:0c:ea:2e:52:2e:c4:ad:62:1b:ee:f7:
                    fd:f1:46:68:9e:b2:7f:d7:b0:90:d5:bb:47:51:96:
                    96:c9:0b:ff:cc:e8:e4:ef:01:a5:67:bd:b2:34:ba:
                    ee:23:c6:b8:4b:02:d5:4e:17:14:13:d0:07:22:23:
                    a6:cb:64:ee:70:d0:04:05:95:67:2a:59:a1:cf:8c:
                    ea:97:ee:c1:39:74:ff:a9:9c:a3:5d:d8:74:41:b5:
                    2b:b1:f5:9b:5b:da:21:ad:7f:55:12:be:82:10:28:
                    60:b7:70:1b:36:ed:c3:6b:20:e2:a2:1c:2c:bc:52:
                    d2:74:b7:c8:4d:d4:88:bb:08:90:32:51:ee:30:d0:
                    07:e6:b8:9b:ca:74:12:ef:58:55:f1:fd:c1:8a:81:
                    af:72:94:6a:dd:17:fd:cd:57:2c:e9:37:11:c7:39:
                    55:52:40:c9:5d:11:a1:26:b8:7f:08:75:f4:00:e0:
                    3f:22:ec:95:4f:7f:ba:60:5c:fb:bf:81:cf:47:5c:
                    02:3f:a7:5f:72:82:3a:1b:48:c0:33:f7:4b:50:3a:
                    bb:55:62:a8:66:a9:ba:09:73:5b:ad:3c:46:35:a7:
                    29:04:9b:c0:7f:2c:94:c9:1b:1d:42:7f:a6:3e:86:
                    a2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:EC:62:25:28:0B:18:05:2B:AA:60:F2:CF:36:19:1F:D9:92:43:BF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b0502478-c4a8-4717-9e70-a4097c476dd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.176.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:43:be:10:a3:cc:88:cc:64:ff:7b:0d:9a:1b:d9:b2:6e:c2:
         d2:a8:03:fe:57:28:2e:a4:00:e3:6d:4a:b2:07:38:6c:10:c4:
         f3:56:29:be:d1:eb:c9:36:28:17:c2:48:fe:57:19:86:e1:6f:
         48:13:eb:f4:f4:fb:19:ad:28:3e:eb:2d:eb:b6:37:51:05:39:
         7e:09:6c:78:96:87:ad:55:7b:22:56:d9:49:1a:b9:ec:2a:c1:
         77:5e:a5:cc:0e:90:4c:9b:4a:84:2e:6e:e3:eb:e6:67:48:a8:
         70:e2:fa:8f:d2:4b:0e:2d:df:79:19:b4:92:e1:cb:4f:fa:df:
         d0:d6:fe:a3:4b:ec:fc:3b:0d:96:cc:e1:e5:ed:94:59:38:5a:
         15:7c:21:21:3f:fc:76:d6:d2:41:d6:bb:9d:53:95:f3:d6:26:
         7e:76:47:6d:5d:fd:ee:da:d6:41:31:9d:86:4f:9c:1f:bd:db:
         92:c1:97:c9:06:bc:08:05:f9:dd:9e:db:89:5b:4d:c0:99:72:
         4a:ee:c1:5c:95:30:ff:b2:e6:6c:76:fb:33:7f:79:44:3d:5b:
         e0:fc:69:99:ec:0c:74:ba:2c:cd:58:21:46:f8:b6:de:5e:bb:
         56:e8:10:ed:d3:17:80:17:1d:bb:e3:ff:eb:af:1d:6d:02:54:
         e4:37:08:1b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEDXXgbbCZDAKsxWTmfrkcbgLdKMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTUwMjEzWhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NTViYzE5YzQ4NjJiODVlNGQzNjY3Y2I2OWY3MzQyMDc4
NmY4NjMzNDQ2NDdkNmNiMjQ0MTNiN2M2ZjM2Y2Q5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBjCcR9S+lIP3IfFkBmqNdH8EM6i5SLsStYhvu9/3xRmie
sn/XsJDVu0dRlpbJC//M6OTvAaVnvbI0uu4jxrhLAtVOFxQT0AciI6bLZO5w0AQF
lWcqWaHPjOqX7sE5dP+pnKNd2HRBtSux9Ztb2iGtf1USvoIQKGC3cBs27cNrIOKi
HCy8UtJ0t8hN1Ii7CJAyUe4w0AfmuJvKdBLvWFXx/cGKga9ylGrdF/3NVyzpNxHH
OVVSQMldEaEmuH8IdfQA4D8i7JVPf7pgXPu/gc9HXAI/p19ygjobSMAz90tQOrtV
YqhmqboJc1utPEY1pykEm8B/LJTJGx1Cf6Y+hqL5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXOxiJSgLGAUrqmDyzzYZH9mSQ78wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IwNTAyNDc4LWM0YTgtNDcxNy05ZTcwLWE0MDk3YzQ3NmRkOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACCsPgwDQYJKoZIhvcNAQELBQADggEBAIVDvhCjzIjMZP97DZob2bJuwtKo
A/5XKC6kAONtSrIHOGwQxPNWKb7R68k2KBfCSP5XGYbhb0gT6/T0+xmtKD7rLeu2
N1EFOX4JbHiWh61VeyJW2UkauewqwXdepcwOkEybSoQubuPr5mdIqHDi+o/SSw4t
33kZtJLhy0/639DW/qNL7Pw7DZbM4eXtlFk4WhV8ISE//HbW0kHWu51TlfPWJn52
R21d/e7a1kExnYZPnB+925LBl8kGvAgF+d2e24lbTcCZckruwVyVMP+y5mx2+zN/
eUQ9W+D8aZnsDHS6LM1YIUb4tt5eu1boEO3TF4AXHbvj/+uvHW0CVOQ3CBs=
-----END CERTIFICATE-----