Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b9a72d57-ebe4-4db0-a4c4-fff7925276ef.roa
File:                     b9a72d57-ebe4-4db0-a4c4-fff7925276ef.roa (raw, json)
Hash identifier:          DW83/mlnXNB4dsQtwhz76axJuyuS2Wmj8dOtF/YK2zY=
Subject key identifier:   61:B8:90:DF:14:78:E2:BD:3B:61:EE:5A:BA:9D:14:54:9E:E4:7F:42
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       233B31612763F8CEDC2924CD5665E6C9CF993BED
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b9a72d57-ebe4-4db0-a4c4-fff7925276ef.roa
Signing time:             Sat 11 Oct 2025 00:21:13 +0000
ROA not before:           Sat 11 Oct 2025 00:21:13 +0000
ROA not after:            Sat 15 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        115.176.192.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:3b:31:61:27:63:f8:ce:dc:29:24:cd:56:65:e6:c9:cf:99:3b:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 11 00:21:13 2025 GMT
            Not After : Nov 15 23:59:59 2025 GMT
        Subject: serialNumber=1ede7dd598c4bdf96dae4e9b1820139644bf47793627645f988c6fe16943b38a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:09:3e:13:f1:9f:d7:48:9c:26:08:72:64:27:
                    fb:22:f3:12:21:06:6d:ad:64:85:e4:c1:cb:bc:f0:
                    3a:96:f8:3c:39:4b:9b:42:1b:9c:50:28:16:ea:c2:
                    cd:af:f3:73:88:5a:84:fc:aa:fe:5b:67:4a:a1:32:
                    6e:90:d7:78:da:7d:f1:56:25:c6:7a:91:e0:d9:38:
                    fc:9d:88:91:95:c0:cd:5e:96:25:fd:16:2b:5e:d9:
                    5f:b3:57:05:2f:ca:bd:5f:4a:c7:62:9c:46:89:94:
                    a2:7e:29:18:88:34:7f:0c:bd:ba:cf:f7:c7:1d:e3:
                    92:ee:c0:7f:7e:79:3a:1c:23:a5:bf:9a:b7:f0:01:
                    82:87:31:e3:61:ad:3d:fe:2e:e2:7e:86:67:d4:f9:
                    87:be:3c:65:5e:19:73:67:7a:68:95:75:2e:7d:d9:
                    d3:5e:ae:93:56:0a:67:8d:84:3c:2a:24:9f:3f:47:
                    bc:f4:6f:09:a3:a9:03:99:95:fe:4b:fe:1d:b5:1c:
                    4a:e5:ec:dc:cc:eb:89:a4:8b:58:0a:77:6e:67:6d:
                    59:63:03:a1:c5:43:37:c0:5d:20:c3:47:c5:22:b3:
                    c7:91:cf:a6:06:b9:69:a9:76:20:73:c8:3f:f9:95:
                    4c:be:45:67:59:01:06:40:8c:3b:d9:de:d7:fc:7d:
                    b9:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:B8:90:DF:14:78:E2:BD:3B:61:EE:5A:BA:9D:14:54:9E:E4:7F:42
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b9a72d57-ebe4-4db0-a4c4-fff7925276ef.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  115.176.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         47:24:f2:62:89:68:bf:36:12:cb:bf:b7:57:90:e4:53:50:5a:
         16:1d:3a:5f:6e:87:ae:5a:84:08:59:92:1c:85:de:85:0c:cb:
         b2:68:7f:d6:67:5f:db:06:f5:22:a6:19:91:37:8c:b9:0b:05:
         ec:d9:6f:e4:1c:d7:d3:03:8d:77:29:d8:4f:62:d7:6c:68:6c:
         7c:64:05:36:d7:71:b8:b0:69:57:62:83:38:e7:3d:f0:00:54:
         67:76:4f:a7:1e:7f:68:a9:37:ff:d2:af:bc:17:93:bc:e2:ba:
         1a:c1:ac:73:2b:6b:c5:a3:5d:44:c2:36:e3:62:f8:6f:01:aa:
         81:98:f7:ef:9f:7c:2f:88:a1:79:f9:e5:d9:76:27:ab:b8:64:
         eb:72:4e:d4:95:50:99:68:f5:89:4a:43:f9:f5:4e:ac:93:10:
         bb:4f:d5:11:40:5a:4f:3d:1a:ef:70:5b:c1:fa:b3:e3:00:62:
         b3:95:34:e8:cc:f1:80:af:ad:bb:a2:95:e5:d8:9a:78:be:2c:
         58:97:fe:29:49:cc:38:6f:f1:7f:f7:ab:de:f5:9a:35:1d:20:
         df:48:3c:59:ce:42:8d:2f:26:42:8a:54:e1:b2:ce:e7:b6:e8:
         8a:cd:33:dd:4d:40:7d:bb:df:71:98:e2:b0:95:84:84:33:b7:
         b9:5c:29:37
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIzsxYSdj+M7cKSTNVmXmyc+ZO+0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDExMDAyMTEzWhcNMjUxMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZWRlN2RkNTk4YzRiZGY5NmRhZTRlOWIxODIwMTM5NjQ0
YmY0Nzc5MzYyNzY0NWY5ODhjNmZlMTY5NDNiMzhhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLCT4T8Z/XSJwmCHJkJ/si8xIhBm2tZIXkwcu88DqW+Dw5
S5tCG5xQKBbqws2v83OIWoT8qv5bZ0qhMm6Q13jaffFWJcZ6keDZOPydiJGVwM1e
liX9Fite2V+zVwUvyr1fSsdinEaJlKJ+KRiINH8MvbrP98cd45LuwH9+eTocI6W/
mrfwAYKHMeNhrT3+LuJ+hmfU+Ye+PGVeGXNnemiVdS592dNerpNWCmeNhDwqJJ8/
R7z0bwmjqQOZlf5L/h21HErl7NzM64mki1gKd25nbVljA6HFQzfAXSDDR8Uis8eR
z6YGuWmpdiBzyD/5lUy+RWdZAQZAjDvZ3tf8fbkxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYbiQ3xR44r07Ye5aup0UVJ7kf0IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I5YTcyZDU3LWViZTQtNGRiMC1hNGM0LWZmZjc5MjUyNzZlZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZzsMAwDQYJKoZIhvcNAQELBQADggEBAEck8mKJaL82Esu/t1eQ5FNQWhYd
Ol9uh65ahAhZkhyF3oUMy7Jof9ZnX9sG9SKmGZE3jLkLBezZb+Qc19MDjXcp2E9i
12xobHxkBTbXcbiwaVdigzjnPfAAVGd2T6cef2ipN//Sr7wXk7ziuhrBrHMra8Wj
XUTCNuNi+G8BqoGY9++ffC+IoXn55dl2J6u4ZOtyTtSVUJlo9YlKQ/n1TqyTELtP
1RFAWk89Gu9wW8H6s+MAYrOVNOjM8YCvrbuileXYmni+LFiX/ilJzDhv8X/3q971
mjUdIN9IPFnOQo0vJkKKVOGyzue26IrNM91NQH2733GY4rCVhIQzt7lcKTc=
-----END CERTIFICATE-----