Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/be0b4385-e6e3-4b26-93ea-7be9fbf3734e.roa
File:                     be0b4385-e6e3-4b26-93ea-7be9fbf3734e.roa (raw, json)
Hash identifier:          hTkzzDTWSYwAUlCGwmNPlJYYa7BgUimwjeYUnRyeHb0=
Subject key identifier:   D1:00:C9:3B:55:F0:EF:EE:37:BA:C4:6C:66:EA:36:C4:00:E4:CA:31
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1E8CBD5BC2C80392DB69AFD6B9C1203AFFF15DEF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/be0b4385-e6e3-4b26-93ea-7be9fbf3734e.roa
Signing time:             Mon 29 Sep 2025 15:13:32 +0000
ROA not before:           Mon 29 Sep 2025 15:13:32 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        142.4.178.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:8c:bd:5b:c2:c8:03:92:db:69:af:d6:b9:c1:20:3a:ff:f1:5d:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 29 15:13:32 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=d84209ff6b90091720cf5f0f10f70728ffef7d11b47e4e4c32b1113a85d348c0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:7d:cd:5a:4e:0f:ea:0a:1f:ea:6e:ef:f3:ab:
                    09:44:a0:32:d1:c0:4f:1e:05:1a:76:78:f7:a0:d4:
                    f6:cf:87:16:78:9f:14:71:30:b0:91:96:c8:be:55:
                    e9:49:d4:e8:13:aa:fb:2c:6d:f4:d9:aa:7d:03:5f:
                    50:47:c9:25:ca:3c:73:9c:b9:fc:9b:fe:7d:1c:31:
                    b0:9c:b1:0b:e2:cc:18:7c:a7:f7:7d:1b:ad:14:f6:
                    ee:ee:c5:a2:c7:d4:f9:75:42:86:10:34:ca:47:61:
                    92:50:34:7c:94:41:35:87:2f:6e:79:67:a7:fd:3f:
                    82:09:6a:08:32:49:ce:2d:34:79:ca:3b:86:af:9a:
                    c9:36:1d:78:24:57:2a:3b:bb:b8:4b:d6:a7:d5:0e:
                    bd:12:c1:d1:89:ab:6a:c0:36:fa:48:26:4e:34:84:
                    38:c5:b8:21:c2:24:30:bc:1b:f4:53:d2:7c:d6:cd:
                    99:34:9f:a3:62:fe:3f:3d:6f:77:29:fe:27:dd:b2:
                    71:48:04:8c:6f:98:ee:b9:37:fa:53:42:1f:90:0d:
                    b1:fa:b7:96:c8:72:3d:4a:99:30:5e:7a:05:09:b1:
                    e8:ee:3f:fb:18:6b:2d:ba:46:5a:f7:28:3e:2a:72:
                    b9:e7:6c:4c:e1:d0:d8:fd:86:27:42:9e:0c:6d:ed:
                    32:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:00:C9:3B:55:F0:EF:EE:37:BA:C4:6C:66:EA:36:C4:00:E4:CA:31
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/be0b4385-e6e3-4b26-93ea-7be9fbf3734e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  142.4.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:49:c9:72:fe:5f:a9:aa:3b:7a:c8:c2:21:9a:e7:6c:f8:8f:
         46:08:7e:87:60:e8:9c:5f:19:7c:13:d0:ab:ab:81:8b:5e:d5:
         87:35:78:ec:2e:50:6f:94:b2:3b:04:a9:48:da:aa:a4:16:27:
         7f:ca:89:6f:e9:79:be:bb:e9:5d:c9:9f:74:53:ae:59:4d:da:
         09:b5:64:d4:c5:3e:62:97:a8:47:ca:06:3d:12:1f:96:20:d2:
         56:56:e4:0a:39:3e:26:17:18:a5:8e:59:3f:88:9e:f3:d4:64:
         3c:ac:08:e0:fe:22:1f:de:cd:02:e0:43:95:b1:a8:22:ce:c3:
         02:e3:10:f8:b0:79:2b:da:ea:66:ce:b5:49:d2:88:ea:f7:64:
         f9:74:da:63:b7:fb:4a:05:92:55:3e:a8:79:56:e1:3d:e1:22:
         6e:f9:1c:18:00:fd:16:1b:b9:fc:5c:33:17:95:d4:58:66:a4:
         6a:c8:1b:68:a5:4c:fa:90:9e:e4:16:d1:98:ae:85:94:83:4d:
         f3:bf:13:34:ac:60:4b:df:22:e5:56:3c:3d:ac:bb:0f:eb:35:
         d7:ff:24:82:a8:e2:24:a0:9c:bd:04:2f:96:c1:91:f1:b1:58:
         8c:05:2a:95:96:f5:80:1c:8c:f1:81:82:61:97:7f:b9:e8:5a:
         bc:ee:5a:f7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHoy9W8LIA5Lbaa/WucEgOv/xXe8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI5MTUxMzMyWhcNMjUxMTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkODQyMDlmZjZiOTAwOTE3MjBjZjVmMGYxMGY3MDcyOGZm
ZWY3ZDExYjQ3ZTRlNGMzMmIxMTEzYTg1ZDM0OGMwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCFfc1aTg/qCh/qbu/zqwlEoDLRwE8eBRp2ePeg1PbPhxZ4
nxRxMLCRlsi+VelJ1OgTqvssbfTZqn0DX1BHySXKPHOcufyb/n0cMbCcsQvizBh8
p/d9G60U9u7uxaLH1Pl1QoYQNMpHYZJQNHyUQTWHL255Z6f9P4IJaggySc4tNHnK
O4avmsk2HXgkVyo7u7hL1qfVDr0SwdGJq2rANvpIJk40hDjFuCHCJDC8G/RT0nzW
zZk0n6Ni/j89b3cp/ifdsnFIBIxvmO65N/pTQh+QDbH6t5bIcj1KmTBeegUJseju
P/sYay26Rlr3KD4qcrnnbEzh0Nj9hidCngxt7TLRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0QDJO1Xw7+43usRsZuo2xADkyjEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JlMGI0Mzg1LWU2ZTMtNGIyNi05M2VhLTdiZTlmYmYzNzM0ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACOBLIwDQYJKoZIhvcNAQELBQADggEBAAZJyXL+X6mqO3rIwiGa52z4j0YI
fodg6JxfGXwT0KurgYte1Yc1eOwuUG+UsjsEqUjaqqQWJ3/KiW/peb676V3Jn3RT
rllN2gm1ZNTFPmKXqEfKBj0SH5Yg0lZW5Ao5PiYXGKWOWT+InvPUZDysCOD+Ih/e
zQLgQ5WxqCLOwwLjEPiweSva6mbOtUnSiOr3ZPl02mO3+0oFklU+qHlW4T3hIm75
HBgA/RYbufxcMxeV1FhmpGrIG2ilTPqQnuQW0ZiuhZSDTfO/EzSsYEvfIuVWPD2s
uw/rNdf/JIKo4iSgnL0EL5bBkfGxWIwFKpWW9YAcjPGBgmGXf7noWrzuWvc=
-----END CERTIFICATE-----