Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c7e48273-d97f-45e2-9820-48c08d0db4f5.roa
File:                     c7e48273-d97f-45e2-9820-48c08d0db4f5.roa (raw, json)
Hash identifier:          Aj34AKd8O2fLhhZiP0FRqoeyXCfqbTd1DKKn8MTgPw4=
Subject key identifier:   90:7B:B9:91:5F:7D:5A:1C:60:2F:F8:43:92:D9:30:5E:50:7F:07:08
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1E6DBD3887468BD5F0F38FB31156F2646DCC94F4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c7e48273-d97f-45e2-9820-48c08d0db4f5.roa
Signing time:             Tue 07 Oct 2025 00:12:35 +0000
ROA not before:           Tue 07 Oct 2025 00:12:35 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.18.254.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:6d:bd:38:87:46:8b:d5:f0:f3:8f:b3:11:56:f2:64:6d:cc:94:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:12:35 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=704a59e16fe0f14d1ade3ae377983aba49409854a4cedd1d89d312ceb038b38e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:e3:f0:82:db:22:2b:5c:e2:a2:c6:e2:9c:47:
                    59:a3:cd:72:90:4e:7a:66:1e:f0:90:fd:ba:4d:df:
                    7c:40:67:f7:dd:dc:50:53:90:df:6c:86:79:8a:f3:
                    b2:98:98:2d:4b:1e:15:a4:68:17:fd:a4:0b:ec:0b:
                    d3:89:e7:25:04:45:00:9d:2d:21:eb:5a:a5:1e:a8:
                    66:10:e3:6f:75:6a:69:a2:18:2a:66:e6:a0:3f:69:
                    ec:f2:fe:2a:3d:24:ed:6a:d6:9a:53:97:b3:4c:71:
                    29:b3:51:47:7c:a5:ef:bd:4a:34:da:af:4d:25:46:
                    11:e2:bd:a8:7d:b1:ad:f8:83:6d:93:db:64:9e:c5:
                    fa:2b:d8:75:00:9c:33:b5:1a:1a:73:77:2a:38:3e:
                    3e:c4:79:5e:7f:65:6a:31:c8:be:49:28:7f:1e:a7:
                    f5:50:b1:dc:19:50:da:67:16:fd:6d:78:b6:d0:d8:
                    d3:4f:40:0f:03:72:ee:0a:1b:01:d0:ab:b1:1e:e9:
                    25:41:7f:02:3a:d8:e3:6c:80:9d:e0:e7:aa:5e:fd:
                    5d:a1:18:ce:0f:55:3e:fc:5d:dd:98:7a:16:0a:84:
                    1e:97:e3:87:ac:ce:49:24:68:d6:f4:3f:06:4e:c8:
                    7f:ec:56:86:71:40:a4:e8:42:c8:90:fc:76:67:f3:
                    9b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:7B:B9:91:5F:7D:5A:1C:60:2F:F8:43:92:D9:30:5E:50:7F:07:08
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c7e48273-d97f-45e2-9820-48c08d0db4f5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:f9:54:4b:f8:6e:9c:00:c0:88:c4:de:15:15:d4:49:0d:03:
         4e:74:0a:67:63:80:c6:79:b2:01:e0:66:b9:31:98:3c:94:a2:
         3e:1e:e4:ea:58:d1:07:21:1f:b6:97:e0:3f:3b:f0:48:d8:1b:
         16:ce:f1:b1:52:f6:fe:bf:86:87:21:b2:96:a3:b3:8d:23:d1:
         e1:71:56:2f:b1:be:a2:a3:56:44:9e:2b:18:3f:b2:02:bc:91:
         88:03:2d:b9:d2:5e:b8:1c:41:19:07:db:99:ee:a2:e9:aa:15:
         16:b3:2c:93:26:27:77:f5:d0:e2:66:26:57:92:f6:4e:03:17:
         62:ac:82:b0:fd:b9:19:e5:35:dd:2f:4b:3f:8b:f4:da:7d:34:
         30:1e:99:fb:e3:0e:7f:41:9e:79:52:fd:94:9a:e4:b7:7e:54:
         be:20:8a:6f:f3:90:08:af:e2:41:ff:e6:4a:96:8a:f7:0f:ff:
         de:23:7f:1f:ad:f6:e8:52:ec:f3:1b:f7:19:8d:87:af:4a:9b:
         37:44:18:e8:13:66:56:0b:88:5b:6d:f9:d3:35:2b:b2:13:8f:
         a8:76:76:0d:84:c0:c1:4f:94:5c:7d:d7:93:38:df:4d:87:58:
         59:b2:d8:06:3c:da:e0:d6:d3:17:aa:eb:a6:b6:df:fb:43:a4:
         19:62:51:ce
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHm29OIdGi9Xw84+zEVbyZG3MlPQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDAxMjM1WhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0A3MDRhNTllMTZmZTBmMTRkMWFkZTNhZTM3Nzk4M2FiYTQ5
NDA5ODU0YTRjZWRkMWQ4OWQzMTJjZWIwMzhiMzhlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDV4/CC2yIrXOKixuKcR1mjzXKQTnpmHvCQ/bpN33xAZ/fd
3FBTkN9shnmK87KYmC1LHhWkaBf9pAvsC9OJ5yUERQCdLSHrWqUeqGYQ4291ammi
GCpm5qA/aezy/io9JO1q1ppTl7NMcSmzUUd8pe+9SjTar00lRhHivah9sa34g22T
22Sexfor2HUAnDO1Ghpzdyo4Pj7EeV5/ZWoxyL5JKH8ep/VQsdwZUNpnFv1teLbQ
2NNPQA8Dcu4KGwHQq7Ee6SVBfwI62ONsgJ3g56pe/V2hGM4PVT78Xd2YehYKhB6X
44eszkkkaNb0PwZOyH/sVoZxQKToQsiQ/HZn85vhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkHu5kV99WhxgL/hDktkwXlB/BwgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M3ZTQ4MjczLWQ5N2YtNDVlMi05ODIwLTQ4YzA4ZDBkYjRmNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACIEv4wDQYJKoZIhvcNAQELBQADggEBAIT5VEv4bpwAwIjE3hUV1EkNA050
CmdjgMZ5sgHgZrkxmDyUoj4e5OpY0QchH7aX4D878EjYGxbO8bFS9v6/hochspaj
s40j0eFxVi+xvqKjVkSeKxg/sgK8kYgDLbnSXrgcQRkH25nuoumqFRazLJMmJ3f1
0OJmJleS9k4DF2KsgrD9uRnlNd0vSz+L9Np9NDAemfvjDn9BnnlS/ZSa5Ld+VL4g
im/zkAiv4kH/5kqWivcP/94jfx+t9uhS7PMb9xmNh69KmzdEGOgTZlYLiFtt+dM1
K7ITj6h2dg2EwMFPlFx915M4302HWFmy2AY82uDW0xeq66a23/tDpBliUc4=
-----END CERTIFICATE-----