Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d87c2975-c322-4a99-8af6-32b0d3aa8fe8.roa
File:                     d87c2975-c322-4a99-8af6-32b0d3aa8fe8.roa (raw, json)
Hash identifier:          GBVC9CtBDPUkR1sLUOMaufKC4lFz5TrkeHCTFgSnG/k=
Subject key identifier:   2A:B2:BB:85:8B:E8:A3:90:92:9B:6B:1F:2B:08:F2:9F:F5:7D:42:42
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       18DBD7C33BC7ABE9FE157834CC0A14A83AA78F38
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d87c2975-c322-4a99-8af6-32b0d3aa8fe8.roa
Signing time:             Tue 30 Sep 2025 00:22:01 +0000
ROA not before:           Tue 30 Sep 2025 00:22:01 +0000
ROA not after:            Tue 04 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        192.43.176.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:db:d7:c3:3b:c7:ab:e9:fe:15:78:34:cc:0a:14:a8:3a:a7:8f:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 30 00:22:01 2025 GMT
            Not After : Nov  4 23:59:59 2025 GMT
        Subject: serialNumber=610b2b20bbf2ea278402e3b4b61966a73b6c6c110f7cadbfdad2b956a936f723, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:26:a0:c1:91:a4:8c:dc:26:76:a3:d1:de:03:
                    f2:53:1b:4c:9f:83:97:89:33:a3:ed:bd:a2:69:aa:
                    51:c1:44:a3:a9:54:22:80:68:e1:ac:ae:aa:76:54:
                    77:25:3e:e8:8e:f5:f1:74:88:ad:ae:a2:fd:de:9d:
                    1f:36:c7:21:83:3b:80:a2:5e:16:ae:31:b8:78:92:
                    2b:c2:85:1f:2c:8b:1c:2c:6b:0c:e3:cf:1f:85:0c:
                    3f:f4:c0:83:48:f8:48:7e:c5:81:90:9e:e6:c3:6b:
                    77:d3:b4:77:18:95:97:5a:6f:51:4f:ac:09:6c:8a:
                    c8:7a:bc:12:ff:ae:f3:bd:94:1b:e9:72:90:1b:92:
                    b9:5c:76:a6:37:63:d3:68:3e:0c:25:f1:a6:6e:03:
                    b3:1f:a5:25:ce:f4:78:fa:20:82:63:87:33:74:4a:
                    46:cc:b6:41:56:42:78:e3:f2:d6:55:99:a7:d7:7c:
                    f4:b6:70:73:b8:4b:30:6c:9f:ea:32:a1:a5:d5:16:
                    df:55:cb:37:5b:c7:eb:46:39:28:1f:9f:4c:56:5d:
                    ec:16:e9:f2:ca:9e:fe:0f:4f:73:fb:8f:03:96:5f:
                    0b:40:e0:d9:c2:cc:0e:6c:44:bd:b7:86:0e:04:74:
                    a4:c9:7b:3d:1f:6a:1a:96:81:86:41:83:00:db:d9:
                    39:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:B2:BB:85:8B:E8:A3:90:92:9B:6B:1F:2B:08:F2:9F:F5:7D:42:42
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d87c2975-c322-4a99-8af6-32b0d3aa8fe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.43.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         a0:82:8d:d8:56:bb:2e:6b:39:c3:f5:6c:59:fb:d0:35:39:db:
         e5:d0:be:a6:94:32:1f:4f:e7:e5:3d:15:49:d4:da:41:09:1e:
         64:ca:9e:ba:23:a5:0a:11:2c:9a:93:e6:be:b1:48:cf:a1:e5:
         52:81:92:f1:b5:8b:18:8f:bd:29:6c:c8:8d:b4:04:f0:fb:39:
         2d:fd:8a:bf:74:1f:5d:de:a8:bb:f4:24:27:63:c7:c2:17:41:
         cb:62:ed:44:b4:91:06:48:d5:8a:a3:bf:19:78:ed:f7:ec:b2:
         81:f5:c1:c7:77:73:5c:73:1e:dd:3a:d6:95:26:28:15:67:b1:
         a7:7c:6f:08:5a:d7:40:1a:f5:0e:28:dd:45:1b:aa:62:6c:a9:
         13:1d:91:0b:61:a0:36:65:b8:32:64:ab:3b:11:d0:a2:ea:8b:
         ba:68:36:0e:c1:d8:ec:f3:d6:62:0e:c2:69:e7:30:3d:3e:81:
         17:37:65:d5:a2:6a:b3:80:35:8c:c9:27:ca:c7:8d:fe:a6:45:
         aa:11:80:72:95:eb:a8:53:18:b3:3b:dd:f5:81:a3:ef:56:26:
         c3:80:a9:9c:79:18:8c:13:23:f8:7f:bd:30:e7:d9:ad:25:f2:
         f2:d7:90:99:22:d8:63:ee:97:05:61:6d:f7:e9:3a:d2:72:0d:
         67:0c:2a:ec
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGNvXwzvHq+n+FXg0zAoUqDqnjzgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTMwMDAyMjAxWhcNMjUxMTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MTBiMmIyMGJiZjJlYTI3ODQwMmUzYjRiNjE5NjZhNzNi
NmM2YzExMGY3Y2FkYmZkYWQyYjk1NmE5MzZmNzIzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIJqDBkaSM3CZ2o9HeA/JTG0yfg5eJM6PtvaJpqlHBRKOp
VCKAaOGsrqp2VHclPuiO9fF0iK2uov3enR82xyGDO4CiXhauMbh4kivChR8sixws
awzjzx+FDD/0wINI+Eh+xYGQnubDa3fTtHcYlZdab1FPrAlsish6vBL/rvO9lBvp
cpAbkrlcdqY3Y9NoPgwl8aZuA7MfpSXO9Hj6IIJjhzN0SkbMtkFWQnjj8tZVmafX
fPS2cHO4SzBsn+oyoaXVFt9Vyzdbx+tGOSgfn0xWXewW6fLKnv4PT3P7jwOWXwtA
4NnCzA5sRL23hg4EdKTJez0fahqWgYZBgwDb2TnpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKrK7hYvoo5CSm2sfKwjyn/V9QkIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q4N2MyOTc1LWMzMjItNGE5OS04YWY2LTMyYjBkM2FhOGZlOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPAK7AwDQYJKoZIhvcNAQELBQADggEBAKCCjdhWuy5rOcP1bFn70DU52+XQ
vqaUMh9P5+U9FUnU2kEJHmTKnrojpQoRLJqT5r6xSM+h5VKBkvG1ixiPvSlsyI20
BPD7OS39ir90H13eqLv0JCdjx8IXQcti7US0kQZI1Yqjvxl47ffssoH1wcd3c1xz
Ht061pUmKBVnsad8bwha10Aa9Q4o3UUbqmJsqRMdkQthoDZluDJkqzsR0KLqi7po
Ng7B2Ozz1mIOwmnnMD0+gRc3ZdWiarOANYzJJ8rHjf6mRaoRgHKV66hTGLM73fWB
o+9WJsOAqZx5GIwTI/h/vTDn2a0l8vLXkJki2GPulwVhbffpOtJyDWcMKuw=
-----END CERTIFICATE-----