Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8dca2ec-87e2-4014-a5ad-0affc06c2cc6.roa
File:                     d8dca2ec-87e2-4014-a5ad-0affc06c2cc6.roa (raw, json)
Hash identifier:          o/aGXD9jvoMa1udFNAuiAlr/svMD29TFcCuawlTOFno=
Subject key identifier:   A8:04:3E:D0:CE:5F:4C:CD:2C:98:40:78:25:A9:4D:88:8A:93:E4:AD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5CD948C0BBCA4D0A19D11A74AE1A41AC9F906F36
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8dca2ec-87e2-4014-a5ad-0affc06c2cc6.roa
Signing time:             Sat 27 Sep 2025 00:40:35 +0000
ROA not before:           Sat 27 Sep 2025 00:40:35 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        76.223.163.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:d9:48:c0:bb:ca:4d:0a:19:d1:1a:74:ae:1a:41:ac:9f:90:6f:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 27 00:40:35 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=8518222a1d40e2165290a8091e20c87dd901c7b89b19df5fa82577271ce8aa2f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:29:c2:b2:33:72:39:aa:9a:19:09:f9:2d:cf:
                    41:f9:4c:3e:81:14:3d:82:2a:6d:ac:a0:de:95:5f:
                    90:2b:36:fa:60:ec:b5:a7:ce:f1:53:f6:76:bf:f9:
                    82:2a:4e:c3:cb:36:21:73:44:82:de:2d:fd:86:05:
                    71:fe:e8:d2:dc:03:23:0c:32:61:98:4c:3a:47:b1:
                    9d:12:f0:ad:4f:07:1f:b6:27:94:6a:c4:e3:8d:93:
                    16:2b:77:d0:20:cd:81:bc:ec:e6:97:87:cd:e1:8a:
                    7b:c5:f6:32:9c:12:9a:29:54:ce:fd:ef:31:20:53:
                    8a:95:d3:bb:5b:cf:2d:d8:27:63:dc:06:d6:7b:c4:
                    df:b5:1a:e4:ba:2b:50:56:3e:c3:97:1f:9b:41:66:
                    1a:4b:f4:33:61:f5:8c:03:88:2b:69:25:02:c7:ef:
                    fe:c6:27:56:e5:89:f9:3f:63:0f:86:66:e0:0b:b3:
                    9c:2d:93:86:d2:aa:8b:81:d8:b4:21:de:d1:a8:51:
                    de:bd:9b:43:11:a8:7e:59:0f:64:23:5b:92:52:cd:
                    8a:00:fb:68:cb:2a:ae:e4:f1:6c:e4:81:e3:b6:a3:
                    d2:24:96:d4:c3:34:76:80:3a:cd:96:d3:9c:59:96:
                    d8:35:91:3d:b7:38:9d:d1:e4:fb:e6:1a:0f:ff:cd:
                    85:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:04:3E:D0:CE:5F:4C:CD:2C:98:40:78:25:A9:4D:88:8A:93:E4:AD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8dca2ec-87e2-4014-a5ad-0affc06c2cc6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.223.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:45:54:36:91:97:f2:62:26:89:20:c2:12:05:6d:4a:52:e4:
         1f:b3:81:1e:6d:a6:c3:56:8e:ec:b4:cc:c0:91:ea:41:60:f9:
         e7:5e:1c:1c:64:45:52:ee:a9:ef:ed:48:3b:63:53:12:33:6b:
         bd:17:d1:fe:45:32:78:c8:c0:45:a2:0b:bf:d0:8c:09:ec:fe:
         93:d6:61:27:d6:42:dc:2a:85:24:ae:3e:d4:c5:a6:be:ba:78:
         5e:aa:b8:ad:08:f7:1a:37:a1:26:e7:de:9d:b3:d1:77:c4:79:
         80:65:01:dc:52:52:cb:5e:f3:fb:0b:57:44:4f:51:df:2c:f4:
         f9:5a:7f:f3:a9:b0:a9:7b:9d:b0:61:26:00:b2:84:92:bf:08:
         67:a3:7a:61:d3:1a:20:de:f3:9f:b9:3f:79:db:33:f6:d2:09:
         d7:3a:31:00:8d:87:d0:d8:a2:62:5b:cd:7d:4c:25:8f:c4:c1:
         e5:9e:23:bd:38:6c:aa:4c:6d:f7:a8:92:5e:4f:91:22:19:ce:
         eb:05:fa:83:43:73:35:36:9e:11:62:e0:ac:98:94:8b:9f:7e:
         2d:82:66:36:07:8e:e1:34:81:3a:03:4c:bc:93:65:32:3a:35:
         02:5a:9f:08:ca:16:1e:cf:ad:63:fc:b5:bb:77:5d:fe:a1:90:
         3b:63:92:91
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXNlIwLvKTQoZ0Rp0rhpBrJ+QbzYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI3MDA0MDM1WhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NTE4MjIyYTFkNDBlMjE2NTI5MGE4MDkxZTIwYzg3ZGQ5
MDFjN2I4OWIxOWRmNWZhODI1NzcyNzFjZThhYTJmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyKcKyM3I5qpoZCfktz0H5TD6BFD2CKm2soN6VX5ArNvpg
7LWnzvFT9na/+YIqTsPLNiFzRILeLf2GBXH+6NLcAyMMMmGYTDpHsZ0S8K1PBx+2
J5RqxOONkxYrd9AgzYG87OaXh83hinvF9jKcEpopVM797zEgU4qV07tbzy3YJ2Pc
BtZ7xN+1GuS6K1BWPsOXH5tBZhpL9DNh9YwDiCtpJQLH7/7GJ1blifk/Yw+GZuAL
s5wtk4bSqouB2LQh3tGoUd69m0MRqH5ZD2QjW5JSzYoA+2jLKq7k8WzkgeO2o9Ik
ltTDNHaAOs2W05xZltg1kT23OJ3R5PvmGg//zYXBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqAQ+0M5fTM0smEB4JalNiIqT5K0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q4ZGNhMmVjLTg3ZTItNDAxNC1hNWFkLTBhZmZjMDZjMmNjNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABM36MwDQYJKoZIhvcNAQELBQADggEBABRFVDaRl/JiJokgwhIFbUpS5B+z
gR5tpsNWjuy0zMCR6kFg+edeHBxkRVLuqe/tSDtjUxIza70X0f5FMnjIwEWiC7/Q
jAns/pPWYSfWQtwqhSSuPtTFpr66eF6quK0I9xo3oSbn3p2z0XfEeYBlAdxSUste
8/sLV0RPUd8s9Plaf/OpsKl7nbBhJgCyhJK/CGejemHTGiDe85+5P3nbM/bSCdc6
MQCNh9DYomJbzX1MJY/EweWeI704bKpMbfeokl5PkSIZzusF+oNDczU2nhFi4KyY
lIuffi2CZjYHjuE0gToDTLyTZTI6NQJanwjKFh7PrWP8tbt3Xf6hkDtjkpE=
-----END CERTIFICATE-----