Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e923b423-277b-46f1-ad11-0270458f2dd8.roa
File:                     e923b423-277b-46f1-ad11-0270458f2dd8.roa (raw, json)
Hash identifier:          CdOgnd5S+NLf5r2jEvBSbmWWxDVNa9eWJtE9dASJQTA=
Subject key identifier:   EB:BF:8E:68:08:DC:7B:65:48:B9:29:61:27:1C:56:FD:E8:40:18:3E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6F4A7C47CAAF03EF391AB082EFDB101790202E6B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e923b423-277b-46f1-ad11-0270458f2dd8.roa
Signing time:             Fri 10 Oct 2025 13:38:13 +0000
ROA not before:           Fri 10 Oct 2025 13:38:13 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        136.18.137.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:4a:7c:47:ca:af:03:ef:39:1a:b0:82:ef:db:10:17:90:20:2e:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 10 13:38:13 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=96f6a18014897c84a3e434d6ed1a31b200299b90d67af0ef7f2a0c3cf216f49f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:ed:a6:7a:14:29:16:f6:23:36:d8:d3:0f:5e:
                    e8:00:a3:fd:24:d9:55:f4:8f:72:81:2b:de:56:e4:
                    a7:c0:98:e8:67:27:12:7e:3e:46:99:71:4e:5c:9e:
                    ac:84:e6:8b:26:81:75:41:55:50:6d:53:10:aa:17:
                    f9:b5:2e:15:c4:8a:81:12:81:ed:ea:e0:a0:fc:c0:
                    92:76:b3:2a:a3:5f:7f:79:0d:50:63:1f:7f:11:cb:
                    f7:05:35:0e:ec:eb:fd:ec:87:65:67:59:c3:68:cb:
                    56:68:de:40:cd:79:9b:f4:65:94:1d:78:b3:94:3f:
                    1b:ad:3e:2d:45:13:f5:55:26:86:58:66:54:fe:84:
                    29:83:ac:47:6d:ff:45:a3:11:e6:07:1b:b4:d6:9c:
                    2c:ec:b9:77:f4:58:47:a3:d9:db:82:8d:c2:25:6b:
                    ad:60:a9:2b:39:96:f7:85:24:1b:b8:75:52:49:ab:
                    c7:a2:bc:87:71:63:3c:45:0e:cf:fc:5f:33:d6:2e:
                    bd:88:00:99:72:fd:90:90:eb:f6:29:7e:42:35:40:
                    74:e3:5d:e0:d7:68:c6:68:46:b7:ab:c9:df:6a:15:
                    5f:85:a3:04:8b:69:3d:9e:77:26:4d:08:fa:e3:9f:
                    10:c1:c2:87:ad:ca:79:70:8c:a9:90:36:c0:a0:e0:
                    45:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:BF:8E:68:08:DC:7B:65:48:B9:29:61:27:1C:56:FD:E8:40:18:3E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e923b423-277b-46f1-ad11-0270458f2dd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:89:7f:f9:1b:38:39:8d:c3:3b:a3:c9:79:70:a6:59:6f:00:
         f2:17:d8:03:fe:34:32:a0:5d:d5:cb:12:47:33:00:4b:b7:84:
         12:b7:9f:a9:30:84:33:ed:87:cb:a9:4d:85:6b:2f:d9:69:78:
         9d:64:c7:b9:b3:dd:ba:66:0c:42:f4:70:92:65:cb:67:71:da:
         a8:29:ea:6e:0d:ae:cf:58:07:63:e1:b6:35:05:cb:84:0d:9a:
         e4:98:5b:bd:32:c8:7d:c1:20:ce:76:b0:50:db:4b:97:7b:f7:
         6b:41:ef:b3:2c:0e:26:6a:35:23:f5:be:eb:13:68:f5:1f:78:
         b9:95:b8:93:97:f0:85:88:c1:fb:c6:64:94:18:b2:3d:13:1e:
         3f:bd:84:b7:6e:14:a0:fc:06:f6:93:fa:4a:96:ca:35:f2:64:
         79:a2:fa:22:16:57:be:43:01:b8:8e:75:10:d6:17:4e:55:e6:
         05:cc:f5:0d:84:66:09:eb:33:f7:0a:0d:1c:46:b1:b7:f1:67:
         32:e8:0c:ca:60:5e:77:b9:a6:1b:82:b6:a8:fa:20:2e:90:5a:
         7b:01:f0:97:f1:ee:64:8d:2b:a6:57:bd:f2:9d:bf:2d:ba:fe:
         a7:11:aa:e6:57:0d:d9:74:20:06:91:65:e7:e0:d6:fe:93:4b:
         fb:4a:5e:52
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUb0p8R8qvA+85GrCC79sQF5AgLmswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDEwMTMzODEzWhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NmY2YTE4MDE0ODk3Yzg0YTNlNDM0ZDZlZDFhMzFiMjAw
Mjk5YjkwZDY3YWYwZWY3ZjJhMGMzY2YyMTZmNDlmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDU7aZ6FCkW9iM22NMPXugAo/0k2VX0j3KBK95W5KfAmOhn
JxJ+PkaZcU5cnqyE5osmgXVBVVBtUxCqF/m1LhXEioESge3q4KD8wJJ2syqjX395
DVBjH38Ry/cFNQ7s6/3sh2VnWcNoy1Zo3kDNeZv0ZZQdeLOUPxutPi1FE/VVJoZY
ZlT+hCmDrEdt/0WjEeYHG7TWnCzsuXf0WEej2duCjcIla61gqSs5lveFJBu4dVJJ
q8eivIdxYzxFDs/8XzPWLr2IAJly/ZCQ6/YpfkI1QHTjXeDXaMZoRreryd9qFV+F
owSLaT2edyZNCPrjnxDBwoetynlwjKmQNsCg4EWnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU67+OaAjce2VIuSlhJxxW/ehAGD4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U5MjNiNDIzLTI3N2ItNDZmMS1hZDExLTAyNzA0NThmMmRkOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACIEokwDQYJKoZIhvcNAQELBQADggEBAMGJf/kbODmNwzujyXlwpllvAPIX
2AP+NDKgXdXLEkczAEu3hBK3n6kwhDPth8upTYVrL9lpeJ1kx7mz3bpmDEL0cJJl
y2dx2qgp6m4Nrs9YB2PhtjUFy4QNmuSYW70yyH3BIM52sFDbS5d792tB77MsDiZq
NSP1vusTaPUfeLmVuJOX8IWIwfvGZJQYsj0THj+9hLduFKD8BvaT+kqWyjXyZHmi
+iIWV75DAbiOdRDWF05V5gXM9Q2EZgnrM/cKDRxGsbfxZzLoDMpgXne5phuCtqj6
IC6QWnsB8Jfx7mSNK6ZXvfKdvy26/qcRquZXDdl0IAaRZefg1v6TS/tKXlI=
-----END CERTIFICATE-----