Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f9f6b130-b872-44a5-81fd-7378d400647c.roa
File:                     f9f6b130-b872-44a5-81fd-7378d400647c.roa (raw, json)
Hash identifier:          lPt0xGh9Sg7hl7EZhjr5uI3w/ICRJhk5hn/1qUPtu5s=
Subject key identifier:   A1:92:46:56:14:4E:ED:BA:99:F8:D4:34:66:9C:79:37:38:68:63:8C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       20BBCC62D1211C27627B6FB5B8180598857A280D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f9f6b130-b872-44a5-81fd-7378d400647c.roa
Signing time:             Tue 30 Sep 2025 00:01:13 +0000
ROA not before:           Tue 30 Sep 2025 00:01:13 +0000
ROA not after:            Tue 04 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.2.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:bb:cc:62:d1:21:1c:27:62:7b:6f:b5:b8:18:05:98:85:7a:28:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 30 00:01:13 2025 GMT
            Not After : Nov  4 23:59:59 2025 GMT
        Subject: serialNumber=2cde73eb6e53444b885b0018a14c870bd283118da2055d6b3199f27bbc439704, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:30:33:fd:4e:ed:93:0c:1b:64:2e:f9:0d:ee:
                    31:c2:88:74:74:0d:90:07:84:af:ce:05:2a:f1:25:
                    29:84:a1:8b:ee:a7:30:98:29:5f:7f:28:2a:dd:c0:
                    ce:8f:59:53:7d:d4:a8:85:80:30:4c:1c:83:f0:78:
                    09:26:c6:21:5f:6e:d7:85:59:4f:f9:1e:e1:37:29:
                    12:e7:d6:6b:3a:c9:05:90:1b:6e:b1:07:2f:09:14:
                    12:8d:73:0c:dd:b8:5e:ff:f5:a5:9e:3b:95:62:0f:
                    18:a3:d7:61:6c:c1:1a:7a:45:73:d0:e3:ed:e3:7c:
                    99:95:ad:83:74:d0:4a:db:32:aa:c6:d7:1d:f2:45:
                    5a:6c:bf:8f:fa:0c:b8:2f:d2:1f:06:29:24:c1:c0:
                    22:65:e0:18:cb:20:49:7e:b0:e1:f1:61:be:c7:c2:
                    a2:83:9b:d4:21:1c:76:6b:fb:5a:35:d9:66:87:f0:
                    5f:20:0e:03:b4:9d:68:fc:27:6a:97:ac:5e:d0:c4:
                    d2:47:a4:b3:99:97:0c:0a:6d:c1:89:db:e8:12:0b:
                    f2:b7:51:cc:28:1d:e4:3e:b8:54:07:20:cd:c2:62:
                    bf:8b:be:a9:16:ce:08:cb:3a:b1:db:cd:96:8b:38:
                    a7:d9:7e:56:eb:11:51:ae:99:0a:d3:87:7d:de:46:
                    7f:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:92:46:56:14:4E:ED:BA:99:F8:D4:34:66:9C:79:37:38:68:63:8C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f9f6b130-b872-44a5-81fd-7378d400647c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.2.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         09:32:b2:8f:66:3f:49:1a:a3:6e:53:78:c7:57:28:ea:31:5a:
         63:ac:79:e4:ce:3c:d7:87:23:4b:5a:f9:ff:d2:55:ca:e9:05:
         1c:a8:b9:d5:85:91:68:ee:af:6e:eb:b0:b1:9f:bd:27:9f:13:
         39:9f:6f:0c:52:61:2c:d1:bb:d8:ae:99:22:10:1d:7d:c1:c9:
         e0:2e:7a:af:52:30:ac:3a:7a:bf:ec:7e:e9:dd:92:da:b7:45:
         74:88:46:dc:32:07:98:82:10:b0:d3:f7:cd:89:b8:df:4a:04:
         7d:a4:c9:fc:44:e4:aa:6e:c9:8d:18:a6:ea:f0:a2:0b:9a:a9:
         fb:4b:3b:34:b6:92:a9:f7:55:ea:4c:e0:45:89:40:81:ee:8c:
         62:c0:64:9a:ed:26:32:08:d0:f3:84:d3:98:76:94:14:0a:19:
         cf:a4:d2:62:83:94:5d:ad:43:64:71:35:5a:52:1a:17:8d:41:
         80:34:ea:ee:df:00:1f:2e:1c:a8:09:b8:fd:79:5a:3f:f4:7b:
         99:14:8a:fc:14:eb:c2:41:f2:86:67:f6:14:16:5b:c1:b0:86:
         56:c0:a3:5a:67:18:27:39:d1:99:b4:27:b8:68:25:e8:d0:34:
         73:fb:b2:de:10:40:cf:40:bd:7b:62:c6:30:49:a9:91:63:18:
         dd:36:c9:ba
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUILvMYtEhHCdie2+1uBgFmIV6KA0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTMwMDAwMTEzWhcNMjUxMTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AyY2RlNzNlYjZlNTM0NDRiODg1YjAwMThhMTRjODcwYmQy
ODMxMThkYTIwNTVkNmIzMTk5ZjI3YmJjNDM5NzA0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZMDP9Tu2TDBtkLvkN7jHCiHR0DZAHhK/OBSrxJSmEoYvu
pzCYKV9/KCrdwM6PWVN91KiFgDBMHIPweAkmxiFfbteFWU/5HuE3KRLn1ms6yQWQ
G26xBy8JFBKNcwzduF7/9aWeO5ViDxij12FswRp6RXPQ4+3jfJmVrYN00ErbMqrG
1x3yRVpsv4/6DLgv0h8GKSTBwCJl4BjLIEl+sOHxYb7HwqKDm9QhHHZr+1o12WaH
8F8gDgO0nWj8J2qXrF7QxNJHpLOZlwwKbcGJ2+gSC/K3UcwoHeQ+uFQHIM3CYr+L
vqkWzgjLOrHbzZaLOKfZflbrEVGumQrTh33eRn+ZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUoZJGVhRO7bqZ+NQ0Zpx5NzhoY4wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y5ZjZiMTMwLWI4NzItNDRhNS04MWZkLTczNzhkNDAwNjQ3Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCIAjANBgkqhkiG9w0BAQsFAAOCAQEACTKyj2Y/SRqjblN4x1co6jFaY6x5
5M4814cjS1r5/9JVyukFHKi51YWRaO6vbuuwsZ+9J58TOZ9vDFJhLNG72K6ZIhAd
fcHJ4C56r1IwrDp6v+x+6d2S2rdFdIhG3DIHmIIQsNP3zYm430oEfaTJ/ETkqm7J
jRim6vCiC5qp+0s7NLaSqfdV6kzgRYlAge6MYsBkmu0mMgjQ84TTmHaUFAoZz6TS
YoOUXa1DZHE1WlIaF41BgDTq7t8AHy4cqAm4/XlaP/R7mRSK/BTrwkHyhmf2FBZb
wbCGVsCjWmcYJznRmbQnuGgl6NA0c/uy3hBAz0C9e2LGMEmpkWMY3TbJug==
-----END CERTIFICATE-----