Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ebef51e-47ae-436f-9739-68c19a9c1707.roa
File:                     2ebef51e-47ae-436f-9739-68c19a9c1707.roa (raw, json)
Hash identifier:          3QcUGQnheKrwtWViOcLDebkp7vQ1sjvJTqC4A2EmdjQ=
Subject key identifier:   3F:F1:9C:B3:39:8E:FD:8A:97:4F:6C:27:2F:B2:35:34:65:B5:21:EF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       236C953BE6B814245CCD4B6AD1E79512F20EC1D7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ebef51e-47ae-436f-9739-68c19a9c1707.roa
Signing time:             Fri 31 Oct 2025 00:50:07 +0000
ROA not before:           Fri 31 Oct 2025 00:50:07 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        44.213.78.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:6c:95:3b:e6:b8:14:24:5c:cd:4b:6a:d1:e7:95:12:f2:0e:c1:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 00:50:07 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=c12332e4916c070b1fc02ba13f2ec51325130d3a09fd9c6a0099393399e74af7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:2a:60:18:f3:9b:76:9e:5a:05:39:58:66:ac:
                    28:c1:d1:c0:22:2a:d0:5c:c2:2b:8b:3b:c2:58:04:
                    40:4d:b1:51:4a:53:aa:7b:f8:62:d5:93:48:b2:2f:
                    b8:6c:e6:25:f6:e3:b5:e7:d5:f9:0f:63:5d:bc:20:
                    14:3d:94:b5:d8:98:8c:a0:60:97:49:5f:64:27:48:
                    f3:8b:f2:d4:02:e8:eb:4b:f4:9d:9a:26:ff:1b:61:
                    9e:1a:95:1f:c1:56:c1:78:68:e7:fb:b9:01:9f:ed:
                    ba:6a:ac:17:a7:3b:c1:e4:7a:5e:f6:46:6f:40:fc:
                    01:49:5d:4f:f3:ea:50:be:aa:a1:5d:75:44:52:e3:
                    9d:22:78:5e:5d:11:fb:31:60:f1:f5:ec:c6:04:21:
                    d8:93:9c:ac:66:45:d4:78:b2:c7:2a:dc:ad:95:9c:
                    88:d1:43:86:ba:95:f0:90:cc:f4:09:2e:3f:94:f5:
                    7b:f4:7e:03:1a:d5:ba:14:cd:5e:7e:a2:9a:7d:22:
                    a2:d5:7f:ae:be:4e:0f:9a:06:bf:25:cb:eb:22:d2:
                    c8:48:6c:0e:3f:83:17:b2:b5:42:5a:c9:c1:42:da:
                    71:67:7c:d7:bb:c3:07:32:1b:60:28:c6:3c:65:e9:
                    63:14:7d:c9:95:7b:40:75:8a:06:ec:a4:71:c2:f2:
                    8e:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:F1:9C:B3:39:8E:FD:8A:97:4F:6C:27:2F:B2:35:34:65:B5:21:EF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ebef51e-47ae-436f-9739-68c19a9c1707.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  44.213.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         00:ce:af:94:6c:43:08:5b:fb:b9:38:6a:41:49:bf:73:4b:6f:
         9a:e7:93:65:a3:0d:91:de:d4:69:90:1b:6e:ed:a0:be:f5:5c:
         ee:e1:44:5d:1c:71:6a:18:0f:f7:11:e2:98:0a:78:7e:91:2a:
         ef:66:a4:c0:3d:91:c8:be:ee:6a:5f:b6:36:66:4d:fd:78:c1:
         77:e8:63:a4:14:22:9c:85:34:df:3f:9a:42:cc:e5:05:fd:d4:
         7f:17:a8:f9:7d:82:78:08:fe:75:17:79:92:fb:9e:92:88:eb:
         68:89:3d:45:f6:86:04:c5:15:c3:2c:f7:31:e2:cd:45:8c:5b:
         52:c8:75:fe:1b:81:e9:17:63:6c:d4:8d:a7:8f:6a:3d:d3:ef:
         a7:31:37:dc:6f:ce:2d:14:1c:a3:fe:bf:a7:88:11:37:de:eb:
         67:0b:6d:57:cd:63:fa:01:01:41:33:90:5c:17:47:7a:af:d6:
         70:e6:56:b1:52:e7:cc:82:76:3b:c5:d6:a6:4a:18:10:2c:18:
         64:e5:b6:74:20:27:a8:14:3a:d1:1e:fb:ff:f7:58:87:b3:d9:
         9d:35:95:73:fa:24:e2:f7:d1:66:7a:99:40:0d:22:15:ca:72:
         ad:01:51:d6:f4:04:04:6e:d2:18:55:20:5c:6d:fb:b4:f2:aa:
         c8:66:c8:a3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUI2yVO+a4FCRczUtq0eeVEvIOwdcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMDA1MDA3WhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BjMTIzMzJlNDkxNmMwNzBiMWZjMDJiYTEzZjJlYzUxMzI1
MTMwZDNhMDlmZDljNmEwMDk5MzkzMzk5ZTc0YWY3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQKmAY85t2nloFOVhmrCjB0cAiKtBcwiuLO8JYBEBNsVFK
U6p7+GLVk0iyL7hs5iX247Xn1fkPY128IBQ9lLXYmIygYJdJX2QnSPOL8tQC6OtL
9J2aJv8bYZ4alR/BVsF4aOf7uQGf7bpqrBenO8Hkel72Rm9A/AFJXU/z6lC+qqFd
dURS450ieF5dEfsxYPH17MYEIdiTnKxmRdR4sscq3K2VnIjRQ4a6lfCQzPQJLj+U
9Xv0fgMa1boUzV5+opp9IqLVf66+Tg+aBr8ly+si0shIbA4/gxeytUJaycFC2nFn
fNe7wwcyG2Aoxjxl6WMUfcmVe0B1igbspHHC8o7DAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUP/GcszmO/YqXT2wnL7I1NGW1Ie8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJlYmVmNTFlLTQ3YWUtNDM2Zi05NzM5LTY4YzE5YTljMTcwNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEs1U4wDQYJKoZIhvcNAQELBQADggEBAADOr5RsQwhb+7k4akFJv3NLb5rn
k2WjDZHe1GmQG27toL71XO7hRF0ccWoYD/cR4pgKeH6RKu9mpMA9kci+7mpftjZm
Tf14wXfoY6QUIpyFNN8/mkLM5QX91H8XqPl9gngI/nUXeZL7npKI62iJPUX2hgTF
FcMs9zHizUWMW1LIdf4bgekXY2zUjaePaj3T76cxN9xvzi0UHKP+v6eIETfe62cL
bVfNY/oBAUEzkFwXR3qv1nDmVrFS58yCdjvF1qZKGBAsGGTltnQgJ6gUOtEe+//3
WIez2Z01lXP6JOL30WZ6mUANIhXKcq0BUdb0BARu0hhVIFxt+7TyqshmyKM=
-----END CERTIFICATE-----