Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78a29a43-6fb1-4f22-858b-58921f0187e5.roa
File:                     78a29a43-6fb1-4f22-858b-58921f0187e5.roa (raw, json)
Hash identifier:          l4GIN4bokTu/1qv/2sMDVXFCDGwDpUlkjHbkD5yLKXo=
Subject key identifier:   06:71:68:43:13:2C:87:D2:50:3F:7E:7A:E0:AB:E2:AD:C0:0A:08:C2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       709DF4E9FC680FF5EA2EFD10C8FB4BF8DF6015A1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78a29a43-6fb1-4f22-858b-58921f0187e5.roa
Signing time:             Tue 04 Nov 2025 00:00:02 +0000
ROA not before:           Tue 04 Nov 2025 00:00:02 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        114.56.64.0/18 maxlen: 18
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:9d:f4:e9:fc:68:0f:f5:ea:2e:fd:10:c8:fb:4b:f8:df:60:15:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  4 00:00:02 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=0d3744598435138ad26673ffa32e387d6b9099236e0922d97018cdcb62b92686, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:a4:0a:ed:b7:64:1c:fe:68:45:4e:61:79:8f:
                    da:8e:a0:31:3d:b7:3c:ec:c1:26:d3:6c:7c:70:42:
                    02:73:0a:ba:5a:75:81:9d:e6:53:30:27:59:97:3e:
                    f6:be:79:e1:6d:16:cb:d2:61:5e:5d:1d:21:de:29:
                    2e:d4:0b:2d:81:d2:0a:5d:60:74:4c:1a:78:e6:a5:
                    d6:15:95:c4:1f:65:f9:39:af:d9:f1:7e:9a:c9:94:
                    12:e9:6c:06:f9:b6:eb:98:27:bb:41:3a:ad:0a:02:
                    c2:df:f8:cf:0d:59:13:42:32:32:86:9b:38:b0:46:
                    57:18:d6:f2:60:9e:ed:41:2a:44:cb:1f:c8:2b:53:
                    53:02:c1:ce:e9:cc:63:92:6c:86:46:c0:55:3c:fd:
                    e7:03:07:7b:03:76:ce:16:04:20:7f:14:c0:83:41:
                    4c:87:7a:ae:db:a7:17:8a:b5:53:a4:f1:14:02:d9:
                    ab:cc:f8:2f:6b:c3:03:9f:fb:9c:f6:3c:b8:a0:82:
                    21:f8:cd:5b:82:60:83:f7:bc:62:aa:87:8d:36:0a:
                    0e:7f:9d:f4:d7:af:21:b8:1e:b6:a0:b5:b5:df:c4:
                    06:f7:63:66:4d:8a:23:e8:d8:f2:10:01:13:66:8e:
                    d7:34:5f:6f:3a:a3:e4:8e:c7:f0:33:c4:b3:51:96:
                    da:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:71:68:43:13:2C:87:D2:50:3F:7E:7A:E0:AB:E2:AD:C0:0A:08:C2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78a29a43-6fb1-4f22-858b-58921f0187e5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  114.56.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         64:c7:63:ff:01:8a:cd:d9:84:9d:ec:76:74:4c:f2:45:5a:d5:
         87:f7:8c:8e:be:0d:bf:d7:b8:16:5c:87:c6:cf:e0:78:58:b1:
         da:59:9e:bd:33:ec:14:75:b0:58:2d:14:8b:e1:4f:17:03:f8:
         b1:ad:e7:b4:b1:13:04:b4:bb:be:90:27:24:97:45:6f:6a:c1:
         5a:ef:e4:6a:24:8b:d8:88:ec:e1:0d:90:9a:22:a3:4c:1e:1e:
         c9:04:df:2b:e3:74:f9:96:4d:f2:20:ec:35:98:83:30:ff:19:
         6f:70:c4:8b:bd:22:3d:2e:3d:1e:79:96:66:a5:a9:34:fc:dd:
         9f:ef:a7:85:71:de:62:80:24:5d:69:62:c7:5d:90:93:fa:55:
         eb:a2:82:ee:c8:d3:42:04:36:bf:24:e8:00:42:71:d5:48:34:
         ba:26:32:97:ea:b1:10:ab:c7:dd:21:0b:c8:03:78:bd:bd:7b:
         ec:2e:01:c1:f1:40:ba:ee:d8:18:84:ad:d0:38:b3:23:26:77:
         9d:9d:ba:66:89:69:46:73:6f:c3:3c:5c:08:7f:06:9f:77:56:
         75:b5:ff:c0:fa:71:7b:76:89:30:d1:de:81:15:de:35:d6:4e:
         e1:40:86:b9:d4:e2:65:3a:24:14:94:e2:3a:1f:d2:8d:73:27:
         57:81:cb:2d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcJ306fxoD/XqLv0QyPtL+N9gFaEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA0MDAwMDAyWhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZDM3NDQ1OTg0MzUxMzhhZDI2NjczZmZhMzJlMzg3ZDZi
OTA5OTIzNmUwOTIyZDk3MDE4Y2RjYjYyYjkyNjg2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXpArtt2Qc/mhFTmF5j9qOoDE9tzzswSbTbHxwQgJzCrpa
dYGd5lMwJ1mXPva+eeFtFsvSYV5dHSHeKS7UCy2B0gpdYHRMGnjmpdYVlcQfZfk5
r9nxfprJlBLpbAb5tuuYJ7tBOq0KAsLf+M8NWRNCMjKGmziwRlcY1vJgnu1BKkTL
H8grU1MCwc7pzGOSbIZGwFU8/ecDB3sDds4WBCB/FMCDQUyHeq7bpxeKtVOk8RQC
2avM+C9rwwOf+5z2PLiggiH4zVuCYIP3vGKqh402Cg5/nfTXryG4HragtbXfxAb3
Y2ZNiiPo2PIQARNmjtc0X286o+SOx/AzxLNRltoNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUBnFoQxMsh9JQP3564KvircAKCMIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc4YTI5YTQzLTZmYjEtNGYyMi04NThiLTU4OTIxZjAxODdlNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZyOEAwDQYJKoZIhvcNAQELBQADggEBAGTHY/8Bis3ZhJ3sdnRM8kVa1Yf3
jI6+Db/XuBZch8bP4HhYsdpZnr0z7BR1sFgtFIvhTxcD+LGt57SxEwS0u76QJySX
RW9qwVrv5Goki9iI7OENkJoio0weHskE3yvjdPmWTfIg7DWYgzD/GW9wxIu9Ij0u
PR55lmalqTT83Z/vp4Vx3mKAJF1pYsddkJP6Veuigu7I00IENr8k6ABCcdVINLom
MpfqsRCrx90hC8gDeL29e+wuAcHxQLru2BiErdA4syMmd52dumaJaUZzb8M8XAh/
Bp93VnW1/8D6cXt2iTDR3oEV3jXWTuFAhrnU4mU6JBSU4jof0o1zJ1eByy0=
-----END CERTIFICATE-----