Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78dd12dd-970d-4fa6-87a0-5b7eea0423c9.roa
File:                     78dd12dd-970d-4fa6-87a0-5b7eea0423c9.roa (raw, json)
Hash identifier:          P+/Hdvk5LszmFCS7WwszVHkuT9Pa6/8a789q6q9ZLA4=
Subject key identifier:   6B:0A:0E:1C:59:FF:91:6C:1A:BB:97:C2:96:CD:0C:BD:FA:F0:A4:7E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4A724D2CADEE21728E3F76A9E40041CB1A859C1A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78dd12dd-970d-4fa6-87a0-5b7eea0423c9.roa
Signing time:             Wed 05 Nov 2025 00:40:56 +0000
ROA not before:           Wed 05 Nov 2025 00:40:56 +0000
ROA not after:            Wed 10 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        69.0.168.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:72:4d:2c:ad:ee:21:72:8e:3f:76:a9:e4:00:41:cb:1a:85:9c:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  5 00:40:56 2025 GMT
            Not After : Dec 10 23:59:59 2025 GMT
        Subject: serialNumber=bcd57ea6103ef7fc672f2aa41f09fc1f6d2ec889658a8a0b71a8e1cc964c9f1c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:c7:84:7e:b0:76:be:a7:8f:b6:3b:40:c1:ef:
                    e4:16:6e:5f:61:c3:29:91:d9:22:f7:ef:18:19:e6:
                    02:4b:80:3f:a2:02:33:cd:7b:d4:28:f7:55:e5:fd:
                    c9:eb:4d:07:7e:ff:ac:7a:60:77:c9:84:26:a5:d3:
                    ee:a2:b1:11:71:b2:19:a9:ef:88:ed:d6:8d:34:0c:
                    07:00:bb:e1:ce:e8:f6:c3:71:6d:d9:15:0d:e0:27:
                    d6:86:1a:4d:4c:91:ee:bb:c0:3f:b2:fb:97:9d:2c:
                    5a:52:be:5e:95:b3:2f:ce:e4:d6:82:50:5f:22:b0:
                    d9:7e:76:9e:c8:3c:9a:9e:79:c4:00:77:f2:e6:16:
                    06:d2:e1:b7:02:ea:08:48:cf:28:ea:01:c4:b3:b3:
                    b7:a2:da:9d:b6:8e:13:f4:d7:04:db:73:09:b6:d0:
                    d8:9a:07:2b:9e:80:59:5a:d6:10:bb:af:c3:e5:b7:
                    63:4b:6c:40:ac:3c:86:d7:1b:78:83:17:8a:5c:4b:
                    e7:ca:88:32:ac:79:df:b1:dc:f0:44:6c:51:31:62:
                    bf:d2:d3:82:bb:02:55:81:bf:33:e5:ef:3a:a6:1a:
                    e1:1b:af:6b:f2:45:06:26:67:8d:b7:a3:8f:e6:f9:
                    a5:20:05:f0:9b:d9:65:8a:71:bc:68:fa:fe:b3:e2:
                    ee:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:0A:0E:1C:59:FF:91:6C:1A:BB:97:C2:96:CD:0C:BD:FA:F0:A4:7E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78dd12dd-970d-4fa6-87a0-5b7eea0423c9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.0.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:2a:f9:55:ba:af:0c:b4:36:d6:ed:40:67:f6:ae:f3:92:a3:
         94:40:59:db:f6:b8:b2:95:61:86:d5:f4:44:af:de:b7:2f:c9:
         85:1e:1a:26:d6:ed:3b:ab:f9:78:ad:6e:9e:94:1e:e4:2a:b1:
         82:07:0c:99:8b:19:3a:04:2c:5b:f9:8a:ce:8f:93:91:1a:f5:
         59:c3:84:5e:20:12:73:a2:79:b8:9b:49:75:bb:de:16:b9:27:
         fd:69:72:65:f3:c6:7e:76:28:78:40:50:ce:67:af:6a:29:2d:
         cd:58:59:67:8d:4e:e0:70:a2:95:ee:a9:bc:27:53:f3:3d:12:
         a3:e4:1f:f4:2f:96:b1:bd:73:15:5b:c6:b5:51:b7:de:8f:97:
         ab:41:96:32:31:1f:cd:7a:b2:4f:d3:1f:35:34:ab:cd:37:1a:
         d6:2e:aa:96:f3:67:9e:6a:9f:8a:d0:5e:93:38:0e:5b:a2:f7:
         4f:b1:69:e4:15:d4:d2:3a:26:a2:f1:9d:d8:96:84:31:13:ea:
         98:22:04:41:6c:73:f9:7b:ee:6d:c0:b7:00:d3:6d:3f:ab:18:
         39:67:c9:c6:1a:52:07:0e:36:c8:56:94:66:0b:d7:65:c8:56:
         f3:df:9e:9a:cb:78:3c:5d:30:a5:b8:f7:60:80:e0:b8:ed:c6:
         45:a8:b7:a2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSnJNLK3uIXKOP3ap5ABByxqFnBowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA1MDA0MDU2WhcNMjUxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BiY2Q1N2VhNjEwM2VmN2ZjNjcyZjJhYTQxZjA5ZmMxZjZk
MmVjODg5NjU4YThhMGI3MWE4ZTFjYzk2NGM5ZjFjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCex4R+sHa+p4+2O0DB7+QWbl9hwymR2SL37xgZ5gJLgD+i
AjPNe9Qo91Xl/cnrTQd+/6x6YHfJhCal0+6isRFxshmp74jt1o00DAcAu+HO6PbD
cW3ZFQ3gJ9aGGk1Mke67wD+y+5edLFpSvl6Vsy/O5NaCUF8isNl+dp7IPJqeecQA
d/LmFgbS4bcC6ghIzyjqAcSzs7ei2p22jhP01wTbcwm20NiaByuegFla1hC7r8Pl
t2NLbECsPIbXG3iDF4pcS+fKiDKsed+x3PBEbFExYr/S04K7AlWBvzPl7zqmGuEb
r2vyRQYmZ423o4/m+aUgBfCb2WWKcbxo+v6z4u4JAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUawoOHFn/kWwau5fCls0MvfrwpH4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc4ZGQxMmRkLTk3MGQtNGZhNi04N2EwLTViN2VlYTA0MjNjOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJFAKgwDQYJKoZIhvcNAQELBQADggEBACEq+VW6rwy0NtbtQGf2rvOSo5RA
Wdv2uLKVYYbV9ESv3rcvyYUeGibW7Tur+Xitbp6UHuQqsYIHDJmLGToELFv5is6P
k5Ea9VnDhF4gEnOiebibSXW73ha5J/1pcmXzxn52KHhAUM5nr2opLc1YWWeNTuBw
opXuqbwnU/M9EqPkH/QvlrG9cxVbxrVRt96Pl6tBljIxH816sk/THzU0q803GtYu
qpbzZ55qn4rQXpM4Dlui90+xaeQV1NI6JqLxndiWhDET6pgiBEFsc/l77m3AtwDT
bT+rGDlnycYaUgcONshWlGYL12XIVvPfnprLeDxdMKW492CA4LjtxkWot6I=
-----END CERTIFICATE-----