Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78f5503c-aa07-46e8-9f59-d399edc52c77.roa
File:                     78f5503c-aa07-46e8-9f59-d399edc52c77.roa (raw, json)
Hash identifier:          7jxJOBZECXJL5oF5kfeHb3jAvwcaZ9wGyq1C3G40Sm8=
Subject key identifier:   78:C8:D5:40:17:ED:DB:53:3C:71:38:C2:A7:D0:7D:A7:31:64:2F:60
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       79B48F3E9D23CADFA47808DCA323DFB9A7AD0DA4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78f5503c-aa07-46e8-9f59-d399edc52c77.roa
Signing time:             Tue 28 Oct 2025 00:30:43 +0000
ROA not before:           Tue 28 Oct 2025 00:30:43 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f2a:4000::/36 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:b4:8f:3e:9d:23:ca:df:a4:78:08:dc:a3:23:df:b9:a7:ad:0d:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:30:43 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=30d92d7b50581f5b77bfd8cad85102344fb68a53ee271fe0af672be9cdc62134, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:70:de:7e:1e:28:1b:42:ae:ec:4e:fd:0c:67:
                    c5:10:4e:58:2a:91:43:f5:a0:0b:14:29:e2:e0:b9:
                    ae:fa:35:e1:97:df:e7:08:1d:b3:9b:73:47:b2:88:
                    fe:2b:13:56:9f:9e:f4:19:10:03:4c:e5:b5:0d:30:
                    24:aa:8b:c0:fd:4f:1b:d1:e0:f4:3d:19:4d:e2:e0:
                    9e:e8:34:e1:23:a7:39:77:d9:1d:bf:e7:8f:b9:fb:
                    dd:be:af:13:a4:0f:a9:7e:b7:6b:25:28:15:e4:c3:
                    7a:34:43:14:78:96:15:9c:c0:c8:4e:56:59:e3:8a:
                    9f:8c:e3:f0:8f:28:eb:a5:15:45:eb:64:42:2c:ec:
                    0e:f2:5c:48:f0:a3:44:99:2c:42:4f:5f:43:2c:00:
                    b7:a5:0e:3c:8c:92:e6:d2:7d:ba:1c:c6:8a:aa:5d:
                    bc:82:4f:1e:47:89:ca:0c:a6:48:6a:90:1f:59:86:
                    38:ce:0e:5c:b6:39:4d:37:c0:04:39:d8:f8:b0:7c:
                    53:ba:4f:84:b0:c9:ec:6c:c8:b0:a4:97:6d:0e:4b:
                    84:b5:30:80:9a:23:ec:98:97:7e:87:57:1b:bb:8f:
                    fa:20:0d:61:f2:5f:d7:bc:e0:cd:a9:8a:43:a8:08:
                    8b:50:dc:97:d0:79:cb:e3:ab:14:c2:7b:59:52:a0:
                    b3:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:C8:D5:40:17:ED:DB:53:3C:71:38:C2:A7:D0:7D:A7:31:64:2F:60
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78f5503c-aa07-46e8-9f59-d399edc52c77.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f2a:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         97:51:f1:bf:bb:2f:cd:29:97:e2:cb:93:36:6d:75:a8:a3:5e:
         60:fd:11:60:91:ed:20:dd:55:15:ee:af:80:d9:56:a4:18:90:
         c3:47:90:01:e1:cf:31:5c:5e:46:7a:2b:8a:8f:2d:10:be:55:
         08:9b:a3:55:57:87:61:0b:ab:d5:4c:e1:e8:df:52:f2:70:d3:
         b9:73:5f:f9:29:41:16:88:51:e7:5e:49:7c:fa:01:58:12:8a:
         6a:a1:c6:1e:47:48:00:84:39:10:18:d7:d2:b4:02:68:0f:17:
         28:44:bf:12:ce:35:88:49:a6:46:76:b0:57:f9:b1:49:ba:80:
         15:66:12:23:fc:8e:67:fc:19:16:0d:4f:a7:93:11:16:b7:90:
         a2:18:7b:35:e3:32:9c:1a:b9:f1:2d:22:e6:ab:8a:7b:9a:a9:
         32:9f:bf:5a:3b:2f:8a:6e:c8:44:13:38:3a:48:71:c8:8e:ff:
         eb:9c:10:83:8e:b5:a2:38:19:ff:4d:65:99:59:a4:81:49:7a:
         e1:26:36:be:b7:c0:45:be:f0:ec:14:fa:56:f8:b3:e2:87:ff:
         76:a6:bd:31:8c:c8:9d:eb:4e:b9:52:3d:72:2c:0d:77:4b:a1:
         64:31:c1:7f:71:52:83:ef:99:c1:f5:5f:52:25:21:1b:29:f1:
         2b:44:0a:d8
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUebSPPp0jyt+keAjcoyPfuaetDaQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDAzMDQzWhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMGQ5MmQ3YjUwNTgxZjViNzdiZmQ4Y2FkODUxMDIzNDRm
YjY4YTUzZWUyNzFmZTBhZjY3MmJlOWNkYzYyMTM0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDYcN5+HigbQq7sTv0MZ8UQTlgqkUP1oAsUKeLgua76NeGX
3+cIHbObc0eyiP4rE1afnvQZEANM5bUNMCSqi8D9TxvR4PQ9GU3i4J7oNOEjpzl3
2R2/54+5+92+rxOkD6l+t2slKBXkw3o0QxR4lhWcwMhOVlnjip+M4/CPKOulFUXr
ZEIs7A7yXEjwo0SZLEJPX0MsALelDjyMkubSfbocxoqqXbyCTx5HicoMpkhqkB9Z
hjjODly2OU03wAQ52PiwfFO6T4SwyexsyLCkl20OS4S1MICaI+yYl36HVxu7j/og
DWHyX9e84M2pikOoCItQ3JfQecvjqxTCe1lSoLMzAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUeMjVQBft21M8cTjCp9B9pzFkL2AwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc4ZjU1MDNjLWFhMDctNDZlOC05ZjU5LWQzOTllZGM1MmM3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8qQDANBgkqhkiG9w0BAQsFAAOCAQEAl1Hxv7svzSmX4suTNm11qKNe
YP0RYJHtIN1VFe6vgNlWpBiQw0eQAeHPMVxeRnorio8tEL5VCJujVVeHYQur1Uzh
6N9S8nDTuXNf+SlBFohR515JfPoBWBKKaqHGHkdIAIQ5EBjX0rQCaA8XKES/Es41
iEmmRnawV/mxSbqAFWYSI/yOZ/wZFg1Pp5MRFreQohh7NeMynBq58S0i5quKe5qp
Mp+/Wjsvim7IRBM4OkhxyI7/65wQg461ojgZ/01lmVmkgUl64SY2vrfARb7w7BT6
Vviz4of/dqa9MYzInetOuVI9ciwNd0uhZDHBf3FSg++ZwfVfUiUhGynxK0QK2A==
-----END CERTIFICATE-----