Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9e093b29-3153-49c7-bbdd-9089a1389778.roa
File:                     9e093b29-3153-49c7-bbdd-9089a1389778.roa (raw, json)
Hash identifier:          onmsAh9zYUqVVncq/+6c8bNtLU1yKqX2/5C4QTS6YSk=
Subject key identifier:   D8:CB:F4:5F:15:A3:C4:D4:59:BE:42:11:B9:9A:2D:84:E4:C6:BE:BC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       78EB0D9F350647A314EC60998C22DD449DF073F3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9e093b29-3153-49c7-bbdd-9089a1389778.roa
Signing time:             Sun 26 Oct 2025 00:01:00 +0000
ROA not before:           Sun 26 Oct 2025 00:01:00 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        204.169.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:eb:0d:9f:35:06:47:a3:14:ec:60:99:8c:22:dd:44:9d:f0:73:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 00:01:00 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=b488df1468bf1a99b84939f89582381885c38142f95facc96f7761b3450b312e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:aa:67:ec:74:0e:5f:e6:77:86:01:6c:60:f3:
                    60:97:4a:80:a5:e5:11:38:e4:35:b1:9a:fc:20:bc:
                    39:84:a7:37:ee:47:94:9e:9c:34:52:61:55:0c:60:
                    1f:d3:62:53:56:49:7d:e0:2b:20:4a:40:a6:9d:8f:
                    28:c6:7d:f5:e1:41:8e:97:c1:02:72:86:e4:7f:09:
                    78:1b:47:26:04:f6:b4:33:ab:a1:61:8a:94:86:50:
                    a8:89:99:83:9c:60:3d:f4:c6:eb:cc:c0:50:9e:46:
                    75:ec:1b:ac:3d:11:0d:51:8b:99:a8:d7:15:82:0b:
                    9f:3e:ce:8a:6d:6e:fb:c5:9d:0f:de:0e:5d:4a:9b:
                    ae:f1:f0:cf:2e:52:e5:9a:dc:6a:c2:d1:46:0e:74:
                    7d:40:76:42:55:29:7e:5a:38:b7:3b:aa:8b:70:3e:
                    ea:81:0a:75:02:55:64:65:10:7e:93:59:27:91:7c:
                    1c:96:bb:ae:b3:0a:10:ae:10:11:68:2b:16:44:0f:
                    41:7e:27:f0:7f:6a:7f:89:69:f3:75:59:43:cb:5e:
                    71:2a:db:cb:ff:54:62:e3:0a:2e:7e:bb:14:28:3d:
                    f2:a3:3d:c3:f9:39:89:5d:da:b9:08:70:13:7b:e6:
                    c9:6e:d6:1e:eb:15:13:61:8b:10:41:1d:f1:76:f1:
                    53:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:CB:F4:5F:15:A3:C4:D4:59:BE:42:11:B9:9A:2D:84:E4:C6:BE:BC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9e093b29-3153-49c7-bbdd-9089a1389778.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.169.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         12:e3:24:99:c1:44:81:61:2d:2b:3f:8a:d3:90:b0:3d:3b:ad:
         dd:02:5b:d4:67:ef:b2:06:87:96:13:f0:67:9a:32:a6:5a:9a:
         2e:cf:10:cf:ed:a8:8b:83:b2:e1:5f:4a:eb:54:93:2d:c0:5a:
         d7:a6:61:a4:3b:a5:4f:b0:8e:a2:ae:bb:8f:77:02:ad:8b:ff:
         c7:49:5c:b6:71:d5:db:ac:ba:b1:95:7f:d9:44:96:51:38:e1:
         2a:72:26:0c:17:6e:18:a1:19:01:06:b7:6b:9b:16:89:6c:e4:
         69:52:21:cb:0a:93:dd:f8:ad:a8:99:d5:ef:50:35:45:e4:e0:
         ce:ef:68:87:cd:33:a1:fb:3a:15:15:7c:31:13:a1:23:dc:75:
         35:77:b3:7a:c9:c7:ab:9a:54:39:46:63:69:d3:c0:ff:47:ea:
         39:69:ca:50:39:14:7f:9e:10:9b:ea:15:8f:69:e7:88:3b:18:
         53:54:e7:fa:b7:98:64:47:e2:a9:34:4e:10:03:53:84:97:c9:
         e1:14:48:67:a7:77:9e:e4:a1:ad:1e:0f:a1:5a:ad:73:ee:1f:
         c5:f5:eb:c8:77:5e:b5:ad:fe:5e:01:7a:0e:7b:76:11:10:66:
         ae:f7:47:c5:65:75:70:93:5e:72:49:75:a7:45:78:13:82:58:
         61:f8:bb:e1
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUeOsNnzUGR6MU7GCZjCLdRJ3wc/MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDAwMTAwWhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BiNDg4ZGYxNDY4YmYxYTk5Yjg0OTM5Zjg5NTgyMzgxODg1
YzM4MTQyZjk1ZmFjYzk2Zjc3NjFiMzQ1MGIzMTJlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfqmfsdA5f5neGAWxg82CXSoCl5RE45DWxmvwgvDmEpzfu
R5SenDRSYVUMYB/TYlNWSX3gKyBKQKadjyjGffXhQY6XwQJyhuR/CXgbRyYE9rQz
q6FhipSGUKiJmYOcYD30xuvMwFCeRnXsG6w9EQ1Ri5mo1xWCC58+zoptbvvFnQ/e
Dl1Km67x8M8uUuWa3GrC0UYOdH1AdkJVKX5aOLc7qotwPuqBCnUCVWRlEH6TWSeR
fByWu66zChCuEBFoKxZED0F+J/B/an+JafN1WUPLXnEq28v/VGLjCi5+uxQoPfKj
PcP5OYld2rkIcBN75slu1h7rFRNhixBBHfF28VMjAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU2Mv0XxWjxNRZvkIRuZothOTGvrwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzllMDkzYjI5LTMxNTMtNDljNy1iYmRkLTkwODlhMTM4OTc3OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwDMqTANBgkqhkiG9w0BAQsFAAOCAQEAEuMkmcFEgWEtKz+K05CwPTut3QJb
1GfvsgaHlhPwZ5oyplqaLs8Qz+2oi4Oy4V9K61STLcBa16ZhpDulT7COoq67j3cC
rYv/x0lctnHV26y6sZV/2USWUTjhKnImDBduGKEZAQa3a5sWiWzkaVIhywqT3fit
qJnV71A1ReTgzu9oh80zofs6FRV8MROhI9x1NXezesnHq5pUOUZjadPA/0fqOWnK
UDkUf54Qm+oVj2nniDsYU1Tn+reYZEfiqTROEANThJfJ4RRIZ6d3nuShrR4PoVqt
c+4fxfXryHdeta3+XgF6Dnt2ERBmrvdHxWV1cJNeckl1p0V4E4JYYfi74Q==
-----END CERTIFICATE-----