Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c39d5c58-914d-4d17-9204-d6652dbcef48.roa
File:                     c39d5c58-914d-4d17-9204-d6652dbcef48.roa (raw, json)
Hash identifier:          V5AB0/BfVVIlgHMCZ16ZnRAhUt2qb2hgTWQ1zNWM5VU=
Subject key identifier:   E8:5E:E5:BE:FA:48:2C:18:EF:5A:8D:7F:F6:CC:02:05:EB:8A:D6:56
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       18811881D4D5B09C20BE01BB47FA14717424B90B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c39d5c58-914d-4d17-9204-d6652dbcef48.roa
Signing time:             Tue 04 Nov 2025 00:00:11 +0000
ROA not before:           Tue 04 Nov 2025 00:00:11 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        78.12.59.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:81:18:81:d4:d5:b0:9c:20:be:01:bb:47:fa:14:71:74:24:b9:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  4 00:00:11 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=71c7b225165333cd4b297d35676fa038976a4f7cee3f538e446a185a78760955, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:d3:5f:5f:52:2c:30:8a:0e:8b:99:a7:3f:26:
                    1c:1b:7d:3e:9a:bc:16:00:e8:e0:55:87:83:8d:55:
                    e3:64:57:99:85:e1:74:d7:aa:ec:1b:e2:2f:b6:19:
                    e0:8b:4f:f8:e8:a8:fe:4f:f4:68:47:94:c2:5a:ce:
                    b1:86:45:60:bb:8f:47:50:ef:43:a3:69:78:b6:a6:
                    4f:cf:ad:a8:8f:5d:30:41:c2:76:cf:60:40:a5:ce:
                    30:ba:67:62:5b:6d:60:74:83:de:72:4c:2f:e0:8a:
                    4f:38:ce:27:62:32:d6:14:c0:cf:ca:5f:57:d2:5c:
                    f5:7c:66:c8:d8:02:67:de:d3:61:1e:3c:8d:81:c0:
                    08:19:f9:7c:40:12:95:3d:08:01:d2:ba:ab:82:b1:
                    7b:31:66:a6:92:b5:5b:52:69:e0:1c:a2:43:2e:60:
                    7d:9a:31:eb:f0:70:65:ff:9f:c8:56:73:f9:e1:20:
                    79:44:5d:f8:c6:93:ff:d2:1b:fb:d4:fe:44:b8:70:
                    78:ae:0f:0a:10:df:87:19:9e:46:eb:40:7b:5c:a6:
                    f3:6b:0c:67:63:64:23:8d:8e:ed:bd:9a:f6:92:fe:
                    63:d1:2a:15:db:87:d5:90:fe:e6:a1:82:6f:9d:24:
                    31:33:52:e3:f4:61:7e:44:b5:2e:7d:b3:d1:fb:e9:
                    d7:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:5E:E5:BE:FA:48:2C:18:EF:5A:8D:7F:F6:CC:02:05:EB:8A:D6:56
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c39d5c58-914d-4d17-9204-d6652dbcef48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.12.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:57:a3:6b:92:d6:ac:a8:52:30:73:45:b6:69:33:77:4f:54:
         78:79:b8:b7:e2:df:a7:22:e1:59:cd:f6:f2:2c:cc:07:2f:5b:
         50:91:ad:5f:fc:1e:ed:03:16:91:7e:64:49:8f:59:91:d1:e4:
         15:53:47:12:50:37:30:6d:47:1b:13:b4:4e:63:9f:bc:ab:3c:
         37:fb:c6:4c:5c:50:53:48:c7:8a:98:c4:b8:d4:d1:a5:0f:61:
         93:ae:b1:b2:e6:7f:88:e0:f1:a1:14:e3:4a:a1:2a:64:24:81:
         20:c5:c2:d7:8a:1f:2f:3f:98:ea:9d:09:13:24:55:dc:12:1f:
         f0:ce:c3:3e:aa:ec:4e:5d:63:aa:d2:5e:07:c4:62:4d:ce:b4:
         3b:08:97:2e:ed:3b:26:f2:1e:5f:bc:54:a9:8b:5c:92:07:90:
         85:be:a3:d6:34:d4:93:20:a4:50:c7:9f:42:6f:07:ee:85:e3:
         9b:ea:f2:01:88:74:41:59:6e:a4:3c:13:f5:a5:a5:2f:c1:d5:
         76:97:50:cc:a5:12:7a:0f:06:9b:a8:31:94:ad:23:80:04:e5:
         bc:fa:ba:37:d2:0f:9d:83:c9:46:e7:4c:bf:5c:7e:31:c4:dc:
         0d:33:92:21:ab:f2:6a:e9:b0:72:da:37:4f:75:a5:9a:25:a8:
         97:23:66:4c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGIEYgdTVsJwgvgG7R/oUcXQkuQswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA0MDAwMDExWhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MWM3YjIyNTE2NTMzM2NkNGIyOTdkMzU2NzZmYTAzODk3
NmE0ZjdjZWUzZjUzOGU0NDZhMTg1YTc4NzYwOTU1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDP019fUiwwig6Lmac/JhwbfT6avBYA6OBVh4ONVeNkV5mF
4XTXquwb4i+2GeCLT/joqP5P9GhHlMJazrGGRWC7j0dQ70OjaXi2pk/PraiPXTBB
wnbPYEClzjC6Z2JbbWB0g95yTC/gik84zidiMtYUwM/KX1fSXPV8ZsjYAmfe02Ee
PI2BwAgZ+XxAEpU9CAHSuquCsXsxZqaStVtSaeAcokMuYH2aMevwcGX/n8hWc/nh
IHlEXfjGk//SG/vU/kS4cHiuDwoQ34cZnkbrQHtcpvNrDGdjZCONju29mvaS/mPR
KhXbh9WQ/uahgm+dJDEzUuP0YX5EtS59s9H76dcNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6F7lvvpILBjvWo1/9swCBeuK1lYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MzOWQ1YzU4LTkxNGQtNGQxNy05MjA0LWQ2NjUyZGJjZWY0OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABODDswDQYJKoZIhvcNAQELBQADggEBAFJXo2uS1qyoUjBzRbZpM3dPVHh5
uLfi36ci4VnN9vIszAcvW1CRrV/8Hu0DFpF+ZEmPWZHR5BVTRxJQNzBtRxsTtE5j
n7yrPDf7xkxcUFNIx4qYxLjU0aUPYZOusbLmf4jg8aEU40qhKmQkgSDFwteKHy8/
mOqdCRMkVdwSH/DOwz6q7E5dY6rSXgfEYk3OtDsIly7tOybyHl+8VKmLXJIHkIW+
o9Y01JMgpFDHn0JvB+6F45vq8gGIdEFZbqQ8E/WlpS/B1XaXUMylEnoPBpuoMZSt
I4AE5bz6ujfSD52DyUbnTL9cfjHE3A0zkiGr8mrpsHLaN091pZolqJcjZkw=
-----END CERTIFICATE-----