Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce589e22-a82f-4e68-a4ae-6f844c4d9437.roa
File:                     ce589e22-a82f-4e68-a4ae-6f844c4d9437.roa (raw, json)
Hash identifier:          bpk3i8tg+M7jeTLoLvQ8Cut+Qg8/nRDAMlqwagFEmb0=
Subject key identifier:   46:27:4C:37:5D:4D:73:D0:86:AA:98:D7:6A:42:10:F1:BB:3E:57:E6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2158116842995B22A3B49E4D3D58FED1E6262A90
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce589e22-a82f-4e68-a4ae-6f844c4d9437.roa
Signing time:             Tue 28 Oct 2025 00:41:28 +0000
ROA not before:           Tue 28 Oct 2025 00:41:28 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.78.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:58:11:68:42:99:5b:22:a3:b4:9e:4d:3d:58:fe:d1:e6:26:2a:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:41:28 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=7261913fa96653ce4e2ccf551844872ec3e9c3339641576c1b1c165215a3d9b7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:60:cc:53:7d:3d:3d:c9:d4:f0:cc:ff:1c:40:
                    f3:b8:71:49:57:79:d7:3f:ad:b0:7f:86:0f:36:dd:
                    89:87:f5:d2:1a:c1:fd:f0:0a:b7:a2:f5:f9:d5:71:
                    09:ad:c3:9a:16:ae:9b:93:49:22:6b:8d:36:59:72:
                    a3:ec:0d:74:fd:2f:7b:49:39:c7:28:7e:2d:d2:c1:
                    56:c3:1e:23:bd:82:6e:d3:29:25:a6:ff:37:ac:1c:
                    f2:06:c7:30:6e:ae:da:75:c1:6f:9e:1c:eb:cc:9f:
                    a1:00:35:48:ad:31:69:d6:96:32:2f:f4:ff:ab:72:
                    06:a3:ad:1e:4d:c1:d3:32:5a:70:55:42:74:02:e7:
                    a8:9d:c7:20:53:a0:0b:e3:44:0f:d7:b6:dd:81:c3:
                    7c:3a:ff:ba:3b:9a:31:7c:61:1a:cf:33:90:26:41:
                    20:30:5a:6a:e9:76:38:50:2f:2e:9c:22:10:44:64:
                    8b:42:49:ad:97:7c:27:a9:c8:77:24:6f:44:3d:c9:
                    83:f1:a7:92:f7:98:71:e7:64:f8:22:57:f0:59:b5:
                    cb:67:44:be:75:12:42:5e:00:c2:fb:56:42:f2:70:
                    6c:9a:2c:d4:a9:23:72:29:30:17:fc:8a:9c:11:e3:
                    75:71:26:69:24:ae:96:87:f2:f6:af:62:46:a3:a7:
                    35:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:27:4C:37:5D:4D:73:D0:86:AA:98:D7:6A:42:10:F1:BB:3E:57:E6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce589e22-a82f-4e68-a4ae-6f844c4d9437.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:74:fb:99:96:d5:dc:77:e0:4f:7d:90:f1:8a:9e:b3:66:dc:
         12:cf:80:5f:5c:43:ab:37:fd:03:4e:fe:e0:3d:45:c3:ad:6c:
         55:2a:9f:51:33:1f:1d:66:ce:6f:71:c1:c7:01:21:b5:36:49:
         e9:7d:bd:17:09:52:22:ae:09:f3:71:f9:56:11:63:cd:df:4c:
         6f:ba:28:33:db:86:7f:bf:df:59:2b:5e:af:e5:e3:a4:a6:68:
         65:ee:c9:9b:90:65:78:e7:59:15:23:58:30:e5:82:c2:7d:e6:
         55:4c:2e:af:94:63:48:ea:10:c2:8c:18:c1:91:0d:9b:c1:96:
         1e:7a:7b:3b:df:ba:60:d3:58:1d:09:04:b0:41:d6:41:c0:88:
         bf:36:d2:d2:cc:af:73:9e:f2:bf:e4:72:23:18:e3:ea:4e:b6:
         13:98:7e:37:c2:d6:62:cf:ba:fa:24:bd:95:d0:85:c3:b1:cd:
         f7:8a:af:b2:5d:3b:c7:58:6f:fb:1c:68:b3:e0:a6:cf:ae:9d:
         70:f7:e8:4d:c7:fc:a9:43:0a:c4:e3:69:9e:88:49:8e:e6:de:
         64:22:c6:84:9e:f1:5e:9f:42:f3:53:e1:35:72:23:f1:2e:a1:
         d1:35:eb:80:89:15:99:c0:63:7e:d1:de:aa:87:2f:9e:03:8c:
         05:e0:cc:19
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIVgRaEKZWyKjtJ5NPVj+0eYmKpAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDA0MTI4WhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3MjYxOTEzZmE5NjY1M2NlNGUyY2NmNTUxODQ0ODcyZWMz
ZTljMzMzOTY0MTU3NmMxYjFjMTY1MjE1YTNkOWI3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrYMxTfT09ydTwzP8cQPO4cUlXedc/rbB/hg823YmH9dIa
wf3wCrei9fnVcQmtw5oWrpuTSSJrjTZZcqPsDXT9L3tJOccofi3SwVbDHiO9gm7T
KSWm/zesHPIGxzBurtp1wW+eHOvMn6EANUitMWnWljIv9P+rcgajrR5NwdMyWnBV
QnQC56idxyBToAvjRA/Xtt2Bw3w6/7o7mjF8YRrPM5AmQSAwWmrpdjhQLy6cIhBE
ZItCSa2XfCepyHckb0Q9yYPxp5L3mHHnZPgiV/BZtctnRL51EkJeAML7VkLycGya
LNSpI3IpMBf8ipwR43VxJmkkrpaH8vavYkajpzXhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURidMN11Nc9CGqpjXakIQ8bs+V+YwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NlNTg5ZTIyLWE4MmYtNGU2OC1hNGFlLTZmODQ0YzRkOTQzNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/E4wDQYJKoZIhvcNAQELBQADggEBABN0+5mW1dx34E99kPGKnrNm3BLP
gF9cQ6s3/QNO/uA9RcOtbFUqn1EzHx1mzm9xwccBIbU2Sel9vRcJUiKuCfNx+VYR
Y83fTG+6KDPbhn+/31krXq/l46SmaGXuyZuQZXjnWRUjWDDlgsJ95lVMLq+UY0jq
EMKMGMGRDZvBlh56ezvfumDTWB0JBLBB1kHAiL820tLMr3Oe8r/kciMY4+pOthOY
fjfC1mLPuvokvZXQhcOxzfeKr7JdO8dYb/scaLPgps+unXD36E3H/KlDCsTjaZ6I
SY7m3mQixoSe8V6fQvNT4TVyI/EuodE164CJFZnAY37R3qqHL54DjAXgzBk=
-----END CERTIFICATE-----