Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2d163000-da92-4a82-87fe-0bc2263033d1.roa
File:                     2d163000-da92-4a82-87fe-0bc2263033d1.roa (raw, json)
Hash identifier:          58BukszThA0WaFSP42jAIxSCp8e8XoLQQAAP6HeI9Qg=
Subject key identifier:   BD:E4:27:41:FF:3F:7C:1C:BC:FD:FC:E0:E0:AF:61:D1:1F:57:24:1E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       419D2F2D91A7DC1DC9192516E4E7828F27B0D549
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2d163000-da92-4a82-87fe-0bc2263033d1.roa
Signing time:             Fri 10 Oct 2025 00:21:26 +0000
ROA not before:           Fri 10 Oct 2025 00:21:26 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        78.12.64.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:9d:2f:2d:91:a7:dc:1d:c9:19:25:16:e4:e7:82:8f:27:b0:d5:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 10 00:21:26 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=0daac32ef93702a744c731449833dfa0bc1bf1b3316d94106be172c4e3223783, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:4b:ba:d4:0a:5d:23:d0:74:10:42:55:ad:44:
                    27:bd:75:0f:59:ff:4d:31:e1:02:e8:83:73:f8:64:
                    ac:e3:5b:6d:a3:78:ee:66:fa:fc:db:2a:72:a1:ed:
                    49:38:d8:4c:dd:9b:27:01:3d:61:25:2f:d8:41:f7:
                    ab:a6:8c:8b:4f:d1:bc:1f:bc:2e:0d:6a:c6:46:3a:
                    56:eb:58:79:e7:30:b8:b8:76:c5:fb:3d:d6:42:94:
                    46:18:db:7a:ac:78:6d:11:af:4b:41:42:f1:66:d7:
                    ea:22:ea:f0:08:ab:71:62:8c:af:77:4d:44:96:45:
                    d5:75:7a:ab:ed:25:79:df:d3:05:e3:82:9a:84:e2:
                    b3:bd:23:52:4d:7b:81:ae:63:82:e6:2f:fa:90:97:
                    67:99:72:bb:8d:89:e1:17:0f:b2:f2:34:b5:9a:76:
                    d2:9f:ca:0c:34:0e:94:d1:c7:32:b5:92:b8:24:63:
                    a7:fe:3b:8c:ea:96:ff:0b:2b:cb:42:a8:3d:1f:8c:
                    d7:9f:5d:9a:3f:ee:9f:c9:37:33:5a:d1:61:9f:6a:
                    47:15:58:96:7c:17:20:6e:e5:a1:d3:17:14:4d:7d:
                    58:23:49:27:d7:a3:ef:7f:f0:17:9d:38:cd:b5:9b:
                    9f:98:3f:38:a9:a4:84:68:c8:c0:8f:aa:dd:9a:c0:
                    4d:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:E4:27:41:FF:3F:7C:1C:BC:FD:FC:E0:E0:AF:61:D1:1F:57:24:1E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2d163000-da92-4a82-87fe-0bc2263033d1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.12.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         be:b6:9a:34:e6:96:7a:f1:f3:b8:94:63:61:ee:7e:5b:30:b8:
         7e:10:9b:f9:83:c0:0d:2d:d9:af:18:ca:ce:20:00:31:b3:53:
         c3:15:43:93:f0:5f:c7:17:c0:f1:eb:67:86:5d:a6:fb:cc:e3:
         08:77:b6:0b:46:f2:c3:08:7c:ae:37:22:e9:db:f1:dd:b4:2e:
         8f:ca:0d:56:9b:d7:d2:bc:d5:4f:c7:2e:c8:2e:b2:50:b3:42:
         c5:b5:75:cc:fa:da:b7:18:69:fc:92:c9:b4:04:f2:d7:a6:30:
         34:34:82:6b:c3:f0:e5:df:38:0a:15:94:b4:e7:25:d8:ca:62:
         df:b0:63:44:d6:a0:e2:ff:34:a4:33:87:14:11:37:ae:c1:34:
         da:98:a1:98:a3:d9:6d:61:43:a6:0b:d2:b1:51:1e:51:8c:6c:
         17:18:87:9b:9d:a9:47:df:c9:cc:fb:db:a9:e8:e6:08:83:83:
         dd:84:fe:44:ab:1f:4c:d1:5d:30:a3:07:a9:10:03:a7:df:5a:
         f7:f0:5a:a6:cb:c3:90:d5:3d:46:ca:ee:57:b7:7f:43:94:90:
         90:69:47:05:18:a9:45:1e:fc:91:e8:34:ed:3d:be:f0:3b:11:
         04:02:4e:ea:bd:32:4b:87:a3:b2:73:85:1b:7e:07:68:fa:ab:
         9f:f2:f5:56
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQZ0vLZGn3B3JGSUW5OeCjyew1UkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDEwMDAyMTI2WhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZGFhYzMyZWY5MzcwMmE3NDRjNzMxNDQ5ODMzZGZhMGJj
MWJmMWIzMzE2ZDk0MTA2YmUxNzJjNGUzMjIzNzgzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJS7rUCl0j0HQQQlWtRCe9dQ9Z/00x4QLog3P4ZKzjW22j
eO5m+vzbKnKh7Uk42EzdmycBPWElL9hB96umjItP0bwfvC4NasZGOlbrWHnnMLi4
dsX7PdZClEYY23qseG0Rr0tBQvFm1+oi6vAIq3FijK93TUSWRdV1eqvtJXnf0wXj
gpqE4rO9I1JNe4GuY4LmL/qQl2eZcruNieEXD7LyNLWadtKfygw0DpTRxzK1krgk
Y6f+O4zqlv8LK8tCqD0fjNefXZo/7p/JNzNa0WGfakcVWJZ8FyBu5aHTFxRNfVgj
SSfXo+9/8BedOM21m5+YPzippIRoyMCPqt2awE1lAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUveQnQf8/fBy8/fzg4K9h0R9XJB4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJkMTYzMDAwLWRhOTItNGE4Mi04N2ZlLTBiYzIyNjMwMzNkMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFODEAwDQYJKoZIhvcNAQELBQADggEBAL62mjTmlnrx87iUY2HuflswuH4Q
m/mDwA0t2a8Yys4gADGzU8MVQ5PwX8cXwPHrZ4ZdpvvM4wh3tgtG8sMIfK43Iunb
8d20Lo/KDVab19K81U/HLsguslCzQsW1dcz62rcYafySybQE8temMDQ0gmvD8OXf
OAoVlLTnJdjKYt+wY0TWoOL/NKQzhxQRN67BNNqYoZij2W1hQ6YL0rFRHlGMbBcY
h5udqUffycz726no5giDg92E/kSrH0zRXTCjB6kQA6ffWvfwWqbLw5DVPUbK7le3
f0OUkJBpRwUYqUUe/JHoNO09vvA7EQQCTuq9MkuHo7JzhRt+B2j6q5/y9VY=
-----END CERTIFICATE-----