Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78a29a43-6fb1-4f22-858b-58921f0187e5.roa
File:                     78a29a43-6fb1-4f22-858b-58921f0187e5.roa (raw, json)
Hash identifier:          qRiTvPMjcf6iGkSwOVV+EtiHM5vl2UXMsRzWIrHImc4=
Subject key identifier:   DB:4E:9C:05:0B:32:D6:85:79:D7:15:74:BC:3A:A8:4E:FB:8A:8F:04
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4C732E42A0F1EBB2400B9EBB460657F8BEE0EBEC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78a29a43-6fb1-4f22-858b-58921f0187e5.roa
Signing time:             Fri 10 Oct 2025 00:01:13 +0000
ROA not before:           Fri 10 Oct 2025 00:01:13 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        114.56.64.0/18 maxlen: 18
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:73:2e:42:a0:f1:eb:b2:40:0b:9e:bb:46:06:57:f8:be:e0:eb:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 10 00:01:13 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=afaf48ce2e7d8d60839a5911be79c11a90daec1d0b4d188a90a2e615efca75f4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e3:1f:e2:82:fc:7f:da:11:be:cb:99:93:c8:
                    f3:ff:e3:cf:a1:e9:ad:d1:c6:f9:a2:22:34:8d:01:
                    0c:99:ce:0f:89:72:09:08:93:94:c5:53:d6:e0:bb:
                    8c:86:84:84:64:80:70:60:cb:ca:9f:fe:88:96:34:
                    e1:c7:09:7f:8d:b6:48:e1:fd:b2:44:74:f2:69:94:
                    b0:b5:45:6c:0d:33:cf:81:82:1a:d7:59:61:4f:cd:
                    98:9f:dc:23:f0:db:84:d7:98:4f:91:4d:18:66:33:
                    b1:3d:e1:a1:ac:6c:be:c4:52:84:ce:5f:0b:b3:32:
                    35:51:d0:44:6a:3a:09:7d:84:e3:94:b9:15:f5:cb:
                    3c:31:cf:b5:c1:39:dd:ed:79:41:37:c2:55:6e:8b:
                    e1:80:33:b3:e2:75:6f:60:d7:aa:17:2e:c4:4b:58:
                    dc:d5:9c:cf:a2:68:53:85:62:2f:f8:ab:ab:7a:2b:
                    46:41:cf:6f:ec:84:70:f6:4c:de:35:29:b6:de:06:
                    ee:77:9a:a4:df:34:2c:8d:d7:51:47:38:09:ca:5e:
                    e9:cd:b8:8d:39:f7:c0:8c:1e:3b:83:35:2e:39:82:
                    e7:41:f3:25:0f:12:3d:d4:94:e1:d2:5b:98:8e:5e:
                    9c:8a:1a:91:6c:28:56:82:f6:a7:40:6d:c6:ad:8d:
                    5f:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:4E:9C:05:0B:32:D6:85:79:D7:15:74:BC:3A:A8:4E:FB:8A:8F:04
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78a29a43-6fb1-4f22-858b-58921f0187e5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  114.56.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         bb:13:bd:30:fe:1c:0d:80:1c:a0:d1:d7:43:14:80:90:a8:8f:
         a2:81:43:df:23:20:40:c1:d6:b3:70:b0:88:4b:83:cb:7e:bd:
         8b:2f:ae:b3:5d:9d:b4:1c:42:f1:09:2d:b4:59:a8:e5:ee:26:
         ea:c0:ff:a6:4f:7a:78:ef:1d:2c:b4:79:f8:d1:e7:45:2e:89:
         db:1a:41:d8:67:cd:31:08:e9:2b:ad:5f:9f:d4:2b:49:20:fa:
         ff:e1:e2:f6:e6:37:b6:0f:65:60:2d:da:28:1e:c0:80:93:d0:
         58:da:44:93:fa:59:ed:f4:d3:7c:79:9f:61:a0:1d:1a:ec:fe:
         d1:ef:be:e9:5f:bd:a2:6e:01:3c:11:ef:18:ee:66:7a:2f:97:
         66:79:71:8e:67:fc:d4:68:37:68:bd:3c:ac:96:07:56:82:38:
         41:9d:d1:b2:a5:e3:db:b6:aa:11:6a:d6:ab:80:97:79:75:69:
         f5:86:99:31:5c:88:1d:d5:ee:e5:08:5e:70:35:df:c7:a2:5a:
         f8:62:83:78:39:82:02:eb:96:84:c4:9f:a1:de:3b:6a:98:56:
         7b:d4:75:b5:6f:a4:cd:10:5e:f4:bf:a7:31:d6:ce:da:13:cb:
         2e:68:61:36:83:1c:8a:6d:8f:db:d6:7b:a4:50:fd:19:fd:5c:
         c2:77:b1:a1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTHMuQqDx67JAC567RgZX+L7g6+wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDEwMDAwMTEzWhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZmFmNDhjZTJlN2Q4ZDYwODM5YTU5MTFiZTc5YzExYTkw
ZGFlYzFkMGI0ZDE4OGE5MGEyZTYxNWVmY2E3NWY0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCw4x/igvx/2hG+y5mTyPP/48+h6a3RxvmiIjSNAQyZzg+J
cgkIk5TFU9bgu4yGhIRkgHBgy8qf/oiWNOHHCX+Ntkjh/bJEdPJplLC1RWwNM8+B
ghrXWWFPzZif3CPw24TXmE+RTRhmM7E94aGsbL7EUoTOXwuzMjVR0ERqOgl9hOOU
uRX1yzwxz7XBOd3teUE3wlVui+GAM7PidW9g16oXLsRLWNzVnM+iaFOFYi/4q6t6
K0ZBz2/shHD2TN41KbbeBu53mqTfNCyN11FHOAnKXunNuI0598CMHjuDNS45gudB
8yUPEj3UlOHSW5iOXpyKGpFsKFaC9qdAbcatjV/9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU206cBQsy1oV51xV0vDqoTvuKjwQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc4YTI5YTQzLTZmYjEtNGYyMi04NThiLTU4OTIxZjAxODdlNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZyOEAwDQYJKoZIhvcNAQELBQADggEBALsTvTD+HA2AHKDR10MUgJCoj6KB
Q98jIEDB1rNwsIhLg8t+vYsvrrNdnbQcQvEJLbRZqOXuJurA/6ZPenjvHSy0efjR
50UuidsaQdhnzTEI6SutX5/UK0kg+v/h4vbmN7YPZWAt2igewICT0FjaRJP6We30
03x5n2GgHRrs/tHvvulfvaJuATwR7xjuZnovl2Z5cY5n/NRoN2i9PKyWB1aCOEGd
0bKl49u2qhFq1quAl3l1afWGmTFciB3V7uUIXnA138eiWvhig3g5ggLrloTEn6He
O2qYVnvUdbVvpM0QXvS/pzHWztoTyy5oYTaDHIptj9vWe6RQ/Rn9XMJ3saE=
-----END CERTIFICATE-----