Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78ea6c31-0dc6-42b2-989e-2ae62658190d.roa
File:                     78ea6c31-0dc6-42b2-989e-2ae62658190d.roa (raw, json)
Hash identifier:          FfLp7oY9OkRIJ+ccBJvkwn1KPIumjtAjwK//65qhDxg=
Subject key identifier:   19:54:0A:1E:4B:30:68:79:1C:6D:80:1D:F6:10:EB:06:5F:68:C8:48
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6F86E0CA320FFEF39E0EC8691BE82DE3CC16E3E5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78ea6c31-0dc6-42b2-989e-2ae62658190d.roa
Signing time:             Wed 01 Oct 2025 00:11:13 +0000
ROA not before:           Wed 01 Oct 2025 00:11:13 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        208.124.0.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:86:e0:ca:32:0f:fe:f3:9e:0e:c8:69:1b:e8:2d:e3:cc:16:e3:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:11:13 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=ff6c0e7d5b708022f6083cd9240ff79265a0b194f34465e7e415a0cf6d810807, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f0:0f:fe:6d:89:ac:73:ba:99:ac:e0:49:3b:
                    e2:0d:c9:05:95:39:e3:fa:46:d6:d8:a0:91:e3:57:
                    79:c8:ac:9c:52:84:b4:0e:8f:5c:80:ee:24:82:6c:
                    38:7c:77:a9:db:6b:09:35:7c:7f:8d:a7:62:13:be:
                    29:d3:0d:a1:d1:dc:fc:43:a5:67:0d:4d:3c:ed:1e:
                    8c:c2:cb:90:b2:28:00:4b:f2:8e:03:c6:52:de:0e:
                    15:01:28:15:24:8d:96:9a:04:60:a5:4c:f9:47:43:
                    04:d8:8e:25:6b:5c:5c:68:74:de:48:ec:21:cb:aa:
                    f0:68:05:75:bf:df:e2:57:b0:63:c8:b6:2e:0d:d9:
                    17:2d:f3:b6:dc:38:76:29:a1:3f:46:6e:21:68:44:
                    58:dc:fd:45:33:5a:5d:50:21:1f:af:0d:9c:5a:b4:
                    af:90:3e:c1:60:ab:26:71:dc:1a:4e:89:8c:67:42:
                    a5:c7:f9:b0:53:1f:bf:6b:eb:00:69:b7:a0:44:dd:
                    f2:c8:b5:0a:a9:f5:19:61:19:c3:ce:d3:6d:68:93:
                    f5:38:ae:e3:9b:25:dd:0e:20:25:8c:3d:4b:68:6e:
                    da:9d:6e:67:80:7f:b7:71:19:f5:a7:f9:7a:c5:30:
                    90:89:58:b9:a8:da:3a:0f:d7:7c:6e:96:d0:58:63:
                    29:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:54:0A:1E:4B:30:68:79:1C:6D:80:1D:F6:10:EB:06:5F:68:C8:48
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78ea6c31-0dc6-42b2-989e-2ae62658190d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  208.124.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         c8:65:79:6c:9a:dc:a3:c9:08:54:17:17:47:a7:a9:b8:32:5e:
         e5:37:87:ab:b9:c8:e0:89:35:62:9f:ae:d3:b7:7d:85:02:8c:
         03:7e:a8:17:6b:ea:5f:b1:1a:a6:65:3e:b3:3c:89:e7:a9:a1:
         70:b5:9c:13:1f:83:01:a3:8c:77:fd:f5:45:99:2f:d7:4b:ae:
         62:6d:66:ac:7e:33:36:27:73:30:5e:07:eb:43:61:a6:50:d4:
         00:b7:99:70:60:0b:10:93:c3:60:53:0a:be:8f:83:f3:c0:f5:
         7e:04:5c:ed:d6:b3:4c:4e:b7:23:27:b4:c0:d6:75:74:e7:6e:
         af:95:25:94:02:54:3d:7c:3a:ad:99:81:b5:35:35:d9:8f:73:
         0d:d8:88:a3:42:63:77:00:7f:54:0d:98:3e:fa:b9:b1:8a:ff:
         68:2c:05:de:ba:3f:72:47:4f:a3:2e:3d:6c:63:ac:23:07:f7:
         55:9b:99:50:f6:75:43:f8:e6:90:e1:d8:97:55:34:8c:c7:84:
         ef:cb:ec:1d:f2:a2:54:ab:d4:56:14:ba:13:0d:4f:d4:93:8b:
         c0:fd:5a:39:c8:c7:f8:6d:aa:90:f4:58:b8:51:be:c4:7b:91:
         51:d1:18:50:95:20:f7:1f:41:41:ab:8d:c2:83:c3:ea:bb:d3:
         67:ca:b1:8d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUb4bgyjIP/vOeDshpG+gt48wW4+UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDAxMTEzWhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZjZjMGU3ZDViNzA4MDIyZjYwODNjZDkyNDBmZjc5MjY1
YTBiMTk0ZjM0NDY1ZTdlNDE1YTBjZjZkODEwODA3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCx8A/+bYmsc7qZrOBJO+INyQWVOeP6RtbYoJHjV3nIrJxS
hLQOj1yA7iSCbDh8d6nbawk1fH+Np2ITvinTDaHR3PxDpWcNTTztHozCy5CyKABL
8o4DxlLeDhUBKBUkjZaaBGClTPlHQwTYjiVrXFxodN5I7CHLqvBoBXW/3+JXsGPI
ti4N2Rct87bcOHYpoT9GbiFoRFjc/UUzWl1QIR+vDZxatK+QPsFgqyZx3BpOiYxn
QqXH+bBTH79r6wBpt6BE3fLItQqp9RlhGcPO021ok/U4ruObJd0OICWMPUtobtqd
bmeAf7dxGfWn+XrFMJCJWLmo2joP13xultBYYynTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGVQKHkswaHkcbYAd9hDrBl9oyEgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc4ZWE2YzMxLTBkYzYtNDJiMi05ODllLTJhZTYyNjU4MTkwZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAbQfAAwDQYJKoZIhvcNAQELBQADggEBAMhleWya3KPJCFQXF0enqbgyXuU3
h6u5yOCJNWKfrtO3fYUCjAN+qBdr6l+xGqZlPrM8ieepoXC1nBMfgwGjjHf99UWZ
L9dLrmJtZqx+MzYnczBeB+tDYaZQ1AC3mXBgCxCTw2BTCr6Pg/PA9X4EXO3Ws0xO
tyMntMDWdXTnbq+VJZQCVD18Oq2ZgbU1NdmPcw3YiKNCY3cAf1QNmD76ubGK/2gs
Bd66P3JHT6MuPWxjrCMH91WbmVD2dUP45pDh2JdVNIzHhO/L7B3yolSr1FYUuhMN
T9STi8D9WjnIx/htqpD0WLhRvsR7kVHRGFCVIPcfQUGrjcKDw+q702fKsY0=
-----END CERTIFICATE-----