Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78fa3972-5318-47b7-a9d6-d6ceecbc554e.roa
File:                     78fa3972-5318-47b7-a9d6-d6ceecbc554e.roa (raw, json)
Hash identifier:          pha0etndyGzTlpdxPKWlY8pAK0mayURHB0ew26b0KEA=
Subject key identifier:   35:7B:3B:C2:3C:2D:7F:CC:47:F2:75:62:69:79:FF:B6:4F:20:FA:02
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1980F10E216887E827BB0D292A0027ECC9613B2D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78fa3972-5318-47b7-a9d6-d6ceecbc554e.roa
Signing time:             Mon 13 Oct 2025 15:52:06 +0000
ROA not before:           Mon 13 Oct 2025 15:52:06 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.55.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:80:f1:0e:21:68:87:e8:27:bb:0d:29:2a:00:27:ec:c9:61:3b:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 13 15:52:06 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=8be8d56db3d70e580681a614f32baabf50aa2ff3a3cb1e7405fc46cfcc7d1d4f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b7:89:31:09:8d:2c:d3:30:dd:4f:c7:88:4a:
                    f4:b7:fd:20:91:65:b4:96:d3:0b:60:9d:0c:56:29:
                    ed:09:84:a5:29:53:c0:36:03:be:04:83:35:81:5d:
                    7b:62:cb:7b:8c:50:5c:b7:fb:25:1e:1a:47:aa:4f:
                    9e:c3:f7:e1:ad:77:90:d8:6e:d2:fd:8b:fc:a5:19:
                    db:fd:48:3a:d3:a4:3b:40:42:b0:9c:f4:85:be:f0:
                    34:20:55:12:78:64:8f:c9:91:d5:12:75:e9:ee:68:
                    12:18:54:e6:b9:b9:08:ea:c8:ae:41:eb:e9:fd:b3:
                    34:02:79:f4:98:68:df:db:0c:ce:93:ad:db:31:0c:
                    1c:9c:15:82:c1:a6:87:7d:b1:50:5c:4a:59:c8:8d:
                    74:34:a1:b6:1b:bc:af:9d:65:47:81:22:aa:62:5f:
                    0b:66:40:9a:d6:f1:23:9b:c3:9d:fe:de:7e:33:9f:
                    23:e7:b3:aa:05:d8:1d:85:f6:97:85:78:b5:80:90:
                    d6:37:4a:b2:2b:fa:47:19:84:f8:c3:01:2c:4d:e4:
                    92:7b:4a:20:3f:d7:e6:23:e9:fa:59:a7:1d:82:18:
                    94:b5:3a:8a:ed:52:4f:cf:00:0f:9c:45:2a:ed:10:
                    97:11:19:62:cd:78:41:de:67:cb:6a:b9:05:0d:9b:
                    92:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:7B:3B:C2:3C:2D:7F:CC:47:F2:75:62:69:79:FF:B6:4F:20:FA:02
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78fa3972-5318-47b7-a9d6-d6ceecbc554e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.55.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         54:01:63:0c:92:dd:b2:92:64:87:2d:6f:7d:90:5e:a8:60:8d:
         be:90:f0:25:d4:8a:44:f7:21:70:3e:45:90:e0:8c:5c:99:b2:
         84:24:39:9a:b6:03:d4:81:a0:89:6f:a3:d2:76:c3:78:6e:d2:
         b4:3a:0b:b8:4e:21:96:17:d9:a4:95:fd:54:a8:5a:2d:3b:63:
         9a:ef:37:c2:40:b8:88:eb:7b:1f:84:ff:58:ad:c6:31:8d:18:
         94:8b:1e:0d:f6:72:53:0d:59:cd:6a:ea:bf:07:31:52:c0:c5:
         4f:37:42:91:b7:f3:d0:21:7a:c2:86:21:ab:9a:5e:98:24:4b:
         70:54:47:1a:9d:ab:b8:33:c0:74:c8:0e:1e:ca:aa:3c:c5:bb:
         e2:7e:bc:f5:86:26:ac:77:90:1d:3a:29:6a:eb:da:e3:8e:1c:
         17:70:49:ad:4a:e1:3b:f9:3b:0a:18:50:54:ee:05:3f:0c:0d:
         e3:ba:a1:25:2d:1d:df:54:6c:15:91:90:1e:63:71:47:7a:47:
         8b:d2:2f:79:8e:49:e6:fa:79:2e:a8:57:9e:8f:c4:12:99:c9:
         aa:5e:b0:ec:e6:d6:4e:2c:80:6c:93:8b:47:db:aa:47:3e:02:
         b4:cd:2d:5d:b4:58:cc:71:02:9a:d9:a0:18:45:5f:41:b5:1c:
         d5:e3:8f:bc
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUGYDxDiFoh+gnuw0pKgAn7MlhOy0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDEzMTU1MjA2WhcNMjUxMTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YmU4ZDU2ZGIzZDcwZTU4MDY4MWE2MTRmMzJiYWFiZjUw
YWEyZmYzYTNjYjFlNzQwNWZjNDZjZmNjN2QxZDRmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXt4kxCY0s0zDdT8eISvS3/SCRZbSW0wtgnQxWKe0JhKUp
U8A2A74EgzWBXXtiy3uMUFy3+yUeGkeqT57D9+Gtd5DYbtL9i/ylGdv9SDrTpDtA
QrCc9IW+8DQgVRJ4ZI/JkdUSdenuaBIYVOa5uQjqyK5B6+n9szQCefSYaN/bDM6T
rdsxDBycFYLBpod9sVBcSlnIjXQ0obYbvK+dZUeBIqpiXwtmQJrW8SObw53+3n4z
nyPns6oF2B2F9peFeLWAkNY3SrIr+kcZhPjDASxN5JJ7SiA/1+Yj6fpZpx2CGJS1
OortUk/PAA+cRSrtEJcRGWLNeEHeZ8tquQUNm5ITAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUNXs7wjwtf8xH8nViaXn/tk8g+gIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc4ZmEzOTcyLTUzMTgtNDdiNy1hOWQ2LWQ2Y2VlY2JjNTU0ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAjNzANBgkqhkiG9w0BAQsFAAOCAQEAVAFjDJLdspJkhy1vfZBeqGCNvpDw
JdSKRPchcD5FkOCMXJmyhCQ5mrYD1IGgiW+j0nbDeG7StDoLuE4hlhfZpJX9VKha
LTtjmu83wkC4iOt7H4T/WK3GMY0YlIseDfZyUw1ZzWrqvwcxUsDFTzdCkbfz0CF6
woYhq5pemCRLcFRHGp2ruDPAdMgOHsqqPMW74n689YYmrHeQHTopauva444cF3BJ
rUrhO/k7ChhQVO4FPwwN47qhJS0d31RsFZGQHmNxR3pHi9IveY5J5vp5LqhXno/E
EpnJql6w7ObWTiyAbJOLR9uqRz4CtM0tXbRYzHECmtmgGEVfQbUc1eOPvA==
-----END CERTIFICATE-----