Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8bb5d3f8-13ac-433b-bcf8-dd440d7dacaa.roa
File:                     8bb5d3f8-13ac-433b-bcf8-dd440d7dacaa.roa (raw, json)
Hash identifier:          lhASXwPIqOLYs6wIxQPQDZrRLOhevjwLKCOse8EcSKs=
Subject key identifier:   3C:93:12:70:05:5F:09:37:4C:72:68:FA:44:94:3F:72:FA:4E:3A:95
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7AEE92DEC347E1BC881D9A2426D22D6556D44845
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8bb5d3f8-13ac-433b-bcf8-dd440d7dacaa.roa
Signing time:             Fri 03 Oct 2025 00:03:09 +0000
ROA not before:           Fri 03 Oct 2025 00:03:09 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        209.178.0.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:ee:92:de:c3:47:e1:bc:88:1d:9a:24:26:d2:2d:65:56:d4:48:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:03:09 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=b1ee2c764ed5d9e9501b8932a1c4eb6e060b78b9a32599cc1785d410b06840d8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:dd:bf:cc:6b:f5:12:a1:d1:f8:d2:c4:fa:80:
                    c3:1e:80:64:7a:b1:4d:5f:35:04:4e:69:22:63:bc:
                    e0:13:d9:a1:10:03:93:ee:71:5e:bd:e4:fa:86:e1:
                    21:eb:7f:9d:d0:82:79:ac:3c:f0:51:c7:21:5b:0a:
                    d1:65:c7:17:c1:df:61:ec:46:ab:06:94:cd:d6:43:
                    e0:54:ed:51:9a:0b:28:39:77:ef:e2:8b:2d:49:90:
                    f7:77:95:34:00:61:67:83:6f:13:5a:82:42:02:3d:
                    a8:ac:ef:ac:66:d5:60:c4:c9:d4:9e:a3:d5:50:ef:
                    37:48:e6:ab:e8:06:b4:4a:57:36:d3:45:78:a6:d7:
                    4d:3b:2c:6f:e9:b0:30:b0:2f:18:3c:b4:d3:15:a1:
                    6a:fc:4f:1b:91:f7:04:f6:21:ea:fd:b2:7c:0c:e4:
                    b7:56:6c:d7:6c:56:32:4f:01:c0:78:46:35:fe:21:
                    38:34:4c:86:c3:e3:d4:36:ba:71:44:94:5a:c4:d6:
                    e7:e9:67:34:8e:8c:74:03:25:43:ee:69:c0:d1:a8:
                    28:a0:00:70:9d:69:db:7d:58:82:fe:a1:a3:7c:c1:
                    43:d9:cb:13:97:e0:5d:76:65:a4:ab:87:e4:b6:55:
                    2d:98:60:ce:1e:16:32:b6:e0:a2:85:38:46:81:d2:
                    a5:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:93:12:70:05:5F:09:37:4C:72:68:FA:44:94:3F:72:FA:4E:3A:95
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8bb5d3f8-13ac-433b-bcf8-dd440d7dacaa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.178.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         58:50:7e:f9:e3:7a:78:f7:e1:c2:26:d2:6c:96:bf:53:99:f9:
         30:44:ee:cd:6d:7a:bf:b4:11:75:10:46:6b:89:b5:3d:8a:da:
         e7:5b:6d:c3:af:a4:0a:76:ab:d0:4b:79:f4:9b:df:47:a2:38:
         16:1f:0e:01:99:04:34:43:d9:a5:4c:9a:8c:a5:67:08:6d:ae:
         b0:89:a6:da:c4:a6:a6:53:18:af:f7:73:2f:02:32:62:44:85:
         de:a1:38:06:e6:d2:7e:12:01:a9:e9:ad:b4:41:5b:d9:d9:a9:
         bd:67:4d:ec:d6:b0:7f:35:20:19:15:50:12:d4:53:2f:75:6a:
         fb:35:e9:ed:65:c4:01:8a:2b:b9:67:1e:84:33:c0:62:99:5a:
         24:f8:e7:60:85:c5:fb:fe:10:6e:67:26:7a:0a:2e:83:50:2b:
         fc:fa:99:d6:d0:69:56:bb:1d:6e:d5:41:de:e6:d7:38:98:01:
         41:13:21:5a:bb:07:aa:08:91:62:c1:0c:02:72:98:2a:cd:36:
         a6:ec:59:e3:ca:bc:df:ad:c5:2a:c8:59:29:e1:07:47:97:94:
         6e:c8:8b:9d:c4:4e:b6:f1:c4:94:42:65:56:a1:da:43:e5:fd:
         cc:e0:f9:3a:92:75:fa:32:94:fe:aa:dc:d7:9a:0e:f7:1a:dd:
         ba:09:f6:a8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeu6S3sNH4byIHZokJtItZVbUSEUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDAwMzA5WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMWVlMmM3NjRlZDVkOWU5NTAxYjg5MzJhMWM0ZWI2ZTA2
MGI3OGI5YTMyNTk5Y2MxNzg1ZDQxMGIwNjg0MGQ4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCn3b/Ma/USodH40sT6gMMegGR6sU1fNQROaSJjvOAT2aEQ
A5PucV695PqG4SHrf53QgnmsPPBRxyFbCtFlxxfB32HsRqsGlM3WQ+BU7VGaCyg5
d+/iiy1JkPd3lTQAYWeDbxNagkICPais76xm1WDEydSeo9VQ7zdI5qvoBrRKVzbT
RXim1007LG/psDCwLxg8tNMVoWr8TxuR9wT2Ier9snwM5LdWbNdsVjJPAcB4RjX+
ITg0TIbD49Q2unFElFrE1ufpZzSOjHQDJUPuacDRqCigAHCdadt9WIL+oaN8wUPZ
yxOX4F12ZaSrh+S2VS2YYM4eFjK24KKFOEaB0qV3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPJMScAVfCTdMcmj6RJQ/cvpOOpUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhiYjVkM2Y4LTEzYWMtNDMzYi1iY2Y4LWRkNDQwZDdkYWNhYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAfRsgAwDQYJKoZIhvcNAQELBQADggEBAFhQfvnjenj34cIm0myWv1OZ+TBE
7s1ter+0EXUQRmuJtT2K2udbbcOvpAp2q9BLefSb30eiOBYfDgGZBDRD2aVMmoyl
ZwhtrrCJptrEpqZTGK/3cy8CMmJEhd6hOAbm0n4SAanprbRBW9nZqb1nTezWsH81
IBkVUBLUUy91avs16e1lxAGKK7lnHoQzwGKZWiT452CFxfv+EG5nJnoKLoNQK/z6
mdbQaVa7HW7VQd7m1ziYAUETIVq7B6oIkWLBDAJymCrNNqbsWePKvN+txSrIWSnh
B0eXlG7Ii53ETrbxxJRCZVah2kPl/czg+TqSdfoylP6q3NeaDvca3boJ9qg=
-----END CERTIFICATE-----