Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9aca1af5-70ad-46f8-9435-7a35a97cef1f.roa
File:                     9aca1af5-70ad-46f8-9435-7a35a97cef1f.roa (raw, json)
Hash identifier:          Mb3wWVNkT3V3AY6S0ig9DSc0yNqKypq0kG+38sJ8lyw=
Subject key identifier:   7F:FC:D0:D7:56:64:CA:D1:4E:B1:0D:B6:76:F5:A6:70:FA:E2:43:C9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2409145A6E978ACAF8D07EB0509BF46C433DB09C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9aca1af5-70ad-46f8-9435-7a35a97cef1f.roa
Signing time:             Fri 10 Oct 2025 00:12:06 +0000
ROA not before:           Fri 10 Oct 2025 00:12:06 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        78.12.61.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:09:14:5a:6e:97:8a:ca:f8:d0:7e:b0:50:9b:f4:6c:43:3d:b0:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 10 00:12:06 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=fde414e9de6099be46aad81ee7da75189a2d694fdcb2c4ded141e07d8a23b492, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:3b:ae:b9:31:1a:b1:7b:de:6d:0e:fa:f2:06:
                    42:c9:b3:ac:9b:90:61:75:cf:6d:d7:44:4c:5f:bc:
                    fe:8a:30:bd:32:d7:47:ff:df:ed:af:9e:1a:b1:94:
                    d5:d4:64:c6:93:19:2a:6e:ef:51:ba:38:0b:71:6c:
                    be:1b:23:14:63:6a:c8:4c:ef:c9:77:21:55:17:06:
                    5b:40:7b:af:e3:b6:73:b7:df:dc:21:1e:e6:84:d5:
                    23:97:80:97:cb:e2:46:1d:81:dc:76:68:45:78:2c:
                    e7:99:26:64:a1:a3:43:a1:be:c7:6f:84:48:8c:02:
                    28:ca:3f:67:1d:ed:ce:83:e3:cb:9b:f0:6b:2a:f9:
                    b1:d6:06:cd:72:5e:4b:e4:be:72:4e:26:f3:89:95:
                    0a:c0:12:b9:89:43:6b:d9:5a:42:13:9f:cc:0f:1a:
                    f9:5c:76:38:5a:19:e1:44:09:86:b3:1a:e0:bc:c7:
                    f8:09:36:03:11:6c:f7:2b:1a:dd:63:cc:37:97:98:
                    c6:18:cc:24:73:ce:f7:c0:4d:c6:d5:32:a7:5e:bc:
                    86:7e:d2:3b:70:9d:06:6c:8a:33:02:93:9a:06:0d:
                    5c:61:3b:67:9e:a7:d3:5d:56:10:ca:3b:13:d6:7d:
                    d3:b5:c1:21:d6:24:36:52:e5:47:4a:1f:a7:93:96:
                    7a:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:FC:D0:D7:56:64:CA:D1:4E:B1:0D:B6:76:F5:A6:70:FA:E2:43:C9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9aca1af5-70ad-46f8-9435-7a35a97cef1f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.12.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:aa:5c:cc:f1:22:7b:85:0f:9f:81:ba:14:f6:ea:70:d6:50:
         0b:3c:fc:80:94:03:61:08:5b:26:e1:4b:1c:f2:c1:3b:3a:3b:
         d6:d9:a8:42:e8:d9:9a:75:4f:a5:d2:1d:1a:ae:b1:92:aa:a6:
         fe:7e:32:f6:6a:68:89:58:d3:4a:f1:a6:78:2f:23:6e:40:44:
         09:42:62:70:46:41:3e:e7:41:38:54:db:05:9e:bd:43:32:d9:
         26:77:4b:86:f4:9e:16:96:78:dd:74:24:a5:d8:ed:53:87:c0:
         23:1e:73:ba:87:f7:d8:2f:f4:be:0d:f6:39:89:c6:42:f4:ac:
         14:58:7a:98:41:54:c3:85:29:4d:73:7a:a0:28:0b:23:a6:6d:
         e0:1e:f8:81:d2:3c:a8:ff:21:a4:19:ad:ae:20:a4:b0:9e:0f:
         f2:d7:4c:ab:d5:e4:df:a3:ca:12:40:06:ed:6e:59:c5:e3:cd:
         dd:3f:85:96:61:ea:47:fc:0d:02:6d:5b:5c:23:ac:18:d3:6e:
         8a:7d:53:e0:a1:87:b2:17:9c:fc:9e:0f:f4:1f:66:3f:54:04:
         69:0c:72:a2:9a:6b:9c:eb:17:bc:04:43:89:a0:bd:a6:9a:f0:
         ff:0c:51:2e:90:c2:7f:10:7a:25:a5:71:0d:ac:13:2f:8c:c6:
         b3:cf:40:bf
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJAkUWm6Xisr40H6wUJv0bEM9sJwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDEwMDAxMjA2WhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZGU0MTRlOWRlNjA5OWJlNDZhYWQ4MWVlN2RhNzUxODlh
MmQ2OTRmZGNiMmM0ZGVkMTQxZTA3ZDhhMjNiNDkyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZO665MRqxe95tDvryBkLJs6ybkGF1z23XRExfvP6KML0y
10f/3+2vnhqxlNXUZMaTGSpu71G6OAtxbL4bIxRjashM78l3IVUXBltAe6/jtnO3
39whHuaE1SOXgJfL4kYdgdx2aEV4LOeZJmSho0OhvsdvhEiMAijKP2cd7c6D48ub
8Gsq+bHWBs1yXkvkvnJOJvOJlQrAErmJQ2vZWkITn8wPGvlcdjhaGeFECYazGuC8
x/gJNgMRbPcrGt1jzDeXmMYYzCRzzvfATcbVMqdevIZ+0jtwnQZsijMCk5oGDVxh
O2eep9NdVhDKOxPWfdO1wSHWJDZS5UdKH6eTlnqLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUf/zQ11ZkytFOsQ22dvWmcPriQ8kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlhY2ExYWY1LTcwYWQtNDZmOC05NDM1LTdhMzVhOTdjZWYxZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABODD0wDQYJKoZIhvcNAQELBQADggEBACeqXMzxInuFD5+BuhT26nDWUAs8
/ICUA2EIWybhSxzywTs6O9bZqELo2Zp1T6XSHRqusZKqpv5+MvZqaIlY00rxpngv
I25ARAlCYnBGQT7nQThU2wWevUMy2SZ3S4b0nhaWeN10JKXY7VOHwCMec7qH99gv
9L4N9jmJxkL0rBRYephBVMOFKU1zeqAoCyOmbeAe+IHSPKj/IaQZra4gpLCeD/LX
TKvV5N+jyhJABu1uWcXjzd0/hZZh6kf8DQJtW1wjrBjTbop9U+Chh7IXnPyeD/Qf
Zj9UBGkMcqKaa5zrF7wEQ4mgvaaa8P8MUS6Qwn8QeiWlcQ2sEy+MxrPPQL8=
-----END CERTIFICATE-----