Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d79209ee-b31e-46fa-bdfb-ea990915c3be.roa
File:                     d79209ee-b31e-46fa-bdfb-ea990915c3be.roa (raw, json)
Hash identifier:          4hxoLboJC3MeqQe9QaYyroY1Pt+7DK19VSz8lgxt+qw=
Subject key identifier:   43:30:6B:5E:31:C2:CF:D7:94:81:F3:C3:92:97:BA:D4:2C:F6:AD:4F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       33E63F5AAAEC1FCAE7CB62D2487121067E22FBDC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d79209ee-b31e-46fa-bdfb-ea990915c3be.roa
Signing time:             Wed 01 Oct 2025 00:52:52 +0000
ROA not before:           Wed 01 Oct 2025 00:52:52 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        98.76.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:e6:3f:5a:aa:ec:1f:ca:e7:cb:62:d2:48:71:21:06:7e:22:fb:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:52:52 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=f359d5ac471f9efbc987fd5da47c6c222ab2fdb32f2c7f0c10acb4c8ee5108c7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:47:ac:b9:6c:fe:de:32:91:04:8e:83:1f:1d:
                    cb:8b:07:cf:b1:b5:19:14:e4:18:50:68:b8:24:64:
                    48:08:d1:eb:0d:9b:23:95:61:1c:f2:1b:f3:01:74:
                    a4:2e:5f:27:cb:c6:eb:01:2a:30:f4:18:a9:9b:6f:
                    69:2a:bf:e2:bf:7e:5d:7e:c8:a5:84:c0:c0:f0:b7:
                    b4:40:64:16:8e:9f:40:05:8b:1c:86:1f:b5:0c:ac:
                    d9:73:d2:b1:13:61:ed:71:c8:67:c6:e6:72:42:0a:
                    dd:98:73:5c:b3:4d:b3:5f:b5:4c:2d:f1:40:a7:63:
                    5e:fb:52:2a:bf:ef:a3:1b:91:c1:6a:8e:ee:60:d2:
                    ce:cb:b9:01:26:ff:c1:7b:95:59:09:ac:1e:45:81:
                    4a:cc:da:88:e1:ab:33:1a:e7:15:50:7f:4b:4e:f2:
                    28:41:1d:77:cf:80:a6:4e:20:c6:f0:ec:95:f9:72:
                    a7:30:1e:c4:96:25:d1:2d:dd:c7:74:87:09:87:fe:
                    1f:dd:aa:22:f0:bc:3d:6e:d6:a3:39:e1:86:cb:a7:
                    53:79:2c:97:00:81:11:27:9b:56:78:e0:8f:f7:7a:
                    39:c4:65:c3:9b:9b:80:da:89:bf:be:64:d8:ee:2f:
                    fa:bf:7d:12:7d:97:b3:ea:8d:48:07:76:fc:e5:79:
                    23:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:30:6B:5E:31:C2:CF:D7:94:81:F3:C3:92:97:BA:D4:2C:F6:AD:4F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d79209ee-b31e-46fa-bdfb-ea990915c3be.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  98.76.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         37:b8:1b:43:a7:88:f2:3f:cd:2e:d1:be:eb:ed:c9:51:c8:fd:
         48:8c:0c:d6:1e:ff:94:62:55:f5:ca:de:3a:11:c2:58:17:ec:
         ba:e6:ca:b0:92:4e:88:ef:a3:40:56:74:3e:9d:f0:ed:a3:d9:
         23:59:c7:cc:70:70:f4:4d:bc:0e:24:17:71:64:4e:92:8b:ba:
         ef:8f:df:53:7b:c6:52:2f:e6:1e:22:c2:2c:5d:89:db:3d:d0:
         d9:26:8a:d7:61:2c:c1:a8:06:a9:8a:f6:f6:3e:2e:09:51:9a:
         42:ce:bd:5a:c3:69:dd:a3:b0:b8:a6:0b:bf:04:00:b8:1a:cb:
         02:d4:32:e7:06:89:72:60:68:10:d9:35:fe:b2:48:c8:e3:68:
         ae:85:9f:b5:18:3b:d9:6e:34:a1:b3:10:11:7a:79:c8:92:9a:
         ef:d5:f6:21:44:5c:a1:4c:78:7e:79:59:8e:d8:89:b5:77:68:
         59:7a:ac:e3:21:1b:4d:f6:75:a2:03:57:7b:c3:06:c0:f5:80:
         be:89:68:25:fa:57:ad:cb:a8:1f:1c:0b:6f:89:65:68:dc:fe:
         ef:af:d3:ee:63:a6:30:3f:d6:64:25:39:90:d1:38:3a:b1:92:
         2f:43:b5:f5:84:09:38:7a:4b:6e:89:ab:e0:0c:bd:78:cd:02:
         51:9e:64:41
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUM+Y/WqrsH8rny2LSSHEhBn4i+9wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDA1MjUyWhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMzU5ZDVhYzQ3MWY5ZWZiYzk4N2ZkNWRhNDdjNmMyMjJh
YjJmZGIzMmYyYzdmMGMxMGFjYjRjOGVlNTEwOGM3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDmR6y5bP7eMpEEjoMfHcuLB8+xtRkU5BhQaLgkZEgI0esN
myOVYRzyG/MBdKQuXyfLxusBKjD0GKmbb2kqv+K/fl1+yKWEwMDwt7RAZBaOn0AF
ixyGH7UMrNlz0rETYe1xyGfG5nJCCt2Yc1yzTbNftUwt8UCnY177Uiq/76MbkcFq
ju5g0s7LuQEm/8F7lVkJrB5FgUrM2ojhqzMa5xVQf0tO8ihBHXfPgKZOIMbw7JX5
cqcwHsSWJdEt3cd0hwmH/h/dqiLwvD1u1qM54YbLp1N5LJcAgREnm1Z44I/3ejnE
ZcObm4Daib++ZNjuL/q/fRJ9l7PqjUgHdvzleSOzAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUQzBrXjHCz9eUgfPDkpe61Cz2rU8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q3OTIwOWVlLWIzMWUtNDZmYS1iZGZiLWVhOTkwOTE1YzNiZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBiTDANBgkqhkiG9w0BAQsFAAOCAQEAN7gbQ6eI8j/NLtG+6+3JUcj9SIwM
1h7/lGJV9creOhHCWBfsuubKsJJOiO+jQFZ0Pp3w7aPZI1nHzHBw9E28DiQXcWRO
kou674/fU3vGUi/mHiLCLF2J2z3Q2SaK12EswagGqYr29j4uCVGaQs69WsNp3aOw
uKYLvwQAuBrLAtQy5waJcmBoENk1/rJIyONoroWftRg72W40obMQEXp5yJKa79X2
IURcoUx4fnlZjtiJtXdoWXqs4yEbTfZ1ogNXe8MGwPWAvoloJfpXrcuoHxwLb4ll
aNz+76/T7mOmMD/WZCU5kNE4OrGSL0O19YQJOHpLbomr4Ay9eM0CUZ5kQQ==
-----END CERTIFICATE-----