Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78fa3972-5318-47b7-a9d6-d6ceecbc554e.roa
File:                     78fa3972-5318-47b7-a9d6-d6ceecbc554e.roa (raw, json)
Hash identifier:          BLLjM2M8xliXhbx7b9GplP/a97tbnIbwzQPWWMM+Ttk=
Subject key identifier:   37:24:E9:28:15:28:FC:BD:ED:D8:F2:4F:90:84:E8:69:3D:D4:25:2B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       634B717A73A231F23B634C7C8CC829AF9027C578
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78fa3972-5318-47b7-a9d6-d6ceecbc554e.roa
Signing time:             Fri 07 Nov 2025 00:50:09 +0000
ROA not before:           Fri 07 Nov 2025 00:50:09 +0000
ROA not after:            Fri 12 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.55.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:4b:71:7a:73:a2:31:f2:3b:63:4c:7c:8c:c8:29:af:90:27:c5:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  7 00:50:09 2025 GMT
            Not After : Dec 12 23:59:59 2025 GMT
        Subject: serialNumber=81e492439fd461d8a8fc84f338b3f58d2a1a52671ba15d844577da45b6b9cf1e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:3d:66:8e:2b:4e:9e:d7:ad:60:fa:d3:3f:fa:
                    4e:88:09:4c:fb:ef:9b:3b:fc:8d:ca:99:c9:e0:30:
                    e4:91:f0:30:3e:9d:b2:fa:53:64:70:5c:50:b4:bb:
                    6f:41:f4:8b:f2:93:11:d4:e7:7e:ca:48:24:ce:46:
                    4e:02:03:e6:a4:e6:78:a1:1d:f3:80:d5:6e:46:70:
                    7f:ba:76:d9:1a:f4:9a:c7:a1:08:7f:9c:68:34:48:
                    7e:47:67:e3:87:da:18:46:d0:c9:59:8b:2a:72:62:
                    fe:01:80:ce:0e:a0:48:49:ba:6f:b8:b0:66:55:4b:
                    dd:25:e0:4d:ac:af:c4:22:a9:17:22:e8:7e:57:30:
                    5c:f0:75:ce:95:88:27:d6:6f:ad:b7:45:f7:0a:96:
                    d5:32:b5:4a:ea:c1:5f:be:7d:57:6c:c6:cc:98:24:
                    11:49:bb:8a:22:37:8e:b5:e7:79:bd:79:f5:7c:fa:
                    6f:58:6f:68:a9:b7:cb:2f:ac:34:ea:0b:ce:27:57:
                    3f:8a:c6:aa:66:68:fc:07:e3:11:73:92:d1:94:c5:
                    e1:6b:0f:ff:8f:fe:ed:b2:9c:e7:ac:da:4e:4a:89:
                    30:17:21:ff:ae:27:f4:8e:15:f1:1c:b2:d7:c0:3c:
                    07:12:d0:01:b1:17:48:5f:9a:23:d2:64:2d:e6:56:
                    da:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:24:E9:28:15:28:FC:BD:ED:D8:F2:4F:90:84:E8:69:3D:D4:25:2B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78fa3972-5318-47b7-a9d6-d6ceecbc554e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.55.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         94:c2:cd:bd:33:2e:c4:fe:31:4e:45:da:8f:5c:89:14:96:2d:
         f9:af:8b:a3:2d:8c:54:75:9d:34:28:b5:aa:12:9f:a7:8c:bc:
         e5:8d:dc:64:b4:a2:5c:41:c4:88:7b:00:35:23:7a:2b:c5:0f:
         7e:8a:64:86:d5:48:05:9d:ae:62:68:85:ef:df:45:25:db:18:
         dd:c5:47:23:6f:2b:cd:78:e6:2c:36:1a:7c:19:9a:1c:ba:d1:
         b2:f5:8e:4d:41:8a:aa:4e:f9:8c:ba:59:ea:3a:3b:83:d9:0b:
         21:ba:50:28:f4:b1:12:d0:f5:1c:f5:86:1c:78:69:86:13:59:
         5f:2d:f9:dc:85:b0:6e:92:9a:c6:96:9e:b2:5d:df:ce:09:d3:
         ee:99:5b:1f:d6:db:30:77:cd:a9:e6:99:f6:e8:c9:95:7d:57:
         7f:1f:96:60:29:9f:d0:be:52:c2:57:d0:0d:f6:f8:8c:46:ad:
         1b:12:c5:80:28:c9:1b:60:e8:06:cf:1b:8a:b2:0c:cc:36:3e:
         7f:19:2d:84:63:64:11:ad:d7:4b:5e:d0:aa:48:3a:73:6c:c9:
         4a:d6:d3:a6:5e:59:f7:b5:45:62:97:5a:d4:66:85:75:1c:75:
         68:f8:ef:14:24:fa:3a:38:ff:ff:de:90:28:01:10:35:11:a9:
         d7:3c:01:e0
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUY0txenOiMfI7Y0x8jMgpr5AnxXgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA3MDA1MDA5WhcNMjUxMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MWU0OTI0MzlmZDQ2MWQ4YThmYzg0ZjMzOGIzZjU4ZDJh
MWE1MjY3MWJhMTVkODQ0NTc3ZGE0NWI2YjljZjFlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDfPWaOK06e161g+tM/+k6ICUz775s7/I3KmcngMOSR8DA+
nbL6U2RwXFC0u29B9IvykxHU537KSCTORk4CA+ak5nihHfOA1W5GcH+6dtka9JrH
oQh/nGg0SH5HZ+OH2hhG0MlZiypyYv4BgM4OoEhJum+4sGZVS90l4E2sr8QiqRci
6H5XMFzwdc6ViCfWb623RfcKltUytUrqwV++fVdsxsyYJBFJu4oiN46153m9efV8
+m9Yb2ipt8svrDTqC84nVz+KxqpmaPwH4xFzktGUxeFrD/+P/u2ynOes2k5KiTAX
If+uJ/SOFfEcstfAPAcS0AGxF0hfmiPSZC3mVtqHAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUNyTpKBUo/L3t2PJPkIToaT3UJSswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc4ZmEzOTcyLTUzMTgtNDdiNy1hOWQ2LWQ2Y2VlY2JjNTU0ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAjNzANBgkqhkiG9w0BAQsFAAOCAQEAlMLNvTMuxP4xTkXaj1yJFJYt+a+L
oy2MVHWdNCi1qhKfp4y85Y3cZLSiXEHEiHsANSN6K8UPfopkhtVIBZ2uYmiF799F
JdsY3cVHI28rzXjmLDYafBmaHLrRsvWOTUGKqk75jLpZ6jo7g9kLIbpQKPSxEtD1
HPWGHHhphhNZXy353IWwbpKaxpaesl3fzgnT7plbH9bbMHfNqeaZ9ujJlX1Xfx+W
YCmf0L5SwlfQDfb4jEatGxLFgCjJG2DoBs8birIMzDY+fxkthGNkEa3XS17Qqkg6
c2zJStbTpl5Z97VFYpda1GaFdRx1aPjvFCT6Ojj//96QKAEQNRGp1zwB4A==
-----END CERTIFICATE-----