Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a8c2b78e-8c6c-4311-a68c-2246a6fd1450.roa
File:                     a8c2b78e-8c6c-4311-a68c-2246a6fd1450.roa (raw, json)
Hash identifier:          b1sXryj58Iam8NNXNTGxKAV7fDGVwQKiCJvL7BEwadg=
Subject key identifier:   4D:EC:AB:4F:EC:56:39:79:6C:96:17:93:3C:A7:3D:A3:84:8F:D6:A6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       674140F7C97FC397A7083BC40BB6CDFE8D8D57A0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a8c2b78e-8c6c-4311-a68c-2246a6fd1450.roa
Signing time:             Tue 11 Nov 2025 01:10:13 +0000
ROA not before:           Tue 11 Nov 2025 01:10:13 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        204.236.216.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:41:40:f7:c9:7f:c3:97:a7:08:3b:c4:0b:b6:cd:fe:8d:8d:57:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:10:13 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=d11c226ec3fee8ae3748278a78669e5cd127bbb6e2d707b5b30b6ea1876cae8c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e2:c0:bb:8b:56:64:c2:05:f1:e4:1e:4d:84:
                    00:67:78:71:b4:c0:60:af:3b:81:92:df:95:7b:c4:
                    8b:45:54:f2:b1:b4:d7:33:83:55:bf:c2:ba:22:e0:
                    1c:5b:5d:a8:d2:07:3b:07:d3:15:eb:83:7f:3f:22:
                    a2:b1:48:f6:9f:41:e8:16:7f:22:8c:3c:47:b7:58:
                    c3:b3:25:75:7b:ff:6e:ee:23:74:ac:1c:9b:c5:43:
                    ab:ac:72:69:b7:14:4a:ff:7e:ac:14:9e:d7:23:2e:
                    11:3b:e7:f6:7f:06:65:38:d7:b0:0b:91:0c:5d:7a:
                    3f:1c:63:4c:8f:45:a3:51:d1:f5:0f:87:16:c7:7b:
                    d3:5b:6d:9d:8b:e6:5a:63:4e:94:b4:81:f7:23:75:
                    4e:42:22:9b:01:ec:56:bb:48:3a:51:6a:12:74:dc:
                    38:ef:07:f3:96:da:d9:a3:4a:52:51:45:d4:49:ed:
                    ab:a5:50:6f:3b:2c:fd:68:97:2d:77:e0:5e:72:92:
                    06:62:e2:2b:6d:84:83:3c:32:8d:16:ac:41:ae:cb:
                    18:de:12:94:3a:85:44:8d:2d:86:07:c1:5a:82:1a:
                    ff:46:c5:03:ee:95:2f:fb:32:63:84:0d:1b:d0:7a:
                    9d:dc:d2:a3:ee:06:f1:89:5c:88:fd:dd:e4:fb:ee:
                    5f:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:EC:AB:4F:EC:56:39:79:6C:96:17:93:3C:A7:3D:A3:84:8F:D6:A6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a8c2b78e-8c6c-4311-a68c-2246a6fd1450.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.236.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:bb:00:ac:da:48:4c:32:16:d2:1d:ca:55:99:04:55:54:89:
         4c:f7:31:e9:22:3e:ac:ff:d6:25:be:8d:b6:76:35:48:2e:58:
         a1:8d:d5:ba:c6:06:92:73:16:34:95:52:ae:93:29:23:8c:a7:
         e2:3a:49:2c:f1:f5:b4:45:c2:b2:91:45:7f:f0:b1:c6:e1:59:
         ac:7a:19:cf:d9:b6:78:f2:1b:6e:f4:68:b8:48:12:d5:28:12:
         8b:a2:c6:fd:cf:e3:fa:85:a4:6a:53:63:7b:a3:6e:2b:8f:49:
         e4:32:97:aa:cb:ba:89:cb:f9:05:3d:d1:c2:52:a9:82:c1:37:
         e8:94:0f:62:52:25:1b:5b:e9:b4:b2:ae:44:4a:10:2d:68:35:
         fa:df:05:e5:25:34:83:83:5b:47:a0:80:77:1f:e4:8a:56:79:
         e6:4f:e9:3f:15:cd:a4:20:17:c0:35:ed:2a:72:c7:8f:52:56:
         be:4d:ce:44:25:f7:f4:09:c1:ac:8c:1d:95:b7:35:33:6a:e5:
         62:5e:57:42:c4:6b:77:cd:5e:51:e0:02:42:a2:3e:94:f6:3e:
         af:a6:35:66:0d:fe:e1:03:17:62:71:19:c6:f5:2e:56:2c:8a:
         fd:ca:2a:2e:94:50:ad:05:bd:f0:62:0e:f1:ca:0c:f5:81:09:
         cc:b8:d2:32
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZ0FA98l/w5enCDvEC7bN/o2NV6AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDExMDEzWhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMTFjMjI2ZWMzZmVlOGFlMzc0ODI3OGE3ODY2OWU1Y2Qx
MjdiYmI2ZTJkNzA3YjViMzBiNmVhMTg3NmNhZThjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/4sC7i1ZkwgXx5B5NhABneHG0wGCvO4GS35V7xItFVPKx
tNczg1W/wroi4BxbXajSBzsH0xXrg38/IqKxSPafQegWfyKMPEe3WMOzJXV7/27u
I3SsHJvFQ6uscmm3FEr/fqwUntcjLhE75/Z/BmU417ALkQxdej8cY0yPRaNR0fUP
hxbHe9NbbZ2L5lpjTpS0gfcjdU5CIpsB7Fa7SDpRahJ03DjvB/OW2tmjSlJRRdRJ
7aulUG87LP1oly134F5ykgZi4itthIM8Mo0WrEGuyxjeEpQ6hUSNLYYHwVqCGv9G
xQPulS/7MmOEDRvQep3c0qPuBvGJXIj93eT77l+9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTeyrT+xWOXlslheTPKc9o4SP1qYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E4YzJiNzhlLThjNmMtNDMxMS1hNjhjLTIyNDZhNmZkMTQ1MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADM7NgwDQYJKoZIhvcNAQELBQADggEBAMC7AKzaSEwyFtIdylWZBFVUiUz3
MekiPqz/1iW+jbZ2NUguWKGN1brGBpJzFjSVUq6TKSOMp+I6SSzx9bRFwrKRRX/w
scbhWax6Gc/ZtnjyG270aLhIEtUoEouixv3P4/qFpGpTY3ujbiuPSeQyl6rLuonL
+QU90cJSqYLBN+iUD2JSJRtb6bSyrkRKEC1oNfrfBeUlNIODW0eggHcf5IpWeeZP
6T8VzaQgF8A17Spyx49SVr5NzkQl9/QJwayMHZW3NTNq5WJeV0LEa3fNXlHgAkKi
PpT2Pq+mNWYN/uEDF2JxGcb1LlYsiv3KKi6UUK0FvfBiDvHKDPWBCcy40jI=
-----END CERTIFICATE-----