Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c6aed18e-4181-45db-aec2-a8eeb50789dc.roa
File:                     c6aed18e-4181-45db-aec2-a8eeb50789dc.roa (raw, json)
Hash identifier:          uz7HXBsafW+IvHTGDU2bffViq+ZEAoMfbE5bIADqbWA=
Subject key identifier:   3C:5F:FB:0D:70:C5:C1:3F:12:D5:AD:8A:13:17:7B:57:96:F7:60:87
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       638FA129D3FF797D1CFFA203436C3DE423EC68F4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c6aed18e-4181-45db-aec2-a8eeb50789dc.roa
Signing time:             Tue 18 Nov 2025 00:00:09 +0000
ROA not before:           Tue 18 Nov 2025 00:00:09 +0000
ROA not after:            Mon 16 Feb 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        98.68.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:8f:a1:29:d3:ff:79:7d:1c:ff:a2:03:43:6c:3d:e4:23:ec:68:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 18 00:00:09 2025 GMT
            Not After : Feb 16 23:59:59 2026 GMT
        Subject: serialNumber=831dd31ecdc36b3ca7db564df991492cca67a00be64eb7c5781ecec17af9a480, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:ce:31:3d:12:e5:44:b5:4c:65:f7:91:c5:1d:
                    f5:36:6a:1c:39:b1:cf:d9:a2:99:a6:ce:6b:ca:2d:
                    ea:1b:52:4a:d2:40:98:96:84:f7:f3:43:7b:58:75:
                    9e:c1:80:4b:0e:f6:e1:56:24:07:6a:b6:65:99:80:
                    54:19:04:57:ac:72:14:7a:1a:bb:f8:5a:e8:37:29:
                    4a:fb:e3:f6:84:0a:74:84:57:d1:ad:63:cc:31:83:
                    ea:6d:92:b5:ca:24:25:58:d0:2c:9e:16:a7:5a:64:
                    da:d6:79:d9:26:02:37:e1:9a:96:9b:3f:36:48:1b:
                    cf:00:0a:da:99:b6:aa:dc:4c:ec:fd:4e:0f:22:1c:
                    e6:50:12:de:fd:d5:9f:1a:20:70:e7:f8:c6:28:7d:
                    45:49:12:7e:d5:7f:41:1c:26:aa:01:b3:71:ca:10:
                    5f:ec:e0:98:fe:11:b2:b0:ad:5d:88:24:63:52:10:
                    e7:3d:c7:dc:a4:d6:9e:53:2e:45:1b:76:f2:eb:00:
                    43:a6:78:08:13:e6:2c:86:c8:0d:66:98:07:92:a9:
                    74:67:5d:6f:6c:b3:c3:89:61:cf:76:48:10:f3:f6:
                    31:d2:cb:b9:30:26:49:04:54:3b:d9:7c:7c:2e:b0:
                    5a:0c:b6:6d:75:1b:fb:45:80:da:02:cd:bd:28:4f:
                    aa:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:5F:FB:0D:70:C5:C1:3F:12:D5:AD:8A:13:17:7B:57:96:F7:60:87
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c6aed18e-4181-45db-aec2-a8eeb50789dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  98.68.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         98:bc:b4:dd:b8:48:76:bf:c4:44:d8:4b:bd:44:57:f1:0a:52:
         1c:1a:2e:6f:b1:14:da:08:22:eb:83:b1:4e:b9:bc:66:67:79:
         8e:ae:53:94:5c:d7:72:25:d7:eb:af:4a:af:62:92:e5:4b:3a:
         c2:de:e1:44:32:9c:f8:e8:ab:e1:e2:28:14:c0:54:3a:db:a8:
         09:3e:f6:f0:a9:26:8b:ac:58:f6:3a:06:67:fc:e7:29:19:52:
         a8:e0:70:33:a9:94:4d:cf:18:07:0e:e9:54:e9:89:c9:5b:84:
         a0:74:c1:7d:47:e6:c4:a7:86:5e:c0:53:3d:2b:68:24:48:fe:
         39:89:0f:d7:19:57:53:ee:7a:25:ae:93:12:48:98:8d:2e:3a:
         5f:8a:d2:40:37:b9:18:32:2e:71:41:2f:c5:fa:4f:58:db:b9:
         a4:f9:fb:61:d5:c2:41:27:be:4a:49:24:72:fb:db:22:04:36:
         b5:17:78:fe:f9:23:a9:c8:66:80:df:08:cd:52:1f:0e:5c:fe:
         05:e4:d5:26:44:06:bc:3d:fb:51:ab:a1:1d:55:1a:a3:1d:ad:
         76:80:07:82:15:ac:9e:21:cb:2f:5a:97:80:72:c8:0d:d0:f6:
         86:b4:0c:2b:5d:5b:ec:4b:a6:03:08:25:f4:c6:57:4d:d5:80:
         bc:29:af:67
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUY4+hKdP/eX0c/6IDQ2w95CPsaPQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE4MDAwMDA5WhcNMjYwMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MzFkZDMxZWNkYzM2YjNjYTdkYjU2NGRmOTkxNDkyY2Nh
NjdhMDBiZTY0ZWI3YzU3ODFlY2VjMTdhZjlhNDgwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWzjE9EuVEtUxl95HFHfU2ahw5sc/ZopmmzmvKLeobUkrS
QJiWhPfzQ3tYdZ7BgEsO9uFWJAdqtmWZgFQZBFeschR6Grv4Wug3KUr74/aECnSE
V9GtY8wxg+ptkrXKJCVY0CyeFqdaZNrWedkmAjfhmpabPzZIG88ACtqZtqrcTOz9
Tg8iHOZQEt791Z8aIHDn+MYofUVJEn7Vf0EcJqoBs3HKEF/s4Jj+EbKwrV2IJGNS
EOc9x9yk1p5TLkUbdvLrAEOmeAgT5iyGyA1mmAeSqXRnXW9ss8OJYc92SBDz9jHS
y7kwJkkEVDvZfHwusFoMtm11G/tFgNoCzb0oT6qfAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUPF/7DXDFwT8S1a2KExd7V5b3YIcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M2YWVkMThlLTQxODEtNDVkYi1hZWMyLWE4ZWViNTA3ODlkYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBiRDANBgkqhkiG9w0BAQsFAAOCAQEAmLy03bhIdr/ERNhLvURX8QpSHBou
b7EU2ggi64OxTrm8Zmd5jq5TlFzXciXX669Kr2KS5Us6wt7hRDKc+Oir4eIoFMBU
OtuoCT728Kkmi6xY9joGZ/znKRlSqOBwM6mUTc8YBw7pVOmJyVuEoHTBfUfmxKeG
XsBTPStoJEj+OYkP1xlXU+56Ja6TEkiYjS46X4rSQDe5GDIucUEvxfpPWNu5pPn7
YdXCQSe+SkkkcvvbIgQ2tRd4/vkjqchmgN8IzVIfDlz+BeTVJkQGvD37UauhHVUa
ox2tdoAHghWsniHLL1qXgHLIDdD2hrQMK11b7EumAwgl9MZXTdWAvCmvZw==
-----END CERTIFICATE-----