Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e8f17b04-1645-48c1-bdde-f6c8474cad6d.roa
File:                     e8f17b04-1645-48c1-bdde-f6c8474cad6d.roa (raw, json)
Hash identifier:          aqKwC/MbWOe2J7FOAHL2uOqfU7u6dIIRBI7v9IPUkbM=
Subject key identifier:   A2:9C:BD:98:AF:F2:49:1B:55:1F:2E:04:70:D4:F4:59:5C:ED:59:31
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3DB02629FF49189F38C977445FB13D2DCD90BBC9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e8f17b04-1645-48c1-bdde-f6c8474cad6d.roa
Signing time:             Tue 11 Nov 2025 02:20:54 +0000
ROA not before:           Tue 11 Nov 2025 02:20:54 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        1.178.168.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:b0:26:29:ff:49:18:9f:38:c9:77:44:5f:b1:3d:2d:cd:90:bb:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 02:20:54 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=500a08cb47271ac3456a5e6eca86fd41be255d89245c204785d7d05dba0097dc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:be:7a:93:a8:e5:e1:f1:b9:76:8c:ca:88:e6:
                    54:9a:a8:a9:40:17:c2:29:b9:83:57:24:32:3e:07:
                    8b:c8:a0:47:fb:15:49:42:ae:c5:10:d1:e5:ee:6a:
                    8c:0d:a9:05:a9:7a:f0:6f:46:fc:9d:a0:cf:b5:06:
                    cd:72:02:1f:1c:12:7c:05:ce:4e:ad:65:2a:28:f8:
                    64:b3:b0:90:9f:96:16:9e:66:62:0f:2c:c5:fb:36:
                    11:91:d7:15:a9:13:db:ff:4d:42:b7:6c:a7:87:54:
                    7b:2d:ae:63:95:b5:55:e0:4c:4b:ee:36:4c:83:9e:
                    0d:44:ad:71:b1:d5:d3:53:e2:63:32:ad:aa:e7:8e:
                    7c:f8:ee:fa:df:6c:f7:49:35:75:82:a4:d4:29:35:
                    4b:f5:cd:43:6e:59:08:2b:26:9a:b9:ab:f1:02:dc:
                    87:d8:4f:2e:d0:cd:47:b5:cc:10:70:70:09:ee:5e:
                    bb:a5:0c:21:a3:5f:3d:0e:c0:e7:b3:4d:83:6f:ed:
                    4e:11:30:4b:fe:fb:c4:3f:17:b9:bf:82:45:1b:55:
                    56:0f:06:bb:e2:d5:da:94:90:e3:2b:20:ac:f2:58:
                    c4:f8:94:cb:21:2a:a7:25:99:f7:ae:3f:e0:02:72:
                    b0:70:d8:6a:77:e6:1d:f7:db:1a:45:87:9d:f2:94:
                    8d:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:9C:BD:98:AF:F2:49:1B:55:1F:2E:04:70:D4:F4:59:5C:ED:59:31
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e8f17b04-1645-48c1-bdde-f6c8474cad6d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  1.178.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:c8:30:af:c3:78:ac:63:4e:4c:45:1a:f1:87:5b:c8:d1:a1:
         6f:30:99:ec:01:64:36:8c:eb:a4:fb:17:1a:74:50:63:25:c8:
         a2:52:7e:37:64:21:23:9b:06:e3:a6:08:e6:2e:01:e3:27:c6:
         a3:5f:2f:ab:6f:eb:50:55:a9:5f:43:b8:f3:8a:31:16:95:6c:
         95:30:f9:4f:d5:bb:2e:4e:31:65:c6:82:6b:ab:ef:45:b3:62:
         e4:12:2b:c9:48:72:e8:73:45:f1:99:cd:79:e6:06:8e:77:1a:
         13:b9:bb:06:b8:37:c2:f1:72:2f:bd:f2:59:ae:e7:9d:db:3a:
         5c:71:bf:d9:a2:9e:60:06:0e:03:1f:db:da:eb:42:25:7a:e7:
         1f:5d:4a:4e:34:4a:e7:89:b4:6c:7a:e7:4a:3c:44:7b:b7:65:
         cd:9d:aa:d3:db:21:18:ed:69:6f:df:32:d9:d8:b0:f7:4f:70:
         a7:f9:8d:df:eb:55:d6:19:74:7d:7a:ec:af:fc:8f:b5:24:f0:
         7d:f6:ec:c0:85:cb:f6:3f:b8:29:09:d3:df:11:8f:74:ac:55:
         e9:e3:bc:c4:9f:34:a5:9c:5b:6f:05:53:98:25:f1:5e:30:c5:
         12:b1:49:87:ec:6e:75:54:4e:da:db:24:0c:02:8e:0a:a2:c3:
         a5:f6:d9:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPbAmKf9JGJ84yXdEX7E9Lc2Qu8kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDIyMDU0WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MDBhMDhjYjQ3MjcxYWMzNDU2YTVlNmVjYTg2ZmQ0MWJl
MjU1ZDg5MjQ1YzIwNDc4NWQ3ZDA1ZGJhMDA5N2RjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIvnqTqOXh8bl2jMqI5lSaqKlAF8IpuYNXJDI+B4vIoEf7
FUlCrsUQ0eXuaowNqQWpevBvRvydoM+1Bs1yAh8cEnwFzk6tZSoo+GSzsJCflhae
ZmIPLMX7NhGR1xWpE9v/TUK3bKeHVHstrmOVtVXgTEvuNkyDng1ErXGx1dNT4mMy
rarnjnz47vrfbPdJNXWCpNQpNUv1zUNuWQgrJpq5q/EC3IfYTy7QzUe1zBBwcAnu
XrulDCGjXz0OwOezTYNv7U4RMEv++8Q/F7m/gkUbVVYPBrvi1dqUkOMrIKzyWMT4
lMshKqclmfeuP+ACcrBw2Gp35h332xpFh53ylI0hAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUopy9mK/ySRtVHy4EcNT0WVztWTEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U4ZjE3YjA0LTE2NDUtNDhjMS1iZGRlLWY2Yzg0NzRjYWQ2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIBsqgwDQYJKoZIhvcNAQELBQADggEBAGPIMK/DeKxjTkxFGvGHW8jRoW8w
mewBZDaM66T7Fxp0UGMlyKJSfjdkISObBuOmCOYuAeMnxqNfL6tv61BVqV9DuPOK
MRaVbJUw+U/Vuy5OMWXGgmur70WzYuQSK8lIcuhzRfGZzXnmBo53GhO5uwa4N8Lx
ci+98lmu553bOlxxv9minmAGDgMf29rrQiV65x9dSk40SueJtGx650o8RHu3Zc2d
qtPbIRjtaW/fMtnYsPdPcKf5jd/rVdYZdH167K/8j7Uk8H327MCFy/Y/uCkJ098R
j3SsVenjvMSfNKWcW28FU5gl8V4wxRKxSYfsbnVUTtrbJAwCjgqiw6X22fM=
-----END CERTIFICATE-----