Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/404e92f3-75c8-4009-90ff-77096b5f65f8.roa
File:                     404e92f3-75c8-4009-90ff-77096b5f65f8.roa (raw, json)
Hash identifier:          jMMdG0ySk4goqcgYbDCL2FwpEEPIYhkZULr16ILqRhk=
Subject key identifier:   1A:C4:75:5A:23:20:B3:54:12:3D:55:CE:93:4B:F6:0C:4D:89:90:13
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       225CBFA09D2CD16D08A37F3C0CDD0385D15561A1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/404e92f3-75c8-4009-90ff-77096b5f65f8.roa
Signing time:             Fri 03 Oct 2025 00:51:16 +0000
ROA not before:           Fri 03 Oct 2025 00:51:16 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.78.128.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:5c:bf:a0:9d:2c:d1:6d:08:a3:7f:3c:0c:dd:03:85:d1:55:61:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:51:16 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=091a9927e9cd9634bd574ad7d896ae5b4ba61b9d24f00489f31836837d26039c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c7:30:e1:07:22:48:2b:1f:50:09:ff:bd:ad:
                    1a:d7:11:85:b1:3b:93:57:06:be:dd:01:9f:96:9e:
                    3e:41:42:38:3c:9f:6d:d5:4d:b5:4b:96:70:bf:06:
                    18:ee:c1:a7:8d:11:b1:7a:5d:83:19:f1:41:85:a7:
                    18:9b:9f:7e:14:18:80:22:f6:76:ff:1f:79:63:80:
                    4f:84:99:1b:2a:02:fd:4f:40:90:ca:7e:99:a6:19:
                    51:00:d5:57:78:ec:d7:46:31:ae:48:08:12:5c:0f:
                    5e:ac:fa:ac:12:72:1b:ed:bf:ed:1d:87:98:19:4b:
                    23:89:f2:96:ae:22:a8:e5:34:21:df:ce:a0:32:6c:
                    05:4e:7c:9f:49:ac:12:c4:75:16:3d:f4:b3:75:10:
                    c3:c1:bd:a5:7d:1c:13:d8:6d:3f:25:c1:3a:f1:c4:
                    5a:26:70:c8:d2:e4:9e:e5:ad:12:19:c3:90:b2:f0:
                    f9:da:26:0f:8f:d7:c1:06:a0:8f:4a:fb:3f:35:90:
                    1c:53:9d:74:61:29:80:91:c8:2a:a8:ee:83:4c:e5:
                    60:e3:de:2c:ba:e4:6b:8c:a3:f3:ed:4c:41:93:6d:
                    f1:91:de:de:67:93:d2:eb:f6:6a:6b:82:b6:f3:29:
                    d7:64:a2:c1:7c:9e:07:b5:36:17:8e:96:d4:82:a7:
                    d5:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:C4:75:5A:23:20:B3:54:12:3D:55:CE:93:4B:F6:0C:4D:89:90:13
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/404e92f3-75c8-4009-90ff-77096b5f65f8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.78.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         8c:05:a1:5e:de:6e:ba:32:6b:96:92:5b:45:b0:44:64:95:a4:
         43:85:27:04:a3:21:37:bc:2b:88:33:cd:32:5c:4c:2b:5b:b4:
         ec:c3:78:e8:ad:92:7e:48:56:b7:a8:b7:1f:fd:bc:a3:88:4a:
         62:82:e3:7e:20:15:c3:5b:0f:4c:bb:5a:9a:8e:50:ca:51:d6:
         cb:f7:c4:13:a3:85:e7:9a:c9:98:57:c0:c1:28:ac:c2:f5:ac:
         6e:4f:3e:b7:13:91:14:66:ad:67:6b:73:56:31:1d:eb:3b:d4:
         a6:ab:a7:89:a4:c8:9f:ee:c3:0d:0f:0e:8c:bc:04:ef:1a:be:
         54:29:3b:08:f2:35:09:a9:90:62:1b:69:30:14:de:3d:ae:b7:
         9a:d6:72:2d:d6:ab:07:34:8e:56:3c:6e:7d:f8:38:27:50:74:
         b5:6d:3e:84:f1:03:9a:aa:3c:8e:6b:ea:bd:32:2d:c2:33:9f:
         92:8c:5e:af:95:f8:58:fe:09:06:97:3b:76:3b:14:5c:57:60:
         80:0a:c6:ef:2c:f7:85:42:ef:17:60:cd:70:ed:ed:8a:53:db:
         d6:85:ef:8d:86:0e:15:d8:3c:be:8b:79:67:f9:53:88:cd:e2:
         43:c5:31:c5:0c:f3:57:ba:18:48:81:e5:b0:b5:82:af:cc:6a:
         d5:c5:24:dd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIly/oJ0s0W0Io388DN0DhdFVYaEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDA1MTE2WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwOTFhOTkyN2U5Y2Q5NjM0YmQ1NzRhZDdkODk2YWU1YjRi
YTYxYjlkMjRmMDA0ODlmMzE4MzY4MzdkMjYwMzljMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6xzDhByJIKx9QCf+9rRrXEYWxO5NXBr7dAZ+Wnj5BQjg8
n23VTbVLlnC/BhjuwaeNEbF6XYMZ8UGFpxibn34UGIAi9nb/H3ljgE+EmRsqAv1P
QJDKfpmmGVEA1Vd47NdGMa5ICBJcD16s+qwSchvtv+0dh5gZSyOJ8pauIqjlNCHf
zqAybAVOfJ9JrBLEdRY99LN1EMPBvaV9HBPYbT8lwTrxxFomcMjS5J7lrRIZw5Cy
8PnaJg+P18EGoI9K+z81kBxTnXRhKYCRyCqo7oNM5WDj3iy65GuMo/PtTEGTbfGR
3t5nk9Lr9mprgrbzKddkosF8nge1NheOltSCp9W5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGsR1WiMgs1QSPVXOk0v2DE2JkBMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQwNGU5MmYzLTc1YzgtNDAwOS05MGZmLTc3MDk2YjVmNjVmOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdjToAwDQYJKoZIhvcNAQELBQADggEBAIwFoV7ebroya5aSW0WwRGSVpEOF
JwSjITe8K4gzzTJcTCtbtOzDeOitkn5IVreotx/9vKOISmKC434gFcNbD0y7WpqO
UMpR1sv3xBOjheeayZhXwMEorML1rG5PPrcTkRRmrWdrc1YxHes71Karp4mkyJ/u
ww0PDoy8BO8avlQpOwjyNQmpkGIbaTAU3j2ut5rWci3Wqwc0jlY8bn34OCdQdLVt
PoTxA5qqPI5r6r0yLcIzn5KMXq+V+Fj+CQaXO3Y7FFxXYIAKxu8s94VC7xdgzXDt
7YpT29aF742GDhXYPL6LeWf5U4jN4kPFMcUM81e6GEiB5bC1gq/MatXFJN0=
-----END CERTIFICATE-----