Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0d232050-4c58-40e2-9036-331be5aa0f31.roa
File:                     0d232050-4c58-40e2-9036-331be5aa0f31.roa (raw, json)
Hash identifier:          sOyAOIyitYeh+LgIAJ4rtnO1bFdGQArQwhIWvVuR97U=
Subject key identifier:   89:B3:93:F5:B3:DF:20:18:BF:2B:CE:EB:F7:34:93:B8:20:08:70:70
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5437CE2EE87609599A7026EADECFE31EB7AABADC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0d232050-4c58-40e2-9036-331be5aa0f31.roa
Signing time:             Wed 12 Nov 2025 02:12:03 +0000
ROA not before:           Wed 12 Nov 2025 02:12:03 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        121.91.192.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:37:ce:2e:e8:76:09:59:9a:70:26:ea:de:cf:e3:1e:b7:aa:ba:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 02:12:03 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=51561a4b6dc3fda4bb0a1086e4a48789d1d5d8edc40620001bdbc8c5c6cb2388, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:e5:7a:40:99:4b:23:ed:8a:33:8b:cc:3e:77:
                    a9:93:9c:f8:e7:f1:db:68:ac:95:18:2d:a2:e7:19:
                    27:5e:e0:fe:c3:57:d4:12:9a:99:84:70:2b:24:f8:
                    7b:b3:0f:d3:96:62:a0:cf:bf:50:05:d4:28:ca:d9:
                    e6:b1:8a:3b:41:39:78:23:cb:dd:83:b6:d8:95:a6:
                    df:14:3b:d7:28:ff:80:a4:65:34:f0:8a:6e:33:60:
                    e1:ba:0d:29:47:21:2e:b1:d6:38:1c:8b:64:3f:f1:
                    55:5d:ac:fc:52:60:42:60:3c:d3:1a:c4:9c:70:a2:
                    ad:de:0b:0d:44:ac:b4:23:62:51:25:b3:0d:3e:3e:
                    21:f1:06:f7:ea:5d:de:05:8a:bf:60:2f:ba:3e:fd:
                    d1:59:09:88:5c:6b:e9:30:51:ff:a9:1d:ca:25:bb:
                    24:d0:fe:ec:e6:92:8a:3f:f4:8c:7b:50:6b:45:0e:
                    13:1f:73:09:ff:fc:10:c7:d7:91:b6:ff:4d:8b:11:
                    84:8d:bf:a8:c4:b1:88:f0:63:68:99:82:14:8f:6d:
                    31:df:3a:aa:d6:24:5a:8e:eb:b3:7f:17:c7:27:9e:
                    9a:f1:13:0b:53:4d:6d:e5:ca:3d:9d:0f:8d:66:c6:
                    7b:a6:6b:d8:d1:97:dd:d5:c7:e3:01:9f:e6:c7:8e:
                    dd:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:B3:93:F5:B3:DF:20:18:BF:2B:CE:EB:F7:34:93:B8:20:08:70:70
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0d232050-4c58-40e2-9036-331be5aa0f31.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  121.91.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:d2:bc:e2:58:63:1c:3f:de:4c:23:a1:7c:d9:7a:fe:e5:f7:
         44:53:e8:d9:51:9f:70:f9:69:5e:35:70:34:69:e9:da:29:5d:
         50:26:bf:20:38:f2:9f:09:37:dc:6d:75:c0:cb:98:cf:b0:23:
         90:9f:d0:02:c1:e1:78:71:d9:b9:fd:90:26:32:50:b1:cd:7e:
         e4:db:b6:96:13:a7:85:70:1d:04:f0:8e:a0:47:ca:b1:a2:3d:
         2c:45:de:a3:d9:f3:ce:2c:73:45:23:fc:a3:f3:82:8a:bd:88:
         77:62:59:f4:76:3f:6b:3a:26:12:f8:f7:72:6c:c7:dd:76:af:
         6b:ab:58:f3:37:d4:ab:d9:71:68:2f:c2:43:3b:b6:c9:6f:79:
         e3:c6:89:72:2f:cf:f9:05:37:bd:45:8a:dd:e4:96:55:4a:fc:
         3c:37:fc:89:50:3a:fc:3f:71:0e:09:62:3c:f4:9b:07:2d:1e:
         cc:f9:a5:a8:e7:29:77:a3:6d:21:20:e9:8e:e3:c3:65:e3:6d:
         fe:a2:d8:a7:97:6f:0b:75:64:d7:66:2c:e4:d0:d2:45:4f:60:
         de:c2:3c:52:80:b1:4e:3c:b8:e7:5c:9c:5e:53:6c:1f:9c:8c:
         74:c2:e7:ee:02:a0:84:46:b8:c7:2e:95:35:db:ed:fc:82:5e:
         39:f3:2a:c2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVDfOLuh2CVmacCbq3s/jHrequtwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDIxMjAzWhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MTU2MWE0YjZkYzNmZGE0YmIwYTEwODZlNGE0ODc4OWQx
ZDVkOGVkYzQwNjIwMDAxYmRiYzhjNWM2Y2IyMzg4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDD5XpAmUsj7Yozi8w+d6mTnPjn8dtorJUYLaLnGSde4P7D
V9QSmpmEcCsk+HuzD9OWYqDPv1AF1CjK2eaxijtBOXgjy92DttiVpt8UO9co/4Ck
ZTTwim4zYOG6DSlHIS6x1jgci2Q/8VVdrPxSYEJgPNMaxJxwoq3eCw1ErLQjYlEl
sw0+PiHxBvfqXd4Fir9gL7o+/dFZCYhca+kwUf+pHcoluyTQ/uzmkoo/9Ix7UGtF
DhMfcwn//BDH15G2/02LEYSNv6jEsYjwY2iZghSPbTHfOqrWJFqO67N/F8cnnprx
EwtTTW3lyj2dD41mxnuma9jRl93Vx+MBn+bHjt35AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUibOT9bPfIBi/K87r9zSTuCAIcHAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBkMjMyMDUwLTRjNTgtNDBlMi05MDM2LTMzMWJlNWFhMGYzMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJ5W8AwDQYJKoZIhvcNAQELBQADggEBABHSvOJYYxw/3kwjoXzZev7l90RT
6NlRn3D5aV41cDRp6dopXVAmvyA48p8JN9xtdcDLmM+wI5Cf0ALB4Xhx2bn9kCYy
ULHNfuTbtpYTp4VwHQTwjqBHyrGiPSxF3qPZ884sc0Uj/KPzgoq9iHdiWfR2P2s6
JhL493Jsx912r2urWPM31KvZcWgvwkM7tslveePGiXIvz/kFN71Fit3kllVK/Dw3
/IlQOvw/cQ4JYjz0mwctHsz5pajnKXejbSEg6Y7jw2Xjbf6i2KeXbwt1ZNdmLOTQ
0kVPYN7CPFKAsU48uOdcnF5TbB+cjHTC5+4CoIRGuMculTXb7fyCXjnzKsI=
-----END CERTIFICATE-----