Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21abbc7d-7b93-4e53-9077-6ff1e16011b9.roa
File:                     21abbc7d-7b93-4e53-9077-6ff1e16011b9.roa (raw, json)
Hash identifier:          jHUi2GGybewUEY/1lh2erRJbK0DUrG5rk7eyC5DGY30=
Subject key identifier:   FC:A6:66:F3:8C:2B:62:3D:0A:52:49:4E:24:C4:51:B3:79:AE:E0:5C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0EBB099C63CE79D346A4823F0AE473489F7E56BB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21abbc7d-7b93-4e53-9077-6ff1e16011b9.roa
Signing time:             Wed 12 Nov 2025 02:00:05 +0000
ROA not before:           Wed 12 Nov 2025 02:00:05 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        119.13.148.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:bb:09:9c:63:ce:79:d3:46:a4:82:3f:0a:e4:73:48:9f:7e:56:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 02:00:05 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=5f0a0d0bb17d0e8f69b5c33f6d01577dffa1d9ccaa99e7c476447f4faaeb783b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:85:58:aa:83:e1:8b:79:4d:5c:df:43:2b:a3:
                    97:f8:10:13:97:d2:c4:5a:cf:52:98:22:31:2b:f2:
                    a7:7e:a2:45:5b:c2:a8:77:d4:e1:9b:06:51:ef:85:
                    e4:2e:4e:29:db:6b:24:ad:0f:dc:26:70:5c:5a:0e:
                    f8:e6:6c:7a:4e:00:ea:8f:fa:bf:1a:23:42:ff:9a:
                    bf:37:97:5f:2d:67:a3:91:60:e2:a9:32:92:cb:75:
                    80:96:a4:cd:f1:6c:e1:3e:16:ae:cf:10:4e:81:e8:
                    2d:4c:24:76:a3:37:29:60:c1:8e:b0:c5:ce:eb:41:
                    00:1c:42:af:80:0e:f7:45:98:ae:e4:ee:c8:6b:b4:
                    4c:c4:ba:a8:60:41:da:62:90:07:a2:8a:0e:84:5c:
                    40:36:c3:97:23:bc:58:86:14:79:74:61:da:78:21:
                    a4:52:3e:4a:3e:05:79:a1:f1:9a:7d:b5:9b:52:1f:
                    64:eb:49:1b:71:2d:41:0d:bc:22:ae:96:2d:cc:e7:
                    88:19:d0:c5:a3:b4:37:eb:db:3a:11:4e:dd:cd:d1:
                    41:d4:83:0b:de:7c:01:1d:ff:88:46:90:35:0c:d5:
                    fc:2a:68:60:86:89:50:a0:ed:ed:d5:41:04:49:ae:
                    86:28:e9:48:9a:65:5e:74:10:cf:9d:00:94:bc:7f:
                    c9:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:A6:66:F3:8C:2B:62:3D:0A:52:49:4E:24:C4:51:B3:79:AE:E0:5C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21abbc7d-7b93-4e53-9077-6ff1e16011b9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.13.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:74:e0:74:60:77:fd:fe:2b:3b:6c:9a:de:c3:86:f4:92:e9:
         3e:0a:d4:ee:da:f2:a3:52:b5:ae:5f:f2:43:a8:dc:ac:4f:c6:
         4a:d9:7f:f5:2b:56:4b:f9:47:1b:c7:18:d0:66:f6:0e:e0:ac:
         ac:c2:43:69:11:c9:6b:03:25:18:3d:29:ce:14:c1:61:44:24:
         db:09:f7:1c:2b:72:18:98:20:62:77:49:6c:1b:23:b3:01:3e:
         45:37:b1:99:1a:69:21:57:1e:e7:6b:74:75:b6:15:e5:35:e5:
         2d:3d:19:82:ce:82:63:b7:94:32:d9:94:4b:a0:03:b9:47:bb:
         b1:35:6e:97:56:83:32:d6:1f:5e:95:a4:64:32:8a:10:b5:d9:
         fe:2b:d2:9b:f1:74:96:05:91:41:6f:81:b0:3a:fe:50:48:91:
         38:29:4f:4c:04:3a:97:98:95:fd:0c:fb:33:1c:77:b9:c6:d8:
         72:44:1b:c5:b0:78:38:e0:3b:f1:bd:2e:c0:8d:4d:c0:ae:f6:
         bd:9d:40:cc:8a:87:14:e4:ab:95:ce:13:88:2a:d2:e2:fc:57:
         f5:bd:e9:bd:19:79:cf:f9:57:08:e8:25:b6:b0:52:3a:3d:e7:
         87:34:11:bd:2b:5c:1e:ed:69:e9:46:9c:6c:b6:a7:ba:dd:a2:
         ff:27:a1:92
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDrsJnGPOedNGpII/CuRzSJ9+VrswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDIwMDA1WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZjBhMGQwYmIxN2QwZThmNjliNWMzM2Y2ZDAxNTc3ZGZm
YTFkOWNjYWE5OWU3YzQ3NjQ0N2Y0ZmFhZWI3ODNiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDlhViqg+GLeU1c30Mro5f4EBOX0sRaz1KYIjEr8qd+okVb
wqh31OGbBlHvheQuTinbayStD9wmcFxaDvjmbHpOAOqP+r8aI0L/mr83l18tZ6OR
YOKpMpLLdYCWpM3xbOE+Fq7PEE6B6C1MJHajNylgwY6wxc7rQQAcQq+ADvdFmK7k
7shrtEzEuqhgQdpikAeiig6EXEA2w5cjvFiGFHl0Ydp4IaRSPko+BXmh8Zp9tZtS
H2TrSRtxLUENvCKuli3M54gZ0MWjtDfr2zoRTt3N0UHUgwvefAEd/4hGkDUM1fwq
aGCGiVCg7e3VQQRJroYo6UiaZV50EM+dAJS8f8nxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/KZm84wrYj0KUklOJMRRs3mu4FwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIxYWJiYzdkLTdiOTMtNGU1My05MDc3LTZmZjFlMTYwMTFiOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJ3DZQwDQYJKoZIhvcNAQELBQADggEBAIF04HRgd/3+Kztsmt7DhvSS6T4K
1O7a8qNSta5f8kOo3KxPxkrZf/UrVkv5RxvHGNBm9g7grKzCQ2kRyWsDJRg9Kc4U
wWFEJNsJ9xwrchiYIGJ3SWwbI7MBPkU3sZkaaSFXHudrdHW2FeU15S09GYLOgmO3
lDLZlEugA7lHu7E1bpdWgzLWH16VpGQyihC12f4r0pvxdJYFkUFvgbA6/lBIkTgp
T0wEOpeYlf0M+zMcd7nG2HJEG8WweDjgO/G9LsCNTcCu9r2dQMyKhxTkq5XOE4gq
0uL8V/W96b0Zec/5VwjoJbawUjo954c0Eb0rXB7taelGnGy2p7rdov8noZI=
-----END CERTIFICATE-----