Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4c0520ff-eed4-48ce-be7c-ec1c56f2cf31.roa
File:                     4c0520ff-eed4-48ce-be7c-ec1c56f2cf31.roa (raw, json)
Hash identifier:          p4aa2bgxLIzGvN5Vb6MHIGK6ycLlgYGERZOyjvSk5t0=
Subject key identifier:   B8:92:D3:F0:2E:4C:A3:FF:00:E7:5F:ED:5F:33:BC:6B:A8:DC:ED:EF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       33E29299B2E062C7357CA0D440A1C39ED11B9EA3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4c0520ff-eed4-48ce-be7c-ec1c56f2cf31.roa
Signing time:             Sat 15 Nov 2025 00:50:10 +0000
ROA not before:           Sat 15 Nov 2025 00:50:10 +0000
ROA not after:            Sat 20 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        202.5.172.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:e2:92:99:b2:e0:62:c7:35:7c:a0:d4:40:a1:c3:9e:d1:1b:9e:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 15 00:50:10 2025 GMT
            Not After : Dec 20 23:59:59 2025 GMT
        Subject: serialNumber=629a2a761d14aa0ecf38f36a8f09c641d7f3e5117aab35f909a4d07161354e20, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d7:b3:af:68:e1:99:42:e5:29:20:03:fd:dd:
                    9e:0f:f0:04:07:1c:93:73:8b:ba:a8:7f:41:8d:8c:
                    96:0e:dd:21:de:63:c7:19:90:61:05:56:ba:75:a1:
                    d5:89:35:9d:4f:c3:3d:c0:7d:82:f5:ac:83:f5:1b:
                    cb:2e:d5:43:dd:6a:ec:2a:9f:dd:9b:e6:01:2f:8d:
                    82:67:77:e8:68:e4:76:af:7b:e0:32:93:77:d0:59:
                    ed:e0:a3:fb:36:84:89:6c:39:38:2e:2c:a9:7a:65:
                    a8:c1:d8:ef:4e:e6:f1:c8:83:94:40:99:5d:13:15:
                    6a:14:1e:d6:29:69:3c:e2:e2:3c:c0:f4:e5:8b:18:
                    f6:94:af:94:7a:e6:3f:5c:70:68:41:18:00:03:90:
                    d2:20:9d:e3:41:ab:d1:66:82:d1:2c:d8:f0:6f:a9:
                    51:48:28:1d:c3:90:aa:04:f4:27:2c:75:9e:b4:02:
                    07:e3:eb:2d:9e:7e:ba:2a:76:27:67:65:98:ab:6c:
                    92:66:97:f3:fa:95:14:a4:6f:cb:81:ef:01:e9:63:
                    13:5f:ed:64:6d:27:59:d8:22:2e:d9:04:88:79:92:
                    e2:1f:ab:fc:bb:1a:8c:0c:ed:e9:38:c8:85:67:3a:
                    2a:de:c0:b5:6c:b7:07:be:3e:19:df:88:b7:34:58:
                    ad:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:92:D3:F0:2E:4C:A3:FF:00:E7:5F:ED:5F:33:BC:6B:A8:DC:ED:EF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4c0520ff-eed4-48ce-be7c-ec1c56f2cf31.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.5.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:4b:1c:35:ff:3f:c1:83:fb:6e:a4:44:a6:a7:dd:6d:4a:07:
         7b:51:06:9a:2a:49:c9:2f:e0:32:77:59:ab:d0:6b:76:08:7f:
         23:1a:39:2e:a9:eb:eb:65:6c:b3:32:ce:0c:3e:f8:df:76:49:
         11:19:ac:d0:c5:93:48:6d:70:1b:da:67:d6:23:16:e4:7b:2c:
         20:1d:6c:28:e3:c2:9d:11:35:46:cf:8a:66:d2:ae:b2:51:88:
         76:19:60:0a:21:72:29:f6:bd:5b:61:d5:6e:9a:1b:a1:de:3a:
         63:59:bb:7a:11:5a:9a:03:18:ab:c6:9f:fe:32:a7:d2:ea:a2:
         e2:7a:cf:ab:7e:c6:81:c1:0a:cd:94:2d:be:28:56:37:16:35:
         91:a8:f9:f9:dd:65:a1:8a:5c:fd:1d:8e:35:f8:66:49:e0:8c:
         34:77:c9:7a:2c:3d:08:5a:0f:5f:b1:c6:35:76:28:78:cb:9c:
         18:91:a3:82:3c:6e:b2:89:a8:c3:45:de:1a:25:dc:d9:eb:35:
         19:9d:b2:9c:97:ce:d0:77:44:5d:f6:a0:9f:ea:e9:07:03:51:
         bc:aa:c5:a0:26:1a:99:a9:50:b6:bd:98:36:d3:0f:e6:f5:5f:
         71:e0:a1:f3:8e:9c:0c:1a:01:5c:81:80:08:b1:02:f8:af:2f:
         53:01:57:4e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUM+KSmbLgYsc1fKDUQKHDntEbnqMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE1MDA1MDEwWhcNMjUxMjIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MjlhMmE3NjFkMTRhYTBlY2YzOGYzNmE4ZjA5YzY0MWQ3
ZjNlNTExN2FhYjM1ZjkwOWE0ZDA3MTYxMzU0ZTIwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCx17OvaOGZQuUpIAP93Z4P8AQHHJNzi7qof0GNjJYO3SHe
Y8cZkGEFVrp1odWJNZ1Pwz3AfYL1rIP1G8su1UPdauwqn92b5gEvjYJnd+ho5Hav
e+Ayk3fQWe3go/s2hIlsOTguLKl6ZajB2O9O5vHIg5RAmV0TFWoUHtYpaTzi4jzA
9OWLGPaUr5R65j9ccGhBGAADkNIgneNBq9FmgtEs2PBvqVFIKB3DkKoE9CcsdZ60
Agfj6y2efroqdidnZZirbJJml/P6lRSkb8uB7wHpYxNf7WRtJ1nYIi7ZBIh5kuIf
q/y7GowM7ek4yIVnOirewLVstwe+PhnfiLc0WK3RAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuJLT8C5Mo/8A51/tXzO8a6jc7e8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRjMDUyMGZmLWVlZDQtNDhjZS1iZTdjLWVjMWM1NmYyY2YzMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBALKBawwDQYJKoZIhvcNAQELBQADggEBAKZLHDX/P8GD+26kRKan3W1KB3tR
BpoqSckv4DJ3WavQa3YIfyMaOS6p6+tlbLMyzgw++N92SREZrNDFk0htcBvaZ9Yj
FuR7LCAdbCjjwp0RNUbPimbSrrJRiHYZYAohcin2vVth1W6aG6HeOmNZu3oRWpoD
GKvGn/4yp9LqouJ6z6t+xoHBCs2ULb4oVjcWNZGo+fndZaGKXP0djjX4ZkngjDR3
yXosPQhaD1+xxjV2KHjLnBiRo4I8brKJqMNF3hol3NnrNRmdspyXztB3RF32oJ/q
6QcDUbyqxaAmGpmpULa9mDbTD+b1X3HgofOOnAwaAVyBgAixAvivL1MBV04=
-----END CERTIFICATE-----