Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5423a80a-be1f-4708-a5ef-17ccc2a1a025.roa
File:                     5423a80a-be1f-4708-a5ef-17ccc2a1a025.roa (raw, json)
Hash identifier:          dymLyK2Q0/8qT+juq0Z5cxLJhub0He7vqHjUCjj3FU8=
Subject key identifier:   38:72:C0:7E:B1:2D:25:6F:A6:D9:D5:F2:99:52:9E:81:36:2A:02:0C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       45052F86CE14E80285E29C7C4C70BBB55C41CED5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5423a80a-be1f-4708-a5ef-17ccc2a1a025.roa
Signing time:             Sun 16 Nov 2025 00:20:46 +0000
ROA not before:           Sun 16 Nov 2025 00:20:46 +0000
ROA not after:            Sun 21 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.228.192.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:05:2f:86:ce:14:e8:02:85:e2:9c:7c:4c:70:bb:b5:5c:41:ce:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 16 00:20:46 2025 GMT
            Not After : Dec 21 23:59:59 2025 GMT
        Subject: serialNumber=54bf4aa77f4c3516db548dcabafeb9ae204a03027041cd7f6b10898d85756c00, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:b5:6e:71:c2:75:f2:f6:20:ad:fd:ea:2c:1e:
                    44:ab:15:0e:95:ac:f3:0a:c1:d7:ee:6a:96:80:8a:
                    43:99:ef:70:02:64:24:5a:3f:30:03:f4:23:67:ee:
                    38:de:1f:2c:ef:fa:ef:84:05:d6:a1:43:f3:a3:5d:
                    35:be:b2:37:8e:22:2a:79:bd:96:17:92:23:51:b4:
                    47:3e:0f:db:09:dc:75:72:f4:cf:6c:51:ce:96:2f:
                    b9:63:ce:be:ac:75:e2:2a:2f:11:29:43:85:d5:13:
                    c8:8e:f5:db:7e:8c:39:6a:0e:45:97:e3:b1:e0:bc:
                    5d:39:bf:36:69:58:03:99:80:f9:f9:cc:8e:57:90:
                    5f:50:2d:be:5d:d4:6c:15:ee:aa:ed:ee:b9:ce:dd:
                    92:ec:32:06:f2:d6:17:60:9d:69:d3:f8:80:2b:cd:
                    3a:bd:6f:61:f6:33:ed:31:d0:6c:e0:64:fc:e2:0f:
                    72:85:23:36:4f:0e:70:4e:9b:2f:f5:0d:db:8f:b5:
                    94:7b:c0:7c:6c:84:57:60:da:a6:a4:24:d9:9c:7e:
                    91:f2:3c:83:ad:a0:35:b9:6f:b4:28:31:1a:8e:cd:
                    bd:43:b6:8e:ca:e5:94:52:b6:01:72:8c:dc:88:0b:
                    b6:01:f8:f3:7e:e8:b0:6a:31:d0:24:6a:95:52:4a:
                    5b:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:72:C0:7E:B1:2D:25:6F:A6:D9:D5:F2:99:52:9E:81:36:2A:02:0C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5423a80a-be1f-4708-a5ef-17ccc2a1a025.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.228.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         0a:02:d5:80:3c:b6:2a:2a:1d:2c:d0:b4:eb:a1:a6:9f:98:d9:
         51:c4:34:63:fc:95:d3:43:20:46:c4:b0:45:a0:ca:55:6a:53:
         de:da:5e:72:e2:1d:80:bd:1b:45:ba:ce:d9:41:74:a3:61:34:
         f4:da:54:43:f6:e4:20:35:98:a2:b4:b4:5a:6c:bd:c2:ef:19:
         50:14:b1:00:c9:af:b8:42:02:f9:2b:de:43:ca:37:ea:86:a1:
         19:5e:66:02:f1:b2:fc:7b:69:bc:3f:b2:88:cc:f5:31:7c:98:
         17:da:cb:ed:14:05:de:c1:36:bd:5e:19:b1:4d:3e:58:4d:97:
         34:d3:a2:5a:ff:85:fd:17:f2:e4:e2:bc:d9:ab:ab:bf:db:c0:
         04:65:f2:09:fb:1d:b7:ca:72:88:d2:27:a5:8a:8e:4f:03:a0:
         c7:d4:5c:66:84:60:75:fc:e7:58:ed:4a:46:ae:13:1e:cb:d4:
         0f:ff:f7:72:7b:95:22:07:cd:5b:7d:36:f1:ed:35:cb:a1:d6:
         23:d3:db:49:f9:82:58:b7:a8:0f:76:2a:80:09:df:9d:45:1e:
         5e:a2:a6:f3:12:53:fc:ca:76:1a:b0:5a:3c:b8:ee:e1:ad:28:
         e9:96:24:94:56:80:f5:20:6a:69:4c:94:29:54:0a:7d:4c:47:
         a7:29:54:09
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURQUvhs4U6AKF4px8THC7tVxBztUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE2MDAyMDQ2WhcNMjUxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NGJmNGFhNzdmNGMzNTE2ZGI1NDhkY2FiYWZlYjlhZTIw
NGEwMzAyNzA0MWNkN2Y2YjEwODk4ZDg1NzU2YzAwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUtW5xwnXy9iCt/eosHkSrFQ6VrPMKwdfuapaAikOZ73AC
ZCRaPzAD9CNn7jjeHyzv+u+EBdahQ/OjXTW+sjeOIip5vZYXkiNRtEc+D9sJ3HVy
9M9sUc6WL7ljzr6sdeIqLxEpQ4XVE8iO9dt+jDlqDkWX47HgvF05vzZpWAOZgPn5
zI5XkF9QLb5d1GwV7qrt7rnO3ZLsMgby1hdgnWnT+IArzTq9b2H2M+0x0GzgZPzi
D3KFIzZPDnBOmy/1DduPtZR7wHxshFdg2qakJNmcfpHyPIOtoDW5b7QoMRqOzb1D
to7K5ZRStgFyjNyIC7YB+PN+6LBqMdAkapVSSltFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOHLAfrEtJW+m2dXymVKegTYqAgwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU0MjNhODBhLWJlMWYtNDcwOC1hNWVmLTE3Y2NjMmExYTAyNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYX5MAwDQYJKoZIhvcNAQELBQADggEBAAoC1YA8tioqHSzQtOuhpp+Y2VHE
NGP8ldNDIEbEsEWgylVqU97aXnLiHYC9G0W6ztlBdKNhNPTaVEP25CA1mKK0tFps
vcLvGVAUsQDJr7hCAvkr3kPKN+qGoRleZgLxsvx7abw/sojM9TF8mBfay+0UBd7B
Nr1eGbFNPlhNlzTTolr/hf0X8uTivNmrq7/bwARl8gn7HbfKcojSJ6WKjk8DoMfU
XGaEYHX851jtSkauEx7L1A//93J7lSIHzVt9NvHtNcuh1iPT20n5gli3qA92KoAJ
351FHl6ipvMSU/zKdhqwWjy47uGtKOmWJJRWgPUgamlMlClUCn1MR6cpVAk=
-----END CERTIFICATE-----