Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/925842c8-ade6-4164-87f2-fd556fb6f950.roa
File:                     925842c8-ade6-4164-87f2-fd556fb6f950.roa (raw, json)
Hash identifier:          dKtNrZN/uYUpkJrmAnH4CR99GZD76unsl3MYQ50lxC4=
Subject key identifier:   FF:58:5F:F5:BA:5E:30:7E:C2:01:8A:9A:1F:46:B8:31:E9:49:82:51
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4162411A462C304327154B239C2F9082CA8D4C90
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/925842c8-ade6-4164-87f2-fd556fb6f950.roa
Signing time:             Tue 11 Nov 2025 02:00:09 +0000
ROA not before:           Tue 11 Nov 2025 02:00:09 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        110.238.244.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:62:41:1a:46:2c:30:43:27:15:4b:23:9c:2f:90:82:ca:8d:4c:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 02:00:09 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=b772b800862688bdf10af734b77d4286ed4e6e6649c0af460764f2918ed55dec, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:9c:0c:bc:96:60:ac:18:5d:e5:f7:e6:92:3b:
                    a0:6b:a4:82:10:50:0c:a7:5a:61:40:5b:89:6c:50:
                    48:3b:9d:76:42:c6:3c:ee:71:b8:51:e2:a6:68:6b:
                    e3:82:8f:d8:7b:06:95:37:38:eb:d6:12:2f:6b:9f:
                    cc:d7:ba:a0:bc:51:e8:2f:3b:38:9e:c7:7f:b8:e3:
                    fd:c5:6d:2a:aa:15:47:25:3b:25:62:42:3c:24:59:
                    78:23:2d:7f:d5:e2:c4:3e:bc:dd:1e:74:8e:2b:e6:
                    23:ad:62:a1:7a:0c:69:53:96:01:b1:85:d0:4b:f2:
                    e7:ca:ef:c0:16:bd:98:a0:4e:35:f3:47:37:41:00:
                    5e:8b:bc:3e:11:f9:7c:bf:31:45:d6:08:37:f3:33:
                    d4:ce:d5:d4:53:81:ff:7f:79:82:3f:63:28:b5:f2:
                    ca:63:23:8f:c6:ae:b1:7c:9b:96:a2:43:4b:b1:06:
                    20:bf:28:ba:67:af:bb:78:54:cf:74:da:23:a5:14:
                    f9:53:cd:41:ef:d7:34:42:8e:78:9c:c5:b0:bd:b9:
                    0d:cf:5a:cf:5d:41:96:f8:64:7d:bf:2e:c6:a9:f9:
                    02:73:9b:ea:e0:23:97:08:f3:89:60:1b:3c:2d:bb:
                    e7:25:3c:a5:67:96:d3:ff:df:87:a9:e6:12:36:db:
                    d3:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:58:5F:F5:BA:5E:30:7E:C2:01:8A:9A:1F:46:B8:31:E9:49:82:51
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/925842c8-ade6-4164-87f2-fd556fb6f950.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  110.238.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:13:bd:b7:d8:98:a8:72:0c:dd:d6:82:4f:89:96:2e:55:81:
         a0:51:76:85:aa:93:4a:1a:0e:68:6f:2f:68:6a:30:fe:f5:c7:
         42:ca:1e:6d:71:0e:52:22:8d:04:a6:0c:d0:e4:5f:32:76:8b:
         d1:88:dc:cc:bf:bc:90:ef:18:ca:37:88:ca:41:de:ee:d2:a4:
         08:c5:78:17:5d:5e:eb:2d:ec:65:65:ed:e3:7e:78:24:79:36:
         88:18:4c:0c:f1:48:a2:df:59:00:e4:25:85:fd:da:c5:28:6b:
         07:79:71:60:43:ea:fc:9c:54:7d:30:30:12:e9:b3:b8:54:a3:
         38:58:7a:e7:23:d3:ba:8a:5c:5e:7a:b7:d4:02:ff:16:a8:88:
         37:c2:38:36:b2:86:1f:09:27:44:f3:53:b7:04:f6:be:c6:c3:
         ff:b6:42:25:8a:88:d3:fe:45:27:8b:8f:f6:d9:9f:38:cc:17:
         c8:8b:cd:13:ab:cd:e2:66:dd:59:17:e8:fa:5f:ca:52:2e:a2:
         6f:dd:0e:42:bf:e7:df:9f:f3:b8:05:81:f3:29:df:5f:ce:a4:
         c5:7a:90:74:64:60:ea:e8:30:47:a0:22:19:45:70:40:91:c0:
         6f:29:a9:c0:1d:b7:1c:1d:da:ff:d9:69:63:af:d2:a2:06:29:
         14:cd:98:e5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQWJBGkYsMEMnFUsjnC+QgsqNTJAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDIwMDA5WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNzcyYjgwMDg2MjY4OGJkZjEwYWY3MzRiNzdkNDI4NmVk
NGU2ZTY2NDljMGFmNDYwNzY0ZjI5MThlZDU1ZGVjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPnAy8lmCsGF3l9+aSO6BrpIIQUAynWmFAW4lsUEg7nXZC
xjzucbhR4qZoa+OCj9h7BpU3OOvWEi9rn8zXuqC8UegvOziex3+44/3FbSqqFUcl
OyViQjwkWXgjLX/V4sQ+vN0edI4r5iOtYqF6DGlTlgGxhdBL8ufK78AWvZigTjXz
RzdBAF6LvD4R+Xy/MUXWCDfzM9TO1dRTgf9/eYI/Yyi18spjI4/GrrF8m5aiQ0ux
BiC/KLpnr7t4VM902iOlFPlTzUHv1zRCjnicxbC9uQ3PWs9dQZb4ZH2/Lsap+QJz
m+rgI5cI84lgGzwtu+clPKVnltP/34ep5hI229MTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/1hf9bpeMH7CAYqaH0a4MelJglEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzkyNTg0MmM4LWFkZTYtNDE2NC04N2YyLWZkNTU2ZmI2Zjk1MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJu7vQwDQYJKoZIhvcNAQELBQADggEBADETvbfYmKhyDN3Wgk+Jli5VgaBR
doWqk0oaDmhvL2hqMP71x0LKHm1xDlIijQSmDNDkXzJ2i9GI3My/vJDvGMo3iMpB
3u7SpAjFeBddXust7GVl7eN+eCR5NogYTAzxSKLfWQDkJYX92sUoawd5cWBD6vyc
VH0wMBLps7hUozhYeucj07qKXF56t9QC/xaoiDfCODayhh8JJ0TzU7cE9r7Gw/+2
QiWKiNP+RSeLj/bZnzjMF8iLzROrzeJm3VkX6PpfylIuom/dDkK/59+f87gFgfMp
31/OpMV6kHRkYOroMEegIhlFcECRwG8pqcAdtxwd2v/ZaWOv0qIGKRTNmOU=
-----END CERTIFICATE-----