Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af3b57d7-2fe8-4e04-ad99-1366c252299d.roa
File:                     af3b57d7-2fe8-4e04-ad99-1366c252299d.roa (raw, json)
Hash identifier:          /CNtzB4qlfAojgTVUByozjmg11F6q8mTK7cOc6fzx+Q=
Subject key identifier:   C8:39:F9:C6:C0:5E:96:08:01:FF:38:AD:66:19:19:76:59:F2:B7:F4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       464A0958AA51543EE19072128048039E9ABEA762
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af3b57d7-2fe8-4e04-ad99-1366c252299d.roa
Signing time:             Wed 12 Nov 2025 01:20:05 +0000
ROA not before:           Wed 12 Nov 2025 01:20:05 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        123.200.204.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:4a:09:58:aa:51:54:3e:e1:90:72:12:80:48:03:9e:9a:be:a7:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 01:20:05 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=450c8eac1ab3480d6d634b9a34cb80d5fe066ff7a5157cb0ede9eef0931110d5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:96:43:c0:36:67:47:d1:e6:24:82:f7:6d:96:
                    05:e1:26:c5:c8:74:b7:51:1f:84:3a:6c:9e:d8:2f:
                    af:a4:69:b9:ec:a0:a2:2b:4c:f2:5c:ba:03:37:42:
                    6a:23:f6:47:a1:84:3f:17:54:a0:ac:2d:30:18:1d:
                    3d:ff:64:46:63:02:b8:7f:b7:2e:fa:6f:03:5c:13:
                    ad:e8:52:6c:95:6b:78:a4:c5:14:2d:7e:28:67:a9:
                    40:4b:4b:b3:2f:28:f6:1c:81:8f:66:bc:be:9f:3e:
                    fb:ad:10:02:05:87:1e:fb:4c:cc:71:50:c1:9f:e5:
                    e9:b8:fb:bb:bc:d7:13:a1:b6:87:ad:c7:3a:09:91:
                    f0:3a:df:c9:da:38:d0:61:cd:06:e1:b3:56:60:ff:
                    6c:a2:c7:23:f1:77:00:59:2d:57:9a:27:8d:63:8e:
                    9e:df:58:f3:d5:94:43:91:b2:5f:cd:4a:15:88:00:
                    1a:5b:66:1e:fb:e9:77:41:55:f2:c4:72:01:6e:65:
                    9f:47:9c:c0:fe:a6:ce:68:af:27:61:dc:59:80:93:
                    cd:e0:6d:27:86:55:c6:2f:9c:41:67:65:3d:ea:a4:
                    6c:44:04:8a:8a:b9:83:b3:61:12:cc:e5:1c:d0:67:
                    47:da:c2:a0:92:1b:7e:bb:b8:5e:1e:b9:df:83:87:
                    b2:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:39:F9:C6:C0:5E:96:08:01:FF:38:AD:66:19:19:76:59:F2:B7:F4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af3b57d7-2fe8-4e04-ad99-1366c252299d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  123.200.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:58:bd:c3:36:8f:b5:cc:f3:b5:8f:7c:40:ea:a9:37:16:08:
         bc:4e:e7:0a:4c:62:9f:da:74:19:ae:aa:d9:8a:ef:84:f0:b9:
         92:65:b0:a0:46:2d:55:17:a8:ac:64:e0:e6:d9:85:6e:9e:a9:
         1f:91:17:81:0c:ee:9b:77:1f:ee:42:9f:f0:e6:dc:bd:5b:9b:
         0a:dc:a7:ba:21:7d:13:6b:3e:33:a4:e0:6d:ac:da:2f:80:67:
         11:17:96:c6:53:5d:ac:14:f5:a1:29:02:28:83:f5:7f:61:98:
         1d:65:95:c3:f8:e5:a7:a1:46:c3:ae:a8:27:20:0f:05:3e:f0:
         01:73:fd:f8:8c:4a:f0:da:9d:33:de:d0:dc:1f:97:c3:74:e6:
         ba:29:a1:11:33:24:88:d7:19:21:7f:3b:d3:aa:0c:bd:54:c2:
         41:3e:62:d3:30:50:20:03:e7:02:ef:93:74:8b:ee:bd:bd:7d:
         71:ac:73:81:cc:b7:a3:c9:bd:04:e2:db:17:44:aa:1d:cc:bf:
         55:1e:1c:da:c6:63:6b:ec:d5:10:09:69:12:d4:fa:d4:95:b8:
         4c:5e:5e:9b:11:d7:0e:db:60:29:4b:f7:77:21:a2:52:15:34:
         01:c6:40:bb:d3:ea:3f:fe:70:75:ee:e5:04:3f:88:c2:df:6a:
         de:f4:7a:3a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURkoJWKpRVD7hkHISgEgDnpq+p2IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDEyMDA1WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NTBjOGVhYzFhYjM0ODBkNmQ2MzRiOWEzNGNiODBkNWZl
MDY2ZmY3YTUxNTdjYjBlZGU5ZWVmMDkzMTExMGQ1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDYlkPANmdH0eYkgvdtlgXhJsXIdLdRH4Q6bJ7YL6+kabns
oKIrTPJcugM3Qmoj9kehhD8XVKCsLTAYHT3/ZEZjArh/ty76bwNcE63oUmyVa3ik
xRQtfihnqUBLS7MvKPYcgY9mvL6fPvutEAIFhx77TMxxUMGf5em4+7u81xOhtoet
xzoJkfA638naONBhzQbhs1Zg/2yixyPxdwBZLVeaJ41jjp7fWPPVlEORsl/NShWI
ABpbZh776XdBVfLEcgFuZZ9HnMD+ps5orydh3FmAk83gbSeGVcYvnEFnZT3qpGxE
BIqKuYOzYRLM5RzQZ0fawqCSG367uF4eud+Dh7JTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUyDn5xsBelggB/zitZhkZdlnyt/QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FmM2I1N2Q3LTJmZTgtNGUwNC1hZDk5LTEzNjZjMjUyMjk5ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJ7yMwwDQYJKoZIhvcNAQELBQADggEBABNYvcM2j7XM87WPfEDqqTcWCLxO
5wpMYp/adBmuqtmK74TwuZJlsKBGLVUXqKxk4ObZhW6eqR+RF4EM7pt3H+5Cn/Dm
3L1bmwrcp7ohfRNrPjOk4G2s2i+AZxEXlsZTXawU9aEpAiiD9X9hmB1llcP45aeh
RsOuqCcgDwU+8AFz/fiMSvDanTPe0Nwfl8N05ropoREzJIjXGSF/O9OqDL1UwkE+
YtMwUCAD5wLvk3SL7r29fXGsc4HMt6PJvQTi2xdEqh3Mv1UeHNrGY2vs1RAJaRLU
+tSVuExeXpsR1w7bYClL93cholIVNAHGQLvT6j/+cHXu5QQ/iMLfat70ejo=
-----END CERTIFICATE-----