Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf6029c4-99f9-4ad6-ab7f-89d3b235b77d.roa
File:                     bf6029c4-99f9-4ad6-ab7f-89d3b235b77d.roa (raw, json)
Hash identifier:          txQXOLQOxyVt30y7E7s1ueclz0ie15dPor2MJnDCUnM=
Subject key identifier:   6B:A2:07:33:B4:6A:6D:84:7C:2F:79:19:52:05:57:78:E7:87:70:22
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       698E1D37A8F1EA898FD7C246168642031646DAE5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf6029c4-99f9-4ad6-ab7f-89d3b235b77d.roa
Signing time:             Wed 12 Nov 2025 02:00:37 +0000
ROA not before:           Wed 12 Nov 2025 02:00:37 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        123.200.242.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:8e:1d:37:a8:f1:ea:89:8f:d7:c2:46:16:86:42:03:16:46:da:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 02:00:37 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=1e25f2c8734074aaddfda2ad701f919cbd83d4dd7e752faf4b96e24d736ccf09, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:05:b4:60:58:bf:0b:14:ad:c5:e8:a9:7b:ca:
                    5e:1e:74:0f:5d:93:c8:59:33:f4:9c:13:4f:e4:54:
                    c8:c7:cd:e8:d7:e5:6c:55:4c:12:71:f0:a5:6f:cc:
                    a8:68:bb:e3:16:98:05:99:f6:73:11:cd:18:ea:30:
                    67:5f:11:ef:22:7b:26:6d:6f:c8:62:a2:7b:39:b4:
                    d7:8a:c8:f7:ec:1a:2a:75:49:d8:cb:93:2b:d9:6a:
                    0d:b8:1b:71:cf:dd:dc:de:6e:52:b8:22:7f:b7:e0:
                    49:cb:3c:ef:5d:db:61:ad:c9:d7:f7:10:60:ac:38:
                    3f:bf:e5:f9:68:5c:fd:cc:0a:51:58:2c:34:51:94:
                    34:b0:48:00:f6:bc:8f:97:54:14:31:12:ad:da:b0:
                    94:f5:da:1d:e1:8f:5d:af:b9:f7:87:3d:96:32:17:
                    90:ce:d6:62:4f:b6:62:ef:91:96:a1:23:cb:fc:38:
                    70:59:ea:14:df:a9:aa:78:32:52:0f:3e:84:a0:00:
                    69:43:67:0b:ae:0a:5d:55:dc:46:5c:a2:ce:b8:93:
                    71:e7:b7:50:14:25:56:f2:b6:7e:bc:87:e9:34:5d:
                    a0:ef:3b:9c:e0:1e:22:d7:b0:51:bd:21:86:99:a2:
                    d6:d3:c8:60:5b:61:15:1f:72:f8:e9:26:f0:0e:ae:
                    ba:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:A2:07:33:B4:6A:6D:84:7C:2F:79:19:52:05:57:78:E7:87:70:22
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf6029c4-99f9-4ad6-ab7f-89d3b235b77d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  123.200.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b3:d3:9e:ad:4c:86:19:cf:d7:d7:1c:52:c3:7d:48:dd:0b:4d:
         ee:d3:01:7d:12:39:c1:ed:15:c4:e8:fb:fd:c2:63:c5:8f:28:
         c7:8a:a8:6a:c4:5b:76:82:f8:69:8a:69:38:4c:8f:95:f2:f1:
         d0:a2:86:47:a4:c7:c5:b3:66:83:85:c9:45:a5:08:ef:20:fd:
         a4:9e:14:e5:35:54:50:4a:7e:c2:84:8d:a8:c0:1e:d7:60:02:
         72:07:11:e2:46:1e:e7:20:88:c8:87:de:36:f1:5e:d1:24:a9:
         b9:48:ff:f2:82:09:c2:20:f2:14:e9:b1:46:12:3f:d3:4a:4e:
         a4:b9:1d:56:63:31:1c:ff:13:28:95:13:86:58:67:63:cf:3d:
         d0:6b:ab:d2:0e:43:73:4b:8e:5f:38:fc:a8:da:63:6b:32:1a:
         bb:0b:97:70:c2:05:63:22:cf:09:d1:02:38:6f:ba:78:52:83:
         2d:d0:de:96:13:e4:d3:b9:41:5b:4f:c6:dd:57:1c:35:54:11:
         7d:cc:40:81:90:03:bc:c0:ff:5f:81:6d:81:1c:99:b6:04:42:
         6a:5b:8b:27:43:05:f0:c6:2c:56:81:64:0b:31:de:56:d0:01:
         28:b4:59:40:c8:71:08:bf:d3:5e:22:7f:d6:88:5b:9d:6c:31:
         f7:83:a7:27
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaY4dN6jx6omP18JGFoZCAxZG2uUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDIwMDM3WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZTI1ZjJjODczNDA3NGFhZGRmZGEyYWQ3MDFmOTE5Y2Jk
ODNkNGRkN2U3NTJmYWY0Yjk2ZTI0ZDczNmNjZjA5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCJBbRgWL8LFK3F6Kl7yl4edA9dk8hZM/ScE0/kVMjHzejX
5WxVTBJx8KVvzKhou+MWmAWZ9nMRzRjqMGdfEe8ieyZtb8hions5tNeKyPfsGip1
SdjLkyvZag24G3HP3dzeblK4In+34EnLPO9d22Gtydf3EGCsOD+/5floXP3MClFY
LDRRlDSwSAD2vI+XVBQxEq3asJT12h3hj12vufeHPZYyF5DO1mJPtmLvkZahI8v8
OHBZ6hTfqap4MlIPPoSgAGlDZwuuCl1V3EZcos64k3Hnt1AUJVbytn68h+k0XaDv
O5zgHiLXsFG9IYaZotbTyGBbYRUfcvjpJvAOrrpXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUa6IHM7RqbYR8L3kZUgVXeOeHcCIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JmNjAyOWM0LTk5ZjktNGFkNi1hYjdmLTg5ZDNiMjM1Yjc3ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAF7yPIwDQYJKoZIhvcNAQELBQADggEBALPTnq1MhhnP19ccUsN9SN0LTe7T
AX0SOcHtFcTo+/3CY8WPKMeKqGrEW3aC+GmKaThMj5Xy8dCihkekx8WzZoOFyUWl
CO8g/aSeFOU1VFBKfsKEjajAHtdgAnIHEeJGHucgiMiH3jbxXtEkqblI//KCCcIg
8hTpsUYSP9NKTqS5HVZjMRz/EyiVE4ZYZ2PPPdBrq9IOQ3NLjl84/KjaY2syGrsL
l3DCBWMizwnRAjhvunhSgy3Q3pYT5NO5QVtPxt1XHDVUEX3MQIGQA7zA/1+BbYEc
mbYEQmpbiydDBfDGLFaBZAsx3lbQASi0WUDIcQi/014if9aIW51sMfeDpyc=
-----END CERTIFICATE-----