Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e6c0b6e0-0331-4729-bace-aaa52d6d18c3.roa
File:                     e6c0b6e0-0331-4729-bace-aaa52d6d18c3.roa (raw, json)
Hash identifier:          abY5z76r86nASxxgDKly9x3e96y+Z7h/TfaJu4RtecM=
Subject key identifier:   5D:9A:4C:0C:33:ED:D9:37:AA:DE:B1:CB:1A:CA:50:B5:D9:FB:07:AC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       788587DFB61117771C5643456F463A20126B3969
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e6c0b6e0-0331-4729-bace-aaa52d6d18c3.roa
Signing time:             Sat 15 Nov 2025 00:50:09 +0000
ROA not before:           Sat 15 Nov 2025 00:50:09 +0000
ROA not after:            Sat 20 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        202.5.170.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:85:87:df:b6:11:17:77:1c:56:43:45:6f:46:3a:20:12:6b:39:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 15 00:50:09 2025 GMT
            Not After : Dec 20 23:59:59 2025 GMT
        Subject: serialNumber=295142d0a8db49f921abbdad6d89727c77d494b26180ade1c757ec6600aa01d2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:56:a5:57:99:22:8f:a5:89:bf:e0:91:55:c0:
                    0a:05:96:f7:6d:8e:0e:68:dd:82:4d:0f:fd:01:28:
                    75:da:bd:1c:67:87:ae:9a:61:44:ce:26:09:ae:43:
                    bd:26:0e:0e:41:80:56:e9:f8:17:21:e3:fa:de:fb:
                    b6:ea:8c:12:f3:4c:01:53:68:88:6f:08:4a:b7:2f:
                    b5:d4:59:f3:cb:63:43:52:15:c4:bc:34:a6:bb:8c:
                    bd:cf:86:3e:83:89:52:72:1d:bb:13:cf:3e:68:95:
                    dc:8e:0f:53:ad:19:e2:e5:41:dc:97:bd:4f:88:40:
                    ed:db:49:8b:4f:a0:d1:7f:dc:33:5b:35:2b:00:de:
                    af:3c:0a:e3:4a:ef:c6:1d:38:4a:f2:d5:e1:e7:54:
                    85:0f:f3:4d:ea:ef:62:b5:06:cc:31:9f:d1:8b:22:
                    b6:14:c6:0d:e8:b0:98:98:9b:38:ca:26:e2:a2:67:
                    9f:41:fd:94:fe:76:a1:f6:d3:18:bf:59:1c:63:ea:
                    54:43:17:81:bb:48:a7:c7:7d:03:6d:5c:02:94:9c:
                    75:92:de:88:37:f7:c7:24:58:35:8c:9a:53:30:0b:
                    8a:f6:ba:57:b2:5f:2d:de:f7:56:52:fa:f8:99:d2:
                    8f:60:f5:59:4d:f9:31:c6:82:86:79:01:84:5c:40:
                    b9:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:9A:4C:0C:33:ED:D9:37:AA:DE:B1:CB:1A:CA:50:B5:D9:FB:07:AC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e6c0b6e0-0331-4729-bace-aaa52d6d18c3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.5.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:1c:0e:b8:5e:95:60:7f:ce:d1:5a:d7:0d:95:36:7d:c3:a4:
         9d:0f:20:fa:63:20:6e:a3:b3:36:f3:e8:8c:e4:dc:7d:b6:f3:
         94:9a:f3:4b:7e:3b:7a:69:88:d8:89:0f:76:dc:6c:52:d6:6a:
         12:94:7b:05:3e:a2:98:4f:eb:1d:b5:98:cf:f9:b9:d0:4f:04:
         a7:c5:e3:d6:dc:65:17:1c:51:e2:6d:46:63:28:f6:f4:88:69:
         89:b8:57:8d:ce:e9:ce:43:63:31:54:92:41:c1:28:e2:47:37:
         e0:c0:7b:fb:2e:4c:c1:bd:cc:23:41:cd:5e:94:a1:16:59:49:
         aa:86:e2:67:b1:06:29:cd:c2:82:e2:e2:49:f2:b9:7b:7e:46:
         8d:72:c5:be:01:ff:18:6f:1f:8b:3d:95:11:9f:e3:3b:8b:91:
         72:94:66:a4:8c:cc:e6:67:4b:10:fb:86:95:a6:b2:0d:a7:9e:
         88:3b:6b:5c:86:22:8c:e9:c5:77:89:c0:de:09:a3:d7:32:f4:
         26:70:0d:46:94:f4:a6:7d:79:c9:6b:12:f6:64:18:cb:22:23:
         b5:ae:1a:0f:5a:9b:22:aa:f2:1e:61:05:52:43:be:27:a3:5b:
         fe:bb:ab:37:32:12:b5:99:49:1f:5c:35:95:1a:e7:b8:13:47:
         64:c2:f2:00
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeIWH37YRF3ccVkNFb0Y6IBJrOWkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE1MDA1MDA5WhcNMjUxMjIwMjM1OTU5
WjB6MUkwRwYDVQQFE0AyOTUxNDJkMGE4ZGI0OWY5MjFhYmJkYWQ2ZDg5NzI3Yzc3
ZDQ5NGIyNjE4MGFkZTFjNzU3ZWM2NjAwYWEwMWQyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvVqVXmSKPpYm/4JFVwAoFlvdtjg5o3YJND/0BKHXavRxn
h66aYUTOJgmuQ70mDg5BgFbp+Bch4/re+7bqjBLzTAFTaIhvCEq3L7XUWfPLY0NS
FcS8NKa7jL3Phj6DiVJyHbsTzz5oldyOD1OtGeLlQdyXvU+IQO3bSYtPoNF/3DNb
NSsA3q88CuNK78YdOEry1eHnVIUP803q72K1Bswxn9GLIrYUxg3osJiYmzjKJuKi
Z59B/ZT+dqH20xi/WRxj6lRDF4G7SKfHfQNtXAKUnHWS3og398ckWDWMmlMwC4r2
uleyXy3e91ZS+viZ0o9g9VlN+THGgoZ5AYRcQLn3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXZpMDDPt2Teq3rHLGspQtdn7B6wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U2YzBiNmUwLTAzMzEtNDcyOS1iYWNlLWFhYTUyZDZkMThjMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAHKBaowDQYJKoZIhvcNAQELBQADggEBAGIcDrhelWB/ztFa1w2VNn3DpJ0P
IPpjIG6jszbz6Izk3H2285Sa80t+O3ppiNiJD3bcbFLWahKUewU+ophP6x21mM/5
udBPBKfF49bcZRccUeJtRmMo9vSIaYm4V43O6c5DYzFUkkHBKOJHN+DAe/suTMG9
zCNBzV6UoRZZSaqG4mexBinNwoLi4knyuXt+Ro1yxb4B/xhvH4s9lRGf4zuLkXKU
ZqSMzOZnSxD7hpWmsg2nnog7a1yGIozpxXeJwN4Jo9cy9CZwDUaU9KZ9eclrEvZk
GMsiI7WuGg9amyKq8h5hBVJDviejW/67qzcyErWZSR9cNZUa57gTR2TC8gA=
-----END CERTIFICATE-----