Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ddc4285d-fde3-43f9-bd22-fa6001b81365.roa
File:                     ddc4285d-fde3-43f9-bd22-fa6001b81365.roa (raw, json)
Hash identifier:          eC56VUzVxhRnxT9zYUTiCxWz64EMPSm3IDYaeieI2xs=
Subject key identifier:   68:28:AB:D9:E6:C4:13:B5:CF:B5:AB:DB:0D:39:32:AC:7E:1B:81:75
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7CFFD745603072C30CF2D1ED280CC72FD33AD4FB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ddc4285d-fde3-43f9-bd22-fa6001b81365.roa
Signing time:             Wed 01 Oct 2025 00:02:17 +0000
ROA not before:           Wed 01 Oct 2025 00:02:17 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        114.56.225.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:ff:d7:45:60:30:72:c3:0c:f2:d1:ed:28:0c:c7:2f:d3:3a:d4:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:02:17 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=3fb5263e9c989448d68b9eb706bdd62d83cccaacbf8b61e344b00ccf7c8e4056, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6c:f7:22:da:f6:cb:e1:d3:c6:9f:82:f1:0d:
                    ca:86:56:ed:dd:93:15:d3:c7:23:e8:89:ad:57:ff:
                    e0:a2:1b:eb:96:3b:38:c7:d1:b4:78:f6:03:76:57:
                    26:f8:ca:d7:53:e3:fa:42:28:b9:b4:80:ad:a2:c1:
                    77:5a:ed:e9:10:c1:47:9f:ab:83:3f:6d:7b:a3:40:
                    d9:e3:1e:de:dd:9d:fa:0a:0d:55:3c:64:bc:7b:db:
                    33:c3:77:68:d2:85:da:4c:97:f7:15:1d:49:0f:7a:
                    e7:38:80:71:dc:d3:84:75:ab:6f:d4:17:70:2d:87:
                    8b:83:56:ff:3c:d9:be:fb:43:ad:92:d9:48:7a:c4:
                    33:97:98:d1:39:8b:d0:8e:9c:1a:6b:92:2e:08:76:
                    a8:22:c7:50:87:65:f9:86:e1:5a:73:72:be:9d:0b:
                    04:b4:7f:d1:dc:e8:66:cd:9b:8e:dc:5d:a1:ba:33:
                    ae:13:37:5d:c4:13:16:1c:01:9e:da:14:0c:13:bf:
                    5a:72:c2:33:51:87:ed:96:8f:7d:10:13:42:8d:9f:
                    f5:42:e9:bf:38:f5:12:07:d7:c5:31:3e:db:29:f1:
                    17:8c:8b:26:7b:49:c8:84:58:88:16:d5:39:18:3a:
                    32:28:35:5a:e6:3f:e7:24:bb:82:2b:df:64:97:c9:
                    59:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:28:AB:D9:E6:C4:13:B5:CF:B5:AB:DB:0D:39:32:AC:7E:1B:81:75
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ddc4285d-fde3-43f9-bd22-fa6001b81365.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  114.56.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:b3:5f:ab:56:79:44:fa:43:54:a3:2d:b8:4c:2c:a3:ca:83:
         d4:d3:dc:ba:aa:b3:43:72:ee:7a:a3:1b:dc:84:b2:4c:73:a4:
         40:47:1e:1d:cd:77:b1:ed:d5:f8:9f:20:5f:06:23:73:ce:16:
         09:6e:60:ad:f2:6e:5a:6c:74:cc:df:ae:c4:5a:22:24:68:96:
         af:9e:f7:8e:db:cf:3d:9e:15:55:e2:de:c5:35:7d:84:dc:f9:
         f6:93:5e:03:9f:0a:fe:86:70:39:d9:52:26:ed:aa:11:e1:95:
         3c:51:cc:ae:9c:0b:d7:67:f9:97:95:ba:ee:d1:73:62:13:6c:
         60:af:1e:f6:19:1e:0e:86:4d:bd:73:f1:43:91:6b:22:1f:85:
         9c:67:51:e2:34:30:09:56:db:f6:13:5f:c7:75:f4:4d:81:62:
         10:8c:b3:f9:3b:ee:4a:3e:40:0b:f0:8f:25:3a:87:0f:60:9e:
         6b:ee:66:91:a0:44:c2:e9:f9:17:a8:0d:d3:73:89:65:ea:fc:
         2a:02:17:97:8f:33:5e:e3:a7:86:a4:dc:28:b5:e5:61:01:53:
         53:61:95:ee:32:97:1e:1a:fd:85:24:19:ef:b4:d8:03:ab:3e:
         59:d0:ee:9e:09:a8:a9:e5:f4:2a:45:6b:90:df:9e:c5:79:f0:
         21:a6:05:b6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfP/XRWAwcsMM8tHtKAzHL9M61PswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDAwMjE3WhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZmI1MjYzZTljOTg5NDQ4ZDY4YjllYjcwNmJkZDYyZDgz
Y2NjYWFjYmY4YjYxZTM0NGIwMGNjZjdjOGU0MDU2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2bPci2vbL4dPGn4LxDcqGVu3dkxXTxyPoia1X/+CiG+uW
OzjH0bR49gN2Vyb4ytdT4/pCKLm0gK2iwXda7ekQwUefq4M/bXujQNnjHt7dnfoK
DVU8ZLx72zPDd2jShdpMl/cVHUkPeuc4gHHc04R1q2/UF3Ath4uDVv882b77Q62S
2Uh6xDOXmNE5i9COnBprki4Idqgix1CHZfmG4Vpzcr6dCwS0f9Hc6GbNm47cXaG6
M64TN13EExYcAZ7aFAwTv1pywjNRh+2Wj30QE0KNn/VC6b849RIH18UxPtsp8ReM
iyZ7SciEWIgW1TkYOjIoNVrmP+cku4Ir32SXyVnvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUaCir2ebEE7XPtavbDTkyrH4bgXUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RkYzQyODVkLWZkZTMtNDNmOS1iZDIyLWZhNjAwMWI4MTM2NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAByOOEwDQYJKoZIhvcNAQELBQADggEBABWzX6tWeUT6Q1SjLbhMLKPKg9TT
3Lqqs0Ny7nqjG9yEskxzpEBHHh3Nd7Ht1fifIF8GI3POFgluYK3yblpsdMzfrsRa
IiRolq+e947bzz2eFVXi3sU1fYTc+faTXgOfCv6GcDnZUibtqhHhlTxRzK6cC9dn
+ZeVuu7Rc2ITbGCvHvYZHg6GTb1z8UORayIfhZxnUeI0MAlW2/YTX8d19E2BYhCM
s/k77ko+QAvwjyU6hw9gnmvuZpGgRMLp+ReoDdNziWXq/CoCF5ePM17jp4ak3Ci1
5WEBU1Nhle4ylx4a/YUkGe+02AOrPlnQ7p4JqKnl9CpFa5DfnsV58CGmBbY=
-----END CERTIFICATE-----