Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0d5db1ef-788a-43c1-a576-eebf7d6c7b32.roa
File:                     0d5db1ef-788a-43c1-a576-eebf7d6c7b32.roa (raw, json)
Hash identifier:          ZOzyZBk6gNKLZ9VbvECGFoFSeWUKT+VeeOXfGBbPrRQ=
Subject key identifier:   D4:15:BD:32:F0:A2:BC:25:CA:9C:45:F5:37:F4:3C:C8:24:19:99:12
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       68948CC83C76B3677F363ABF6521912BDFEA45FA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0d5db1ef-788a-43c1-a576-eebf7d6c7b32.roa
Signing time:             Fri 31 Oct 2025 01:00:43 +0000
ROA not before:           Fri 31 Oct 2025 01:00:43 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        5.174.128.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:94:8c:c8:3c:76:b3:67:7f:36:3a:bf:65:21:91:2b:df:ea:45:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 01:00:43 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=83b3b27b20e15c8a9a3403c8a535b4a68045e1f3849712d8c7be167f52e9f9ce, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:3f:17:81:f3:58:24:e9:c2:35:71:50:83:5d:
                    a6:8f:99:32:1d:ad:24:ac:fd:96:a1:d4:72:17:51:
                    49:0c:ad:c8:52:db:91:59:88:d5:b0:f0:68:26:6f:
                    ea:51:8a:4f:9f:9d:5e:42:44:fe:42:00:4c:56:9a:
                    f3:e2:ae:53:89:be:d0:6d:0a:06:29:2e:8b:e1:91:
                    20:ff:b2:6c:01:cf:ce:5f:8e:e5:be:21:46:a2:16:
                    66:e0:66:78:88:61:0b:69:41:27:01:93:b3:e0:c4:
                    ea:d8:77:e1:d2:15:79:fd:22:b6:31:2e:73:a8:0a:
                    3c:e9:15:73:ee:68:bb:95:08:f2:39:57:63:ea:16:
                    bf:aa:ec:6b:1c:8c:df:0d:8c:cf:c5:a8:e9:55:a8:
                    b4:39:5b:de:09:69:fd:62:91:b5:61:2c:a6:c7:82:
                    9b:19:19:dc:f6:4f:9d:b4:5a:4e:16:2b:43:89:08:
                    d9:6c:22:5c:59:e7:15:aa:65:08:f9:52:e7:26:a7:
                    e2:e2:b5:e0:e3:3a:5b:92:bc:c7:22:9e:72:47:11:
                    87:b3:f2:32:e5:88:fe:01:c6:8c:9c:ba:7c:49:9b:
                    87:d2:91:e6:46:9f:11:aa:e9:ac:16:a7:eb:91:37:
                    75:a9:f3:5e:46:95:cc:69:63:3f:5c:3b:5e:98:2c:
                    dc:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:15:BD:32:F0:A2:BC:25:CA:9C:45:F5:37:F4:3C:C8:24:19:99:12
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0d5db1ef-788a-43c1-a576-eebf7d6c7b32.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.174.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         2f:20:77:b8:6a:56:8f:39:81:fb:00:76:66:72:c9:17:3d:4f:
         2a:06:c6:c1:2e:f0:1e:ac:26:35:10:cf:16:51:90:ad:fd:e3:
         59:5e:c7:f6:ef:89:46:44:bc:a4:75:13:59:1c:67:19:35:34:
         30:77:ae:53:c7:b6:9b:89:5b:78:69:86:1e:d0:e0:c4:3c:0f:
         23:62:ed:5a:1f:0f:24:d0:f1:40:10:83:8d:11:28:2c:c7:17:
         3c:f6:3c:35:a0:ef:65:3f:e4:a5:5b:89:ae:17:e1:83:bd:3b:
         4b:19:0e:29:be:d7:62:76:ed:98:6d:61:37:06:48:26:02:8f:
         51:29:e6:28:47:bb:ff:48:0e:00:a9:49:ea:e0:2c:5b:55:ba:
         43:38:79:9d:b4:fc:00:94:23:7c:c4:29:63:13:75:a2:9e:da:
         e5:ea:8c:93:ab:5e:2c:37:e2:0f:94:b1:6a:fb:86:da:a2:c1:
         71:cc:f8:86:32:e9:48:4a:d2:5d:6a:7e:c9:29:6a:b3:5d:91:
         9a:ae:96:8b:fc:e4:48:5d:90:d4:4b:01:b3:40:e7:9a:51:d4:
         c5:04:f7:60:44:9c:60:b1:49:d9:7d:ab:ee:f4:ea:95:86:3f:
         ed:45:d6:8a:72:1d:2c:fb:d0:38:09:60:47:44:fd:96:20:13:
         78:fa:33:23
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaJSMyDx2s2d/Njq/ZSGRK9/qRfowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMDEwMDQzWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4M2IzYjI3YjIwZTE1YzhhOWEzNDAzYzhhNTM1YjRhNjgw
NDVlMWYzODQ5NzEyZDhjN2JlMTY3ZjUyZTlmOWNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTPxeB81gk6cI1cVCDXaaPmTIdrSSs/Zah1HIXUUkMrchS
25FZiNWw8Ggmb+pRik+fnV5CRP5CAExWmvPirlOJvtBtCgYpLovhkSD/smwBz85f
juW+IUaiFmbgZniIYQtpQScBk7PgxOrYd+HSFXn9IrYxLnOoCjzpFXPuaLuVCPI5
V2PqFr+q7GscjN8NjM/FqOlVqLQ5W94Jaf1ikbVhLKbHgpsZGdz2T520Wk4WK0OJ
CNlsIlxZ5xWqZQj5Uucmp+LiteDjOluSvMcinnJHEYez8jLliP4BxoycunxJm4fS
keZGnxGq6awWp+uRN3Wp815GlcxpYz9cO16YLNxtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1BW9MvCivCXKnEX1N/Q8yCQZmRIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBkNWRiMWVmLTc4OGEtNDNjMS1hNTc2LWVlYmY3ZDZjN2IzMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQFroAwDQYJKoZIhvcNAQELBQADggEBAC8gd7hqVo85gfsAdmZyyRc9TyoG
xsEu8B6sJjUQzxZRkK3941lex/bviUZEvKR1E1kcZxk1NDB3rlPHtpuJW3hphh7Q
4MQ8DyNi7VofDyTQ8UAQg40RKCzHFzz2PDWg72U/5KVbia4X4YO9O0sZDim+12J2
7ZhtYTcGSCYCj1Ep5ihHu/9IDgCpSergLFtVukM4eZ20/ACUI3zEKWMTdaKe2uXq
jJOrXiw34g+UsWr7htqiwXHM+IYy6UhK0l1qfskparNdkZqulov85EhdkNRLAbNA
55pR1MUE92BEnGCxSdl9q+706pWGP+1F1opyHSz70DgJYEdE/ZYgE3j6MyM=
-----END CERTIFICATE-----