Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/119594d3-1a17-4118-856d-889f2bef824e.roa
File:                     119594d3-1a17-4118-856d-889f2bef824e.roa (raw, json)
Hash identifier:          6W6xlwUeG2PLDEoKGuQ1bpcMEp1Nux7EDTwnE0kmUOU=
Subject key identifier:   60:33:24:7F:8D:E0:1C:46:7F:0B:10:0F:59:15:CB:B7:86:23:69:05
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       718178A5B952A5E0A7761A7DF875485450FB6F6A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/119594d3-1a17-4118-856d-889f2bef824e.roa
Signing time:             Fri 31 Oct 2025 00:20:51 +0000
ROA not before:           Fri 31 Oct 2025 00:20:51 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        5.174.168.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:81:78:a5:b9:52:a5:e0:a7:76:1a:7d:f8:75:48:54:50:fb:6f:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 00:20:51 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=7dbeb202b4ae7227a5523dd4d8d29ccae7bac162f82b05beafcc594de0b0d3fa, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:ed:50:c5:64:09:40:e7:81:52:ac:78:1b:bf:
                    9c:b3:66:de:39:a7:f1:d3:22:6c:04:66:ca:a2:d9:
                    ff:08:ce:b4:52:06:d7:d7:4e:43:d9:6e:95:8f:06:
                    72:bd:28:ef:32:89:24:c9:bc:5e:a6:b6:2f:80:04:
                    1c:d0:c8:46:10:38:86:db:a4:c9:05:43:f6:27:43:
                    2f:70:e9:37:83:16:db:31:4a:f0:15:12:52:b1:7a:
                    05:62:7c:c0:0f:b1:77:25:5b:6a:a5:95:4c:e7:96:
                    4e:c7:a9:e1:a8:39:3a:a2:31:3a:1d:3f:1a:5e:17:
                    cb:36:ff:ff:63:a7:a0:6b:4e:a6:7c:d6:8d:c7:b0:
                    d8:ef:72:8a:55:c5:86:b4:69:fd:5d:2b:de:bf:0d:
                    5b:14:e3:78:13:36:e0:62:a3:cb:b0:83:d8:69:4c:
                    e9:a3:e4:0f:db:82:28:ef:b1:42:a7:2c:52:97:3a:
                    d7:bd:53:e4:4c:61:d1:ef:7e:02:a0:a4:78:83:f1:
                    34:e5:2f:1d:78:11:fc:94:d9:ef:f2:07:43:ef:d7:
                    d1:35:67:81:bb:e2:5c:75:3d:e7:75:4d:26:08:6f:
                    b5:cf:54:40:59:d9:ea:3d:f2:67:b4:51:2d:86:a3:
                    be:de:f3:04:45:87:74:5e:ba:d9:7d:08:e9:03:f7:
                    f1:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:33:24:7F:8D:E0:1C:46:7F:0B:10:0F:59:15:CB:B7:86:23:69:05
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/119594d3-1a17-4118-856d-889f2bef824e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.174.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         79:5f:00:3f:fa:f7:73:5c:31:eb:ce:62:72:f4:7e:62:8e:1b:
         50:7a:54:42:5e:43:a7:6b:ab:6b:f4:94:41:40:12:dd:a1:33:
         ff:80:cb:a9:d8:bd:b7:15:80:54:9a:21:41:fa:34:f3:28:0d:
         7e:84:e1:a2:c7:3d:2a:ed:36:6b:83:77:c5:d0:8f:8d:94:8e:
         09:5e:c6:a7:be:a8:61:f4:3c:a7:bc:7e:05:23:fd:13:16:d0:
         f0:ab:33:b0:a2:6c:c8:5c:ac:f7:f5:f9:b2:97:ab:d2:e1:74:
         14:d7:7c:54:2a:92:b4:ef:1e:90:8d:5d:5e:67:d4:76:14:70:
         73:80:de:1f:b4:e2:68:47:7f:0e:b6:58:70:2f:a1:b8:b0:d1:
         76:06:85:95:c2:d9:31:f0:32:6b:1d:f1:0d:d0:d1:a6:15:95:
         ab:11:9e:e5:1f:46:76:c4:b2:39:16:49:f8:eb:99:5f:37:e8:
         fd:de:7d:28:da:a8:43:d7:2e:cf:b7:4e:02:01:7b:e7:3c:70:
         da:e8:df:29:0a:9e:4e:20:ab:13:47:2b:0a:20:99:8d:03:2c:
         5a:6f:bd:1b:f6:97:f3:0d:07:b0:2b:9e:d4:0e:15:a6:8f:2c:
         8b:a8:38:39:cd:25:bd:24:a0:ea:b7:2c:0b:17:cf:29:e7:2e:
         65:b0:81:71
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcYF4pblSpeCndhp9+HVIVFD7b2owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMDAyMDUxWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZGJlYjIwMmI0YWU3MjI3YTU1MjNkZDRkOGQyOWNjYWU3
YmFjMTYyZjgyYjA1YmVhZmNjNTk0ZGUwYjBkM2ZhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZ7VDFZAlA54FSrHgbv5yzZt45p/HTImwEZsqi2f8IzrRS
BtfXTkPZbpWPBnK9KO8yiSTJvF6mti+ABBzQyEYQOIbbpMkFQ/YnQy9w6TeDFtsx
SvAVElKxegVifMAPsXclW2qllUznlk7HqeGoOTqiMTodPxpeF8s2//9jp6BrTqZ8
1o3HsNjvcopVxYa0af1dK96/DVsU43gTNuBio8uwg9hpTOmj5A/bgijvsUKnLFKX
Ote9U+RMYdHvfgKgpHiD8TTlLx14EfyU2e/yB0Pv19E1Z4G74lx1Ped1TSYIb7XP
VEBZ2eo98me0US2Go77e8wRFh3Reutl9COkD9/EvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYDMkf43gHEZ/CxAPWRXLt4YjaQUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzExOTU5NGQzLTFhMTctNDExOC04NTZkLTg4OWYyYmVmODI0ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMFrqgwDQYJKoZIhvcNAQELBQADggEBAHlfAD/693NcMevOYnL0fmKOG1B6
VEJeQ6drq2v0lEFAEt2hM/+Ay6nYvbcVgFSaIUH6NPMoDX6E4aLHPSrtNmuDd8XQ
j42Ujglexqe+qGH0PKe8fgUj/RMW0PCrM7CibMhcrPf1+bKXq9LhdBTXfFQqkrTv
HpCNXV5n1HYUcHOA3h+04mhHfw62WHAvobiw0XYGhZXC2THwMmsd8Q3Q0aYVlasR
nuUfRnbEsjkWSfjrmV836P3efSjaqEPXLs+3TgIBe+c8cNro3ykKnk4gqxNHKwog
mY0DLFpvvRv2l/MNB7ArntQOFaaPLIuoODnNJb0koOq3LAsXzynnLmWwgXE=
-----END CERTIFICATE-----