Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/30562a60-1701-4170-b8a8-701d0efcb738.roa
File:                     30562a60-1701-4170-b8a8-701d0efcb738.roa (raw, json)
Hash identifier:          Nfz2uDV6vu2VxAr65vckS/A3KoQCU1LSyuMMYv/SNPM=
Subject key identifier:   35:8D:EF:7C:E2:B3:7F:71:9A:D7:21:7A:04:E4:23:FC:90:89:8C:FA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       26C988A566F430F0B356BD3E003449E4B0659E97
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/30562a60-1701-4170-b8a8-701d0efcb738.roa
Signing time:             Tue 21 Oct 2025 00:51:02 +0000
ROA not before:           Tue 21 Oct 2025 00:51:02 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        202.80.164.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:c9:88:a5:66:f4:30:f0:b3:56:bd:3e:00:34:49:e4:b0:65:9e:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 21 00:51:02 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=37e7dcf4b4ed1ac0db2e168b7c7204d1a5181624aa07bd76f9d32023e81c235a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:cb:7d:bf:91:df:2b:4c:56:dd:54:61:4d:d7:
                    a2:7d:1a:66:3b:ce:08:68:11:77:9e:e7:92:62:db:
                    7d:bc:0e:59:ff:38:16:30:fe:5e:0f:1d:7a:eb:36:
                    a3:ba:40:d3:ea:2c:18:76:dc:8a:aa:84:66:7e:9a:
                    48:51:e2:9a:30:14:ed:aa:8a:9b:b6:c1:5e:88:66:
                    8f:bd:ed:90:fd:1f:a6:9e:03:9c:32:10:87:c7:12:
                    3a:64:a0:5f:41:5d:dd:21:5a:d4:4b:bc:53:ba:8e:
                    8b:01:aa:9f:7d:88:24:e4:0f:cd:85:ed:81:48:ad:
                    3f:48:54:c4:90:1e:f2:0c:ac:aa:a5:a0:44:2d:fe:
                    6e:8c:8f:7b:55:15:64:3c:0a:59:ed:33:2d:fc:97:
                    96:0b:f8:c1:6a:a6:e5:a4:7f:d1:44:c1:32:92:fd:
                    e6:d2:bd:05:81:e1:70:8a:a0:e0:39:0f:a9:be:b1:
                    53:bf:4e:68:86:2a:43:02:84:b5:89:23:15:25:ab:
                    e3:e5:0f:41:9b:22:53:15:38:39:0a:c7:dd:da:4e:
                    15:c7:4c:b3:6a:3c:d9:be:91:d4:aa:a5:ac:f1:aa:
                    98:e7:0f:c6:ca:7b:e2:a5:57:19:6d:3b:1c:2c:08:
                    00:23:97:c8:5c:e5:2d:b1:7c:c0:63:62:8c:7f:cc:
                    2d:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:8D:EF:7C:E2:B3:7F:71:9A:D7:21:7A:04:E4:23:FC:90:89:8C:FA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/30562a60-1701-4170-b8a8-701d0efcb738.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.80.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:fb:0c:21:80:cc:70:53:83:2e:5d:46:25:03:f6:74:1c:53:
         02:73:f1:f8:67:9b:2d:5a:0b:38:ad:58:7d:10:94:31:7f:f6:
         b0:fc:be:0b:8d:1c:51:7a:c0:b7:95:a7:ba:3d:96:c9:46:ad:
         65:9c:f9:ac:8b:5a:1b:8a:ea:99:0c:c1:a0:5b:11:67:9e:bc:
         12:64:a4:89:d9:00:f1:de:a4:1a:62:c3:93:b2:0f:91:d9:e7:
         bb:49:51:15:9e:7c:00:93:ee:a8:64:f1:b1:76:d3:4a:90:2b:
         f5:21:ea:2e:4d:70:0e:13:eb:82:4a:b0:94:d7:ee:35:b6:b1:
         bf:58:2f:36:d7:f3:63:a3:7a:28:99:5b:28:4c:b0:45:97:35:
         b3:11:ef:f7:0b:ad:75:6a:f1:25:90:30:eb:ea:ce:51:bd:6d:
         6d:aa:1e:0a:06:c0:e7:b5:df:0c:82:d8:05:5e:f1:5d:37:7c:
         b8:c0:fd:23:b9:cd:39:3e:50:04:6a:71:20:69:a7:72:86:1a:
         93:92:f2:30:8d:b9:c1:07:aa:80:36:54:2d:a3:be:d4:27:94:
         f0:bb:cf:57:d1:91:68:0e:7c:4e:28:c0:a4:06:4c:2f:59:1b:
         a0:a2:9e:92:10:94:85:e3:ec:b7:22:52:f9:5a:5e:ad:cc:79:
         9b:51:16:40
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJsmIpWb0MPCzVr0+ADRJ5LBlnpcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIxMDA1MTAyWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzN2U3ZGNmNGI0ZWQxYWMwZGIyZTE2OGI3YzcyMDRkMWE1
MTgxNjI0YWEwN2JkNzZmOWQzMjAyM2U4MWMyMzVhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBy32/kd8rTFbdVGFN16J9GmY7zghoEXee55Ji2328Dln/
OBYw/l4PHXrrNqO6QNPqLBh23IqqhGZ+mkhR4powFO2qipu2wV6IZo+97ZD9H6ae
A5wyEIfHEjpkoF9BXd0hWtRLvFO6josBqp99iCTkD82F7YFIrT9IVMSQHvIMrKql
oEQt/m6Mj3tVFWQ8ClntMy38l5YL+MFqpuWkf9FEwTKS/ebSvQWB4XCKoOA5D6m+
sVO/TmiGKkMChLWJIxUlq+PlD0GbIlMVODkKx93aThXHTLNqPNm+kdSqpazxqpjn
D8bKe+KlVxltOxwsCAAjl8hc5S2xfMBjYox/zC1xAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNY3vfOKzf3Ga1yF6BOQj/JCJjPowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMwNTYyYTYwLTE3MDEtNDE3MC1iOGE4LTcwMWQwZWZjYjczOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADKUKQwDQYJKoZIhvcNAQELBQADggEBAA37DCGAzHBTgy5dRiUD9nQcUwJz
8fhnmy1aCzitWH0QlDF/9rD8vguNHFF6wLeVp7o9lslGrWWc+ayLWhuK6pkMwaBb
EWeevBJkpInZAPHepBpiw5OyD5HZ57tJURWefACT7qhk8bF200qQK/Uh6i5NcA4T
64JKsJTX7jW2sb9YLzbX82OjeiiZWyhMsEWXNbMR7/cLrXVq8SWQMOvqzlG9bW2q
HgoGwOe13wyC2AVe8V03fLjA/SO5zTk+UARqcSBpp3KGGpOS8jCNucEHqoA2VC2j
vtQnlPC7z1fRkWgOfE4owKQGTC9ZG6CinpIQlIXj7LciUvlaXq3MeZtRFkA=
-----END CERTIFICATE-----