Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/593de0b1-b07b-4d5a-8e80-eec3224dc436.roa
File:                     593de0b1-b07b-4d5a-8e80-eec3224dc436.roa (raw, json)
Hash identifier:          EJ6ft5Fqefk3UkUSR9xrkipj5tzCQ9BlzzGPgIlVIJ8=
Subject key identifier:   EE:28:1E:69:E8:F2:2D:44:7C:24:8F:E2:3F:78:67:47:7B:10:A8:8E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       14195CEEB448D1E75E66D087A3EF7024AC6F62EF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/593de0b1-b07b-4d5a-8e80-eec3224dc436.roa
Signing time:             Tue 04 Nov 2025 00:20:53 +0000
ROA not before:           Tue 04 Nov 2025 00:20:53 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        114.56.128.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:19:5c:ee:b4:48:d1:e7:5e:66:d0:87:a3:ef:70:24:ac:6f:62:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  4 00:20:53 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=8bd8da2436301d0e943206a1b8a64f56a3c0fd75dc3e30ad03a1dc4474d406c1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c9:a9:87:2f:48:f6:a5:de:ba:25:ad:69:7d:
                    99:1d:12:ac:24:66:93:8b:86:5d:20:99:10:3b:88:
                    25:e9:90:21:91:ca:1c:ee:3b:b1:24:f4:64:84:73:
                    f1:87:9e:ce:af:37:1d:87:32:5d:ab:8d:cb:fe:de:
                    0b:68:a1:1a:75:e7:98:b1:dd:d1:64:6a:3c:e3:ec:
                    9a:fa:95:5c:63:96:07:56:dd:c8:02:22:27:d2:c4:
                    1b:36:43:ed:2a:9e:69:08:af:a6:f0:b8:ec:34:48:
                    55:2b:89:b2:60:c7:03:b7:26:7a:3c:ab:9f:d4:61:
                    86:97:27:26:86:01:07:67:92:03:5b:3f:47:7b:5b:
                    5d:b0:f9:b7:43:5e:2a:c9:bf:7f:72:88:7f:9d:47:
                    78:b1:12:e3:94:f9:7e:7c:e2:62:b1:41:d6:37:f0:
                    a7:73:f7:60:e7:94:92:85:65:f3:cf:af:63:ff:e9:
                    8a:f1:3f:80:6d:86:4f:98:44:ba:e3:0c:3d:59:f9:
                    3e:56:e2:17:eb:6a:98:27:c5:f2:2d:cf:98:30:53:
                    f7:6c:7c:19:94:d2:38:80:d5:f5:93:a3:53:c1:de:
                    5e:55:7d:2e:2f:91:99:19:9f:26:77:3c:23:1d:f6:
                    ef:d6:20:72:6e:14:34:bd:dd:e6:da:5e:0e:60:68:
                    ce:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:28:1E:69:E8:F2:2D:44:7C:24:8F:E2:3F:78:67:47:7B:10:A8:8E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/593de0b1-b07b-4d5a-8e80-eec3224dc436.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  114.56.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:bb:59:2c:ec:89:bc:5e:46:2f:43:1c:1d:02:b3:21:a4:c9:
         35:fa:8c:dc:01:fe:fd:2e:ae:2f:08:63:ac:97:02:ff:27:40:
         ad:57:5a:ca:1b:d3:c9:ba:a8:02:65:e6:09:53:e3:53:19:60:
         95:13:a2:b6:71:83:79:3f:de:9a:f8:65:6c:6f:10:2b:99:4b:
         4f:2e:a4:44:c3:83:f8:d7:2d:fc:75:4d:3e:b2:45:2e:6f:7d:
         1f:6e:e2:7a:c4:69:98:99:78:fa:dd:ca:c0:6a:0c:22:94:c4:
         19:6e:4d:22:94:de:8c:fc:a4:c8:79:99:0b:6b:99:2a:8a:17:
         c2:58:7d:b7:3f:08:92:74:dc:9b:c5:d4:17:54:65:92:36:62:
         7a:1b:c9:67:b3:e9:ad:b9:6d:f2:6e:94:fe:9d:5b:ec:cc:86:
         89:5b:4a:fc:e9:bb:fb:6e:7c:8e:cc:9d:8a:17:c2:34:65:0d:
         fc:19:2d:a0:40:57:8c:5e:ab:13:c1:22:d6:38:82:44:2a:af:
         75:26:34:05:dc:a9:5a:45:9a:94:96:8a:e6:6a:ba:07:39:c0:
         a2:47:ee:6d:bc:e4:30:d7:8d:28:49:2b:bb:1b:0c:00:aa:e4:
         6f:6d:e1:b1:63:00:1c:68:17:4a:22:bc:dd:ff:d5:ee:3e:f8:
         07:0a:e8:57
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFBlc7rRI0edeZtCHo+9wJKxvYu8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA0MDAyMDUzWhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YmQ4ZGEyNDM2MzAxZDBlOTQzMjA2YTFiOGE2NGY1NmEz
YzBmZDc1ZGMzZTMwYWQwM2ExZGM0NDc0ZDQwNmMxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpyamHL0j2pd66Ja1pfZkdEqwkZpOLhl0gmRA7iCXpkCGR
yhzuO7Ek9GSEc/GHns6vNx2HMl2rjcv+3gtooRp155ix3dFkajzj7Jr6lVxjlgdW
3cgCIifSxBs2Q+0qnmkIr6bwuOw0SFUribJgxwO3Jno8q5/UYYaXJyaGAQdnkgNb
P0d7W12w+bdDXirJv39yiH+dR3ixEuOU+X584mKxQdY38Kdz92DnlJKFZfPPr2P/
6YrxP4Bthk+YRLrjDD1Z+T5W4hfrapgnxfItz5gwU/dsfBmU0jiA1fWTo1PB3l5V
fS4vkZkZnyZ3PCMd9u/WIHJuFDS93ebaXg5gaM7HAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7igeaejyLUR8JI/iP3hnR3sQqI4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU5M2RlMGIxLWIwN2ItNGQ1YS04ZTgwLWVlYzMyMjRkYzQzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAByOIAwDQYJKoZIhvcNAQELBQADggEBAJG7WSzsibxeRi9DHB0CsyGkyTX6
jNwB/v0uri8IY6yXAv8nQK1XWsob08m6qAJl5glT41MZYJUTorZxg3k/3pr4ZWxv
ECuZS08upETDg/jXLfx1TT6yRS5vfR9u4nrEaZiZePrdysBqDCKUxBluTSKU3oz8
pMh5mQtrmSqKF8JYfbc/CJJ03JvF1BdUZZI2YnobyWez6a25bfJulP6dW+zMholb
Svzpu/tufI7MnYoXwjRlDfwZLaBAV4xeqxPBItY4gkQqr3UmNAXcqVpFmpSWiuZq
ugc5wKJH7m285DDXjShJK7sbDACq5G9t4bFjABxoF0oivN3/1e4++AcK6Fc=
-----END CERTIFICATE-----