Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6392e4ef-e271-45c8-867d-345229dc1cf6.roa
File:                     6392e4ef-e271-45c8-867d-345229dc1cf6.roa (raw, json)
Hash identifier:          4ywFF6b+8UIfzoLBdGgDYfzreN+i5xz9l3jF2o8mc3o=
Subject key identifier:   86:3D:67:C6:FA:C4:9C:58:89:28:DF:87:BC:65:53:4C:56:DE:25:2D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       52CC5C76B48D130C0B9D1C07C0B1CA0836C842C1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6392e4ef-e271-45c8-867d-345229dc1cf6.roa
Signing time:             Tue 21 Oct 2025 00:41:32 +0000
ROA not before:           Tue 21 Oct 2025 00:41:32 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        202.5.176.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:cc:5c:76:b4:8d:13:0c:0b:9d:1c:07:c0:b1:ca:08:36:c8:42:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 21 00:41:32 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=32bbc963ef04ebff53012718e47c003f813cbc3d6d3038da3f458dcb5ae529f4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:16:5f:5b:c2:1b:df:68:07:a1:a9:6a:a2:79:
                    ca:92:60:05:99:d8:f6:d5:d0:75:80:a9:d4:f3:a9:
                    ee:46:9a:80:ce:bd:bd:c6:32:c1:e9:c3:0d:b4:de:
                    03:d7:85:24:fa:d9:97:eb:eb:d0:be:18:7d:cd:1b:
                    f8:82:64:a6:be:4b:b4:1e:6a:8d:d8:7e:61:1c:b8:
                    e0:42:80:c7:98:82:41:e2:1f:fb:86:d1:7b:f0:cd:
                    29:7a:d9:53:d8:f6:52:14:93:4d:ab:ce:91:d3:4f:
                    94:3b:76:2a:2f:6b:2c:95:a8:56:59:99:a5:91:32:
                    86:af:64:fb:c0:eb:f9:31:90:1e:5a:aa:a1:26:ba:
                    ba:ef:28:a2:25:f7:d9:c0:bc:4a:37:ed:5c:b4:99:
                    be:91:fd:c6:7d:28:1a:7b:36:fc:0f:57:79:04:bf:
                    33:d3:3c:4b:28:89:8d:76:29:f6:13:34:91:d6:e0:
                    21:44:f5:be:5b:9f:2d:e0:db:93:31:fd:d6:65:70:
                    61:96:d0:30:19:50:dc:55:36:e6:ce:a1:b3:6a:a2:
                    14:d9:87:db:c9:80:17:a4:b2:46:a4:08:b1:25:08:
                    27:76:f0:cf:38:03:58:c5:b0:a0:ec:4c:29:e2:d0:
                    cf:37:f8:fc:00:4d:7a:f8:d3:aa:73:f0:c8:9e:db:
                    18:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:3D:67:C6:FA:C4:9C:58:89:28:DF:87:BC:65:53:4C:56:DE:25:2D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6392e4ef-e271-45c8-867d-345229dc1cf6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.5.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:c1:b9:3f:b2:bb:c4:bd:37:f5:0b:ba:2b:7f:5c:bf:ed:0f:
         f2:42:85:bd:c2:67:9a:e7:ed:73:81:4f:ce:ec:26:ea:da:e9:
         95:aa:f9:fb:0d:c5:0e:d4:33:f9:f6:7a:b2:bd:d7:a9:c1:8f:
         f7:46:b9:4c:c0:60:86:56:c1:23:9c:d9:2e:0b:fe:ad:26:13:
         c3:94:4e:b9:61:56:f4:4c:25:40:de:00:0d:6a:28:38:3d:54:
         f4:99:fc:f3:bd:d2:be:a8:b0:c9:2a:83:6d:fc:56:b4:1b:46:
         25:6b:25:bd:3f:54:bc:86:a6:85:a7:79:f1:72:17:ec:49:0e:
         24:35:7a:d4:c9:3a:20:05:46:80:28:55:bf:d9:6a:53:22:b3:
         ab:c8:33:0a:55:ee:23:b1:79:7c:c8:a9:1a:99:13:ac:d5:d7:
         47:d7:03:0d:a3:f0:5d:50:09:a1:f3:3d:a9:44:1c:79:63:76:
         23:8e:5c:63:a6:b8:0b:56:b9:7f:45:02:fb:d5:29:4a:46:b7:
         74:d4:1b:9d:80:d3:a9:1f:95:dc:cb:13:a6:65:02:bf:3e:24:
         1b:eb:86:50:8b:e5:0a:2e:3e:bb:3d:61:38:29:01:af:f7:a7:
         50:28:7c:83:98:70:9d:a1:d6:a7:c0:f3:c6:a7:d2:c8:85:6d:
         ea:20:ce:20
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUsxcdrSNEwwLnRwHwLHKCDbIQsEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIxMDA0MTMyWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMmJiYzk2M2VmMDRlYmZmNTMwMTI3MThlNDdjMDAzZjgx
M2NiYzNkNmQzMDM4ZGEzZjQ1OGRjYjVhZTUyOWY0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDdFl9bwhvfaAehqWqiecqSYAWZ2PbV0HWAqdTzqe5GmoDO
vb3GMsHpww203gPXhST62Zfr69C+GH3NG/iCZKa+S7Qeao3YfmEcuOBCgMeYgkHi
H/uG0XvwzSl62VPY9lIUk02rzpHTT5Q7diovayyVqFZZmaWRMoavZPvA6/kxkB5a
qqEmurrvKKIl99nAvEo37Vy0mb6R/cZ9KBp7NvwPV3kEvzPTPEsoiY12KfYTNJHW
4CFE9b5bny3g25Mx/dZlcGGW0DAZUNxVNubOobNqohTZh9vJgBekskakCLElCCd2
8M84A1jFsKDsTCni0M83+PwATXr406pz8Mie2xjZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhj1nxvrEnFiJKN+HvGVTTFbeJS0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYzOTJlNGVmLWUyNzEtNDVjOC04NjdkLTM0NTIyOWRjMWNmNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADKBbAwDQYJKoZIhvcNAQELBQADggEBAL7BuT+yu8S9N/ULuit/XL/tD/JC
hb3CZ5rn7XOBT87sJura6ZWq+fsNxQ7UM/n2erK916nBj/dGuUzAYIZWwSOc2S4L
/q0mE8OUTrlhVvRMJUDeAA1qKDg9VPSZ/PO90r6osMkqg238VrQbRiVrJb0/VLyG
poWnefFyF+xJDiQ1etTJOiAFRoAoVb/ZalMis6vIMwpV7iOxeXzIqRqZE6zV10fX
Aw2j8F1QCaHzPalEHHljdiOOXGOmuAtWuX9FAvvVKUpGt3TUG52A06kfldzLE6Zl
Ar8+JBvrhlCL5QouPrs9YTgpAa/3p1AofIOYcJ2h1qfA88an0siFbeogziA=
-----END CERTIFICATE-----