Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ea4f0ec-c158-4950-9858-041d23e677f2.roa
File:                     9ea4f0ec-c158-4950-9858-041d23e677f2.roa (raw, json)
Hash identifier:          k5/e1X7COizLgtpepaiSkH4+06/bLzE5L/jzor+WCpA=
Subject key identifier:   D7:1B:9B:37:ED:F1:91:F4:FC:FE:48:45:BD:E6:8C:0A:7A:1B:ED:9C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       149332868D28EAEADBA911C2AD536C563112066E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ea4f0ec-c158-4950-9858-041d23e677f2.roa
Signing time:             Wed 22 Oct 2025 00:01:42 +0000
ROA not before:           Wed 22 Oct 2025 00:01:42 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        203.88.94.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:93:32:86:8d:28:ea:ea:db:a9:11:c2:ad:53:6c:56:31:12:06:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:01:42 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=877e47889c43fa3d846045d8ac48edbc26dbdc60a967efc33c5cc82ec026b660, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:2e:2e:91:fe:c7:32:7e:47:29:db:db:ac:f4:
                    1a:52:05:90:56:29:15:aa:2a:e3:c8:7d:28:df:2f:
                    9f:8d:e1:b3:37:97:e1:0e:f6:4e:af:69:1a:21:30:
                    00:da:c1:6e:09:2f:21:e4:aa:82:87:15:08:b5:72:
                    a3:57:88:01:0d:40:a6:1d:aa:ed:2f:db:57:10:03:
                    37:55:e4:c0:33:02:03:4b:d2:47:83:42:7c:3a:3e:
                    b4:9a:18:64:33:26:39:38:8c:37:58:44:2b:ec:4a:
                    9a:c6:fc:fe:fe:73:5f:36:73:b2:be:39:01:b4:91:
                    14:e9:5a:88:31:6a:ff:da:79:f7:c4:00:9e:20:4c:
                    e0:ac:54:0e:3b:67:b9:6b:db:4a:6f:5e:9f:18:c1:
                    cc:2a:15:14:63:b2:d9:f3:1a:a3:6e:a8:5e:f8:05:
                    dd:f4:eb:e1:d4:59:54:a6:6d:8a:31:4b:64:ea:a3:
                    1e:9c:2b:22:b4:51:fe:19:7f:65:4a:ad:92:36:a2:
                    66:89:e3:09:8a:47:84:e6:f9:1e:52:99:63:ec:08:
                    31:54:73:d8:7a:6c:84:30:b3:c0:5b:0e:7b:5d:a4:
                    dd:8b:57:0c:e9:9d:9b:f6:f2:95:61:15:d7:0d:52:
                    b9:27:d9:3c:cb:93:e5:e1:82:0d:5f:90:15:ba:40:
                    93:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:1B:9B:37:ED:F1:91:F4:FC:FE:48:45:BD:E6:8C:0A:7A:1B:ED:9C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ea4f0ec-c158-4950-9858-041d23e677f2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.88.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:b8:f7:bc:fa:60:0b:f5:81:79:aa:cf:43:c4:db:15:c6:14:
         ec:33:e9:e0:44:21:37:98:6e:cb:e9:ee:0a:b7:f8:6d:5f:9c:
         9b:13:3d:94:4a:f3:88:ff:e8:2f:5f:a7:ec:58:a3:ca:fb:df:
         a4:d3:84:ea:81:27:57:bc:b7:4e:61:be:6a:dd:eb:3c:04:62:
         f0:47:d1:1d:8a:f5:8d:f3:7b:49:3d:99:49:bb:2d:63:a0:fb:
         f2:42:6a:c1:23:25:0c:e4:bc:c4:02:07:d0:aa:ca:05:73:27:
         c0:e9:6c:89:67:86:04:a9:1b:6e:6e:30:03:95:57:21:c6:cc:
         2d:c6:7e:57:7d:ed:10:90:79:7d:fc:a2:48:12:e8:4f:8f:ac:
         86:c4:fa:c8:56:31:95:40:b3:9a:84:17:e3:54:f1:e2:fb:50:
         ea:c7:1e:f7:0b:4a:66:6a:57:18:16:ab:44:48:5a:ea:02:1e:
         75:9d:75:3b:c0:31:dd:30:d2:ed:ab:8c:70:aa:36:ce:40:56:
         cf:4a:5d:f8:91:6a:8e:85:fe:16:15:9a:af:57:d0:4c:fd:34:
         61:d6:99:86:f3:77:f8:02:52:d9:ff:0e:bd:7c:65:6e:0c:35:
         3f:31:8e:ca:fb:41:2c:59:cb:0c:4a:47:8f:8a:df:61:a7:78:
         35:a6:28:6a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFJMyho0o6urbqRHCrVNsVjESBm4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAwMTQyWhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NzdlNDc4ODljNDNmYTNkODQ2MDQ1ZDhhYzQ4ZWRiYzI2
ZGJkYzYwYTk2N2VmYzMzYzVjYzgyZWMwMjZiNjYwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbLi6R/scyfkcp29us9BpSBZBWKRWqKuPIfSjfL5+N4bM3
l+EO9k6vaRohMADawW4JLyHkqoKHFQi1cqNXiAENQKYdqu0v21cQAzdV5MAzAgNL
0keDQnw6PrSaGGQzJjk4jDdYRCvsSprG/P7+c182c7K+OQG0kRTpWogxav/aeffE
AJ4gTOCsVA47Z7lr20pvXp8YwcwqFRRjstnzGqNuqF74Bd306+HUWVSmbYoxS2Tq
ox6cKyK0Uf4Zf2VKrZI2omaJ4wmKR4Tm+R5SmWPsCDFUc9h6bIQws8BbDntdpN2L
VwzpnZv28pVhFdcNUrkn2TzLk+Xhgg1fkBW6QJO1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1xubN+3xkfT8/khFveaMCnob7ZwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzllYTRmMGVjLWMxNTgtNDk1MC05ODU4LTA0MWQyM2U2NzdmMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADLWF4wDQYJKoZIhvcNAQELBQADggEBAM2497z6YAv1gXmqz0PE2xXGFOwz
6eBEITeYbsvp7gq3+G1fnJsTPZRK84j/6C9fp+xYo8r736TThOqBJ1e8t05hvmrd
6zwEYvBH0R2K9Y3ze0k9mUm7LWOg+/JCasEjJQzkvMQCB9CqygVzJ8DpbIlnhgSp
G25uMAOVVyHGzC3Gfld97RCQeX38okgS6E+PrIbE+shWMZVAs5qEF+NU8eL7UOrH
HvcLSmZqVxgWq0RIWuoCHnWddTvAMd0w0u2rjHCqNs5AVs9KXfiRao6F/hYVmq9X
0Ez9NGHWmYbzd/gCUtn/Dr18ZW4MNT8xjsr7QSxZywxKR4+K32GneDWmKGo=
-----END CERTIFICATE-----