Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e0d72906-944e-4bc2-af72-c6e35bbdf545.roa
File:                     e0d72906-944e-4bc2-af72-c6e35bbdf545.roa (raw, json)
Hash identifier:          hCuVXjfOCmvWyg2vh/E9ZKmmzGmZ7Jzy6aCvj2AQ1m4=
Subject key identifier:   C1:AC:3E:78:FB:3D:A7:68:49:28:E7:58:DC:83:D2:A3:EE:50:24:2E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       73FF1B1C102F9B0EBD68328494F3D714C134FB73
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e0d72906-944e-4bc2-af72-c6e35bbdf545.roa
Signing time:             Tue 21 Oct 2025 00:40:07 +0000
ROA not before:           Tue 21 Oct 2025 00:40:07 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        202.5.160.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:ff:1b:1c:10:2f:9b:0e:bd:68:32:84:94:f3:d7:14:c1:34:fb:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 21 00:40:07 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=d4b635dcd14903b6ce22c93e939cffb93a7344eb9c3510a5342be69fa92a8638, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:85:42:86:75:c9:23:22:d4:15:fb:d7:78:c9:
                    ce:c8:bb:b9:e9:35:dc:3c:81:89:0f:18:09:15:73:
                    2d:9c:64:ef:f9:a9:34:08:39:13:d7:6d:6a:d2:6d:
                    69:35:0c:11:60:9c:b9:a8:37:64:a7:77:ea:c4:a8:
                    46:1a:a7:fe:ce:ca:43:5b:ae:5c:81:c3:6b:41:4e:
                    2f:de:7b:15:7b:e9:67:f8:f5:f0:5e:24:e5:e8:3e:
                    17:7a:a0:19:42:a8:ee:13:68:0c:c2:8d:86:77:09:
                    c4:10:ad:a5:55:7a:9a:1c:6a:cd:76:97:b5:59:f0:
                    96:90:3f:cf:92:e0:16:34:11:a9:fe:10:09:2c:75:
                    05:4a:98:0d:fe:6b:ba:14:69:1c:7f:35:a2:2b:07:
                    43:a9:3e:d3:c8:8a:61:c8:06:9d:49:f2:c1:34:be:
                    f7:3d:e0:5a:f4:ff:ba:8e:ab:4c:8b:4d:1a:86:da:
                    5a:e7:65:58:0d:cc:73:e3:28:18:1b:4c:dd:b8:85:
                    63:93:ae:36:24:4b:73:fe:45:96:dc:5b:87:2b:bf:
                    4c:ca:85:79:52:53:b4:c0:13:5c:56:dd:c6:19:99:
                    d4:a4:1d:ba:4e:5b:c2:a8:c0:c3:d8:87:b3:8d:af:
                    1a:9a:a0:58:7c:52:af:08:ea:f3:67:9c:1c:f3:0e:
                    08:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:AC:3E:78:FB:3D:A7:68:49:28:E7:58:DC:83:D2:A3:EE:50:24:2E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e0d72906-944e-4bc2-af72-c6e35bbdf545.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.5.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:bd:6b:f5:2f:1b:bb:54:d0:18:a5:6b:27:49:6a:d0:90:71:
         3b:ac:2b:81:ae:b5:0e:b1:29:08:04:a3:a8:66:6f:04:c8:89:
         35:e9:89:df:a8:72:1b:9c:ec:90:ae:46:cd:8b:32:eb:cb:55:
         2d:f7:70:6e:f4:82:f1:c2:d3:bb:36:16:e0:4d:85:48:0a:09:
         8e:74:81:86:c6:ce:ce:2f:e8:2d:12:49:3a:6f:f8:6e:64:31:
         25:f9:c5:08:7c:77:84:ac:e8:36:de:d8:43:08:af:09:64:b8:
         40:23:d7:13:e1:60:e7:7a:2f:c7:04:fe:3f:c6:da:f3:24:4f:
         73:4b:68:5a:16:5e:58:9a:4e:7d:71:b1:0b:65:56:54:e3:86:
         0f:fc:b6:a1:f5:d1:a7:16:63:44:78:7a:2d:cc:8f:ab:25:a7:
         67:32:f2:be:37:0e:87:04:f2:db:ce:46:62:84:47:55:ce:40:
         32:2e:b9:61:40:f9:7c:bf:7d:f1:8f:41:3b:dc:b3:c3:2a:65:
         45:79:89:fe:1e:8b:4e:af:60:35:11:01:ca:23:2a:05:5b:51:
         de:24:d1:e8:f4:0c:78:21:db:64:06:ae:57:0a:50:7e:bf:ef:
         7d:34:91:13:b0:36:fb:77:12:92:97:5d:63:c9:a0:04:a2:ea:
         25:ea:3e:6f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUc/8bHBAvmw69aDKElPPXFME0+3MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIxMDA0MDA3WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNGI2MzVkY2QxNDkwM2I2Y2UyMmM5M2U5MzljZmZiOTNh
NzM0NGViOWMzNTEwYTUzNDJiZTY5ZmE5MmE4NjM4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEhUKGdckjItQV+9d4yc7Iu7npNdw8gYkPGAkVcy2cZO/5
qTQIORPXbWrSbWk1DBFgnLmoN2Snd+rEqEYap/7OykNbrlyBw2tBTi/eexV76Wf4
9fBeJOXoPhd6oBlCqO4TaAzCjYZ3CcQQraVVepocas12l7VZ8JaQP8+S4BY0Ean+
EAksdQVKmA3+a7oUaRx/NaIrB0OpPtPIimHIBp1J8sE0vvc94Fr0/7qOq0yLTRqG
2lrnZVgNzHPjKBgbTN24hWOTrjYkS3P+RZbcW4crv0zKhXlSU7TAE1xW3cYZmdSk
HbpOW8KowMPYh7ONrxqaoFh8Uq8I6vNnnBzzDghXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwaw+ePs9p2hJKOdY3IPSo+5QJC4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UwZDcyOTA2LTk0NGUtNGJjMi1hZjcyLWM2ZTM1YmJkZjU0NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAHKBaAwDQYJKoZIhvcNAQELBQADggEBADi9a/UvG7tU0BilaydJatCQcTus
K4GutQ6xKQgEo6hmbwTIiTXpid+ochuc7JCuRs2LMuvLVS33cG70gvHC07s2FuBN
hUgKCY50gYbGzs4v6C0SSTpv+G5kMSX5xQh8d4Ss6Dbe2EMIrwlkuEAj1xPhYOd6
L8cE/j/G2vMkT3NLaFoWXliaTn1xsQtlVlTjhg/8tqH10acWY0R4ei3Mj6slp2cy
8r43DocE8tvORmKER1XOQDIuuWFA+Xy/ffGPQTvcs8MqZUV5if4ei06vYDURAcoj
KgVbUd4k0ej0DHgh22QGrlcKUH6/7300kROwNvt3EpKXXWPJoASi6iXqPm8=
-----END CERTIFICATE-----