Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fcf3ad48-0d1f-4ba4-87d3-c4086df92e62.roa
File:                     fcf3ad48-0d1f-4ba4-87d3-c4086df92e62.roa (raw, json)
Hash identifier:          XvYaS9zA8+ek2VJTMBFybFPxuH1vtTH/wzCbHxfaALM=
Subject key identifier:   DA:D3:D4:BB:66:CD:49:88:C0:D8:67:DD:4F:E2:CD:67:B0:2C:04:FF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2090325B9B047B88F71465AAA9EF292A20E67915
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fcf3ad48-0d1f-4ba4-87d3-c4086df92e62.roa
Signing time:             Wed 05 Nov 2025 00:20:08 +0000
ROA not before:           Wed 05 Nov 2025 00:20:08 +0000
ROA not after:            Wed 10 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        115.177.128.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:90:32:5b:9b:04:7b:88:f7:14:65:aa:a9:ef:29:2a:20:e6:79:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  5 00:20:08 2025 GMT
            Not After : Dec 10 23:59:59 2025 GMT
        Subject: serialNumber=6027cd0900e49b3624fed3adae0214c329a7cc3f6018d8d28bde5772c140c313, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:68:3b:5d:0b:70:14:94:ad:34:9a:c2:50:9f:
                    f5:b9:4d:10:54:78:41:46:0b:4d:65:a3:a7:8d:92:
                    ac:9b:22:ef:26:d4:9a:04:ad:bf:cf:e9:ef:34:b1:
                    40:b4:1f:84:d5:e7:00:5c:ad:9a:66:3b:d6:13:16:
                    bc:c5:28:da:80:e4:fc:da:02:6b:81:4b:b3:8f:50:
                    26:a1:93:aa:81:92:95:af:b7:28:e1:86:16:e1:dd:
                    f7:bc:97:f6:28:2f:bb:c9:c0:30:a1:9c:76:ee:8d:
                    57:6f:24:d8:0d:21:74:b6:ec:b3:ad:2c:bb:78:c4:
                    f1:12:8e:b7:89:f2:a1:1f:21:3a:56:d0:29:1d:02:
                    9d:b1:cc:bf:85:77:c7:26:36:b4:18:ca:13:1c:6f:
                    a3:98:40:c5:6b:18:98:2f:75:19:39:2a:7b:25:34:
                    6c:6e:6c:2c:da:f1:a4:dd:4e:2e:db:e5:d5:e1:49:
                    fe:db:06:4f:00:dd:fe:51:04:40:2a:07:ce:c7:60:
                    c2:65:82:3a:60:4c:4e:63:4c:eb:cd:07:38:27:2b:
                    4a:d7:c1:cb:3c:88:5b:cf:85:b8:af:05:d4:32:a3:
                    30:de:9a:80:5a:0d:31:57:2b:a7:47:3b:b1:6a:0e:
                    1f:3a:ae:ce:a1:d0:53:b8:db:9a:8e:c0:4e:70:c6:
                    ba:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:D3:D4:BB:66:CD:49:88:C0:D8:67:DD:4F:E2:CD:67:B0:2C:04:FF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fcf3ad48-0d1f-4ba4-87d3-c4086df92e62.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  115.177.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         63:69:d7:d9:35:38:19:5d:2f:b7:f1:a5:04:85:47:fe:40:12:
         54:f4:4d:64:81:79:7c:59:6c:73:5a:a7:6c:34:99:8c:05:e5:
         08:da:96:50:c9:81:fb:1e:57:3c:ae:55:7b:7b:76:52:2d:fe:
         6c:33:14:fe:2d:de:2e:01:2f:64:c0:92:1d:83:af:a6:55:45:
         c1:9b:b2:40:b3:eb:34:d2:95:c5:c9:72:0a:44:03:f6:a5:3b:
         13:70:59:56:c9:af:58:af:73:fe:ce:c1:05:7c:f5:70:7b:1e:
         43:45:1d:8f:33:62:c4:ea:96:37:01:21:ef:65:b1:f7:fb:79:
         97:12:6d:c3:f8:22:f1:56:82:17:db:3a:0c:fa:53:f6:07:5a:
         5c:11:7d:6a:ee:0f:c7:fa:8c:6c:36:e9:d1:f3:e3:22:c6:cd:
         48:a7:66:32:18:9d:88:97:b7:c5:b7:49:38:b0:3d:a8:94:87:
         05:e6:59:09:8c:23:ff:1b:39:99:e9:77:6d:3a:76:44:3c:7c:
         aa:99:d1:00:e9:fe:0b:53:d1:73:34:39:be:62:07:33:3e:ad:
         fb:9b:d3:30:d2:fe:fe:da:53:6b:47:ee:52:c1:b9:2a:c6:d7:
         28:23:c2:78:fd:12:66:66:13:8a:08:be:c0:fd:b5:63:b5:64:
         e2:31:1c:16
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIJAyW5sEe4j3FGWqqe8pKiDmeRUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA1MDAyMDA4WhcNMjUxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MDI3Y2QwOTAwZTQ5YjM2MjRmZWQzYWRhZTAyMTRjMzI5
YTdjYzNmNjAxOGQ4ZDI4YmRlNTc3MmMxNDBjMzEzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD1aDtdC3AUlK00msJQn/W5TRBUeEFGC01lo6eNkqybIu8m
1JoErb/P6e80sUC0H4TV5wBcrZpmO9YTFrzFKNqA5PzaAmuBS7OPUCahk6qBkpWv
tyjhhhbh3fe8l/YoL7vJwDChnHbujVdvJNgNIXS27LOtLLt4xPESjreJ8qEfITpW
0CkdAp2xzL+Fd8cmNrQYyhMcb6OYQMVrGJgvdRk5KnslNGxubCza8aTdTi7b5dXh
Sf7bBk8A3f5RBEAqB87HYMJlgjpgTE5jTOvNBzgnK0rXwcs8iFvPhbivBdQyozDe
moBaDTFXK6dHO7FqDh86rs6h0FO425qOwE5wxroFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2tPUu2bNSYjA2GfdT+LNZ7AsBP8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZjZjNhZDQ4LTBkMWYtNGJhNC04N2QzLWM0MDg2ZGY5MmU2Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZzsYAwDQYJKoZIhvcNAQELBQADggEBAGNp19k1OBldL7fxpQSFR/5AElT0
TWSBeXxZbHNap2w0mYwF5QjallDJgfseVzyuVXt7dlIt/mwzFP4t3i4BL2TAkh2D
r6ZVRcGbskCz6zTSlcXJcgpEA/alOxNwWVbJr1ivc/7OwQV89XB7HkNFHY8zYsTq
ljcBIe9lsff7eZcSbcP4IvFWghfbOgz6U/YHWlwRfWruD8f6jGw26dHz4yLGzUin
ZjIYnYiXt8W3STiwPaiUhwXmWQmMI/8bOZnpd206dkQ8fKqZ0QDp/gtT0XM0Ob5i
BzM+rfub0zDS/v7aU2tH7lLBuSrG1ygjwnj9EmZmE4oIvsD9tWO1ZOIxHBY=
-----END CERTIFICATE-----