Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/119594d3-1a17-4118-856d-889f2bef824e.roa
File:                     119594d3-1a17-4118-856d-889f2bef824e.roa (raw, json)
Hash identifier:          l0c+p1UGTLbW0dbV5NPAznV2GO3+DL1OXxPKI70dBR8=
Subject key identifier:   CB:0A:0E:D0:5E:B2:6D:54:F0:34:4C:7C:AF:45:42:22:3F:60:D3:AF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       358E2D45233F3836826E49AAD8298192A7E90725
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/119594d3-1a17-4118-856d-889f2bef824e.roa
Signing time:             Mon 06 Oct 2025 16:21:12 +0000
ROA not before:           Mon 06 Oct 2025 16:21:12 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        5.174.168.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:8e:2d:45:23:3f:38:36:82:6e:49:aa:d8:29:81:92:a7:e9:07:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 16:21:12 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=defac112b9b8ce56429469bfeb2680a6b7fee1519d5145add3d666b7e8ecd8e7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d2:b1:db:51:89:96:23:b9:8f:da:5e:26:19:
                    df:7a:41:5d:e0:3e:13:aa:55:0c:02:8b:70:dd:5f:
                    b7:1a:d1:33:d1:31:4b:1a:ef:c6:36:38:22:37:6a:
                    f3:0b:9b:30:38:f4:ab:7e:a0:fb:78:7f:70:b8:88:
                    7d:01:24:f8:04:5d:2c:65:cc:6f:e7:00:f1:b2:2b:
                    3f:3a:74:c1:2f:4b:5e:6a:90:e3:a6:a4:f7:e9:56:
                    a1:d4:c2:16:d7:25:74:ce:a8:d1:88:33:f4:f6:d1:
                    5c:88:64:3b:aa:23:30:51:32:38:b5:a7:9d:2d:4d:
                    32:18:13:6e:0b:68:93:a4:dc:ef:90:9c:2a:33:25:
                    02:e9:4c:6c:51:b9:bc:b1:da:4c:28:09:91:46:51:
                    19:8f:df:0a:92:1f:32:ea:d2:20:1b:c3:29:21:c0:
                    01:52:d1:96:3d:f6:d3:1f:79:7d:63:a3:2e:c2:97:
                    52:98:be:a2:40:02:56:92:31:ee:0d:52:99:d7:d7:
                    4d:4f:d0:51:36:03:4b:4c:6c:ba:60:fe:5a:fb:0f:
                    f9:69:56:29:b2:11:cd:77:98:43:66:bd:f6:cf:b9:
                    2a:a9:d7:d1:83:00:4f:1a:92:b8:3b:30:77:65:03:
                    b6:bb:b3:ee:8a:92:92:25:23:a0:b3:6a:86:4f:24:
                    01:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:0A:0E:D0:5E:B2:6D:54:F0:34:4C:7C:AF:45:42:22:3F:60:D3:AF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/119594d3-1a17-4118-856d-889f2bef824e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.174.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8c:af:6c:c6:ed:a2:78:11:8f:eb:dc:57:88:e5:a0:98:5c:f9:
         cf:ff:60:e7:3d:21:9d:70:b5:d1:28:1f:6b:19:98:28:7b:e5:
         72:d2:3c:28:6e:9f:e3:37:69:43:20:99:1c:87:53:6b:a2:dd:
         0b:75:86:57:15:fd:f7:ee:2d:2c:a0:c0:fc:2f:c7:aa:50:c8:
         7c:49:f4:be:e8:bd:f0:2f:82:b9:97:81:fc:ba:3b:07:3f:7e:
         de:1c:7a:64:83:1c:d0:0c:d2:cb:f8:27:80:f8:62:a5:c7:f1:
         45:49:1d:a6:40:35:ba:a6:8e:7c:9b:8b:2f:c2:c6:00:ed:d6:
         59:1d:b8:21:95:51:c1:02:96:4b:06:07:8c:a1:2e:ed:df:04:
         24:2e:72:02:6d:12:8c:2f:cb:dd:c5:b0:ac:e9:07:da:37:22:
         96:96:09:ae:03:e3:86:c8:fd:a9:19:82:1a:02:60:69:fb:8c:
         49:27:f5:d4:ca:ef:32:f3:30:84:ad:a5:c5:7a:c3:4f:eb:8a:
         89:eb:4d:d2:34:b3:19:2f:78:83:a8:10:e7:41:57:e5:58:d3:
         a5:dd:4e:d1:c8:2f:86:34:45:89:58:c5:12:34:a0:c8:d3:29:
         73:52:9e:fc:e3:dc:cd:f6:fd:42:6b:38:04:f4:00:89:d6:2a:
         c8:60:c2:91
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNY4tRSM/ODaCbkmq2CmBkqfpByUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTYyMTEyWhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BkZWZhYzExMmI5YjhjZTU2NDI5NDY5YmZlYjI2ODBhNmI3
ZmVlMTUxOWQ1MTQ1YWRkM2Q2NjZiN2U4ZWNkOGU3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDK0rHbUYmWI7mP2l4mGd96QV3gPhOqVQwCi3DdX7ca0TPR
MUsa78Y2OCI3avMLmzA49Kt+oPt4f3C4iH0BJPgEXSxlzG/nAPGyKz86dMEvS15q
kOOmpPfpVqHUwhbXJXTOqNGIM/T20VyIZDuqIzBRMji1p50tTTIYE24LaJOk3O+Q
nCozJQLpTGxRubyx2kwoCZFGURmP3wqSHzLq0iAbwykhwAFS0ZY99tMfeX1joy7C
l1KYvqJAAlaSMe4NUpnX101P0FE2A0tMbLpg/lr7D/lpVimyEc13mENmvfbPuSqp
19GDAE8akrg7MHdlA7a7s+6KkpIlI6CzaoZPJAGzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUywoO0F6ybVTwNEx8r0VCIj9g068wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzExOTU5NGQzLTFhMTctNDExOC04NTZkLTg4OWYyYmVmODI0ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMFrqgwDQYJKoZIhvcNAQELBQADggEBAIyvbMbtongRj+vcV4jloJhc+c//
YOc9IZ1wtdEoH2sZmCh75XLSPChun+M3aUMgmRyHU2ui3Qt1hlcV/ffuLSygwPwv
x6pQyHxJ9L7ovfAvgrmXgfy6Owc/ft4cemSDHNAM0sv4J4D4YqXH8UVJHaZANbqm
jnybiy/CxgDt1lkduCGVUcEClksGB4yhLu3fBCQucgJtEowvy93FsKzpB9o3IpaW
Ca4D44bI/akZghoCYGn7jEkn9dTK7zLzMIStpcV6w0/rionrTdI0sxkveIOoEOdB
V+VY06XdTtHIL4Y0RYlYxRI0oMjTKXNSnvzj3M32/UJrOAT0AInWKshgwpE=
-----END CERTIFICATE-----