Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2dcdf7b8-72bb-4ccf-a4ea-1fa6f7149b11.roa
File:                     2dcdf7b8-72bb-4ccf-a4ea-1fa6f7149b11.roa (raw, json)
Hash identifier:          5QhJxw3or7j0ASKbhTwcFuAv743Gy7Lg/QXQ9rDiHHs=
Subject key identifier:   A2:36:4E:70:FA:95:35:C5:1C:8A:A7:09:DF:C8:F0:1E:56:B2:20:BC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1B832ECE6B11CB92B3E9FE0681340DF405BB56F6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2dcdf7b8-72bb-4ccf-a4ea-1fa6f7149b11.roa
Signing time:             Fri 26 Sep 2025 00:01:39 +0000
ROA not before:           Fri 26 Sep 2025 00:01:39 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        122.200.56.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:83:2e:ce:6b:11:cb:92:b3:e9:fe:06:81:34:0d:f4:05:bb:56:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 26 00:01:39 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=219c85ce7c78ea72b908741df69d05ab57f1ef71358a3f4e6df0aa0c07e3a272, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:ad:09:4d:5c:bd:10:40:8f:5b:2c:09:44:16:
                    56:14:c1:36:b8:63:e3:1d:8f:c3:2c:cd:da:ce:92:
                    1d:57:71:d5:f4:01:ec:38:eb:c2:92:b3:87:e6:79:
                    2e:45:c1:39:81:e5:b6:2a:48:1c:f2:dc:db:a5:04:
                    bb:91:c1:74:3c:ed:ca:10:f1:46:af:70:8e:82:e5:
                    dd:90:6e:ee:3a:ef:47:49:77:2e:b7:c9:a0:30:4a:
                    e4:5d:d7:4a:4e:cc:85:88:3e:39:94:73:9c:63:78:
                    88:3e:d7:97:57:14:b2:76:a1:60:cf:99:c5:9a:06:
                    a5:70:bf:da:28:13:f2:e2:7b:38:bd:bb:78:23:4d:
                    42:13:27:61:f0:5a:9b:84:6a:6e:44:38:e5:a0:06:
                    68:b3:3e:91:cc:97:d3:eb:28:6e:d0:c1:e6:a0:e9:
                    23:b0:66:9d:7e:0a:58:76:f0:39:38:cb:48:08:02:
                    76:54:77:ed:77:c3:f9:07:87:7c:37:04:74:f1:ad:
                    38:06:df:38:3b:6f:40:ba:33:53:ed:2a:b8:3c:43:
                    f4:3a:05:65:98:8d:14:33:db:f3:ec:82:2f:10:c6:
                    3c:13:20:e5:6c:23:86:25:27:69:45:72:8e:ca:1e:
                    52:3a:54:ed:9b:80:9b:a7:9b:95:60:71:9a:ef:f9:
                    97:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:36:4E:70:FA:95:35:C5:1C:8A:A7:09:DF:C8:F0:1E:56:B2:20:BC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2dcdf7b8-72bb-4ccf-a4ea-1fa6f7149b11.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  122.200.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:31:4d:41:d7:64:ba:b6:bb:10:04:0a:8d:7a:53:0c:a3:9f:
         05:43:4a:51:41:9f:60:95:15:8f:b9:f6:fc:dc:d6:46:55:ca:
         1c:10:c5:c0:10:a3:84:1f:1b:1e:ef:a4:3c:32:45:31:80:4d:
         9a:4c:1c:f7:51:9c:15:9e:e4:90:ef:f2:6b:5a:89:a9:42:40:
         1c:0f:f5:f6:a7:20:b5:6b:cb:87:3a:d5:c8:a1:8c:5f:87:a8:
         25:18:2e:11:78:b7:17:e5:9b:0b:e5:28:f8:05:32:6c:af:f3:
         b0:53:ae:96:be:d7:3e:91:4e:d6:66:bb:df:3b:24:b8:08:69:
         2d:3a:1f:e0:6d:88:87:9e:01:1a:38:2b:e2:41:b5:15:8c:1e:
         05:87:f7:6f:29:71:6c:e6:ff:9b:55:78:af:1a:3e:42:f4:6d:
         25:ac:26:57:17:9a:f2:e5:f3:ea:60:51:18:e0:22:78:b4:d7:
         6b:cc:7a:f2:d2:de:00:60:25:d9:6b:64:e1:68:69:a6:14:c7:
         e3:d3:31:34:cc:9b:9e:cc:5a:85:51:e6:4d:6c:a0:35:ff:48:
         87:a3:d7:66:5f:5d:9f:b2:bb:06:fa:f7:2e:b6:07:db:e3:80:
         db:a8:a5:57:42:23:0f:cf:2a:d7:1b:36:43:32:60:04:0a:de:
         c7:68:de:18
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUG4MuzmsRy5Kz6f4GgTQN9AW7VvYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI2MDAwMTM5WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMTljODVjZTdjNzhlYTcyYjkwODc0MWRmNjlkMDVhYjU3
ZjFlZjcxMzU4YTNmNGU2ZGYwYWEwYzA3ZTNhMjcyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTrQlNXL0QQI9bLAlEFlYUwTa4Y+Mdj8MszdrOkh1XcdX0
Aew468KSs4fmeS5FwTmB5bYqSBzy3NulBLuRwXQ87coQ8UavcI6C5d2Qbu4670dJ
dy63yaAwSuRd10pOzIWIPjmUc5xjeIg+15dXFLJ2oWDPmcWaBqVwv9ooE/Liezi9
u3gjTUITJ2HwWpuEam5EOOWgBmizPpHMl9PrKG7Qweag6SOwZp1+Clh28Dk4y0gI
AnZUd+13w/kHh3w3BHTxrTgG3zg7b0C6M1PtKrg8Q/Q6BWWYjRQz2/Psgi8QxjwT
IOVsI4YlJ2lFco7KHlI6VO2bgJunm5VgcZrv+ZcdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUojZOcPqVNcUciqcJ38jwHlayILwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJkY2RmN2I4LTcyYmItNGNjZi1hNGVhLTFmYTZmNzE0OWIxMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAF6yDgwDQYJKoZIhvcNAQELBQADggEBAJAxTUHXZLq2uxAECo16UwyjnwVD
SlFBn2CVFY+59vzc1kZVyhwQxcAQo4QfGx7vpDwyRTGATZpMHPdRnBWe5JDv8mta
ialCQBwP9fanILVry4c61cihjF+HqCUYLhF4txflmwvlKPgFMmyv87BTrpa+1z6R
TtZmu987JLgIaS06H+BtiIeeARo4K+JBtRWMHgWH928pcWzm/5tVeK8aPkL0bSWs
JlcXmvLl8+pgURjgIni012vMevLS3gBgJdlrZOFoaaYUx+PTMTTMm57MWoVR5k1s
oDX/SIej12ZfXZ+yuwb69y62B9vjgNuopVdCIw/PKtcbNkMyYAQK3sdo3hg=
-----END CERTIFICATE-----