Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3c60dda9-8882-487b-951b-14baa9359e8e.roa
File:                     3c60dda9-8882-487b-951b-14baa9359e8e.roa (raw, json)
Hash identifier:          PGXZtJH4P/w4lxm1Zza2eRa6uPUQ1pb/Pv59bBxukWU=
Subject key identifier:   37:6F:F0:A0:7A:F4:0C:DB:6E:28:33:1D:8F:FF:48:02:B0:55:5C:D7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       28E89D4A264AFA8F17211952007D1886501557C9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3c60dda9-8882-487b-951b-14baa9359e8e.roa
Signing time:             Sat 11 Oct 2025 00:21:19 +0000
ROA not before:           Sat 11 Oct 2025 00:21:19 +0000
ROA not after:            Sat 15 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        125.253.160.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:e8:9d:4a:26:4a:fa:8f:17:21:19:52:00:7d:18:86:50:15:57:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 11 00:21:19 2025 GMT
            Not After : Nov 15 23:59:59 2025 GMT
        Subject: serialNumber=903dc70f896c3b64ba744a48d18946752c349cb0e8f30dd376026a19d8a33dc9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:1e:6c:61:b0:d2:aa:25:fa:a3:a4:60:e3:38:
                    3b:32:59:78:03:f9:55:78:f2:26:3c:a9:3a:13:bb:
                    9a:a2:d4:ff:f8:16:71:03:f1:da:6b:f7:e8:b1:60:
                    44:ba:0c:eb:2e:87:16:75:f0:13:9a:47:7a:a9:50:
                    04:dc:3b:3e:2b:cd:ee:93:b2:2b:b2:63:0e:80:c0:
                    7d:59:49:d9:c1:f3:a9:c1:f4:2b:64:13:38:bf:be:
                    bb:25:a0:56:21:a4:cc:fc:d5:26:0a:70:89:d9:23:
                    71:d6:79:94:d9:c8:cb:13:45:cb:56:7f:62:75:94:
                    03:44:b3:57:7e:f2:5c:38:a9:82:9a:c6:15:8c:7e:
                    63:c4:bb:bf:90:1d:a7:cb:95:36:e2:ca:12:f2:7a:
                    53:38:c2:8d:7a:23:8a:a8:fa:7e:b1:54:3c:84:d1:
                    30:8e:60:29:1a:a9:c2:2e:f5:c3:f3:25:3f:62:cd:
                    8f:b5:65:27:02:ba:b0:f1:b5:82:1c:d8:cd:1c:b9:
                    68:87:76:08:27:ee:43:18:89:59:97:85:fc:2e:21:
                    f1:2f:ea:fa:c8:48:e0:7f:34:08:44:35:7e:ea:00:
                    76:bb:9b:a7:07:13:af:85:be:ca:17:f5:4a:0f:45:
                    15:0f:d6:c0:3a:05:af:d6:0e:a0:a6:f1:a8:bd:db:
                    ff:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:6F:F0:A0:7A:F4:0C:DB:6E:28:33:1D:8F:FF:48:02:B0:55:5C:D7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3c60dda9-8882-487b-951b-14baa9359e8e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  125.253.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         2e:08:52:85:b3:3e:36:d8:fb:fd:3e:06:90:6c:90:ca:82:9b:
         4f:5c:d7:95:2f:02:a8:a9:bd:4e:c7:b5:af:f4:e4:eb:d8:d6:
         cb:51:11:f1:1e:ea:d5:6b:eb:74:9e:9e:cf:cd:f1:e1:18:0a:
         a7:a9:a5:a1:2c:b8:a8:fd:c9:c0:85:bb:86:89:ae:7d:b8:11:
         0f:63:d0:db:fe:0f:8a:1d:11:86:82:3c:8b:30:79:8d:ab:92:
         dc:74:d5:76:da:40:f5:92:fa:63:58:7c:c9:99:e1:19:07:74:
         bd:b1:3f:5d:ba:19:c3:66:96:20:0d:42:35:2d:7c:e3:c7:49:
         4d:8f:ef:cd:b3:8b:cd:79:45:59:60:25:fa:43:51:ad:40:2e:
         6b:b4:df:f8:c0:8e:99:8a:19:9d:e2:58:ed:e6:07:53:e4:c4:
         67:90:bb:e8:69:2f:ac:64:d0:6f:ea:db:60:61:ec:f9:cf:92:
         2f:4c:f6:fc:d5:1e:e8:0b:ec:07:73:75:58:d2:ff:c1:fe:e6:
         62:d8:f5:b2:b9:89:b5:9f:b4:8c:b6:6f:51:41:11:c5:43:dd:
         fb:9d:7e:75:f6:66:93:73:50:58:3a:ef:2f:e1:03:2d:45:c0:
         43:ce:b8:b2:49:d5:d8:41:f7:31:c9:40:26:48:2f:8d:c0:a8:
         d1:3e:fd:57
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKOidSiZK+o8XIRlSAH0YhlAVV8kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDExMDAyMTE5WhcNMjUxMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MDNkYzcwZjg5NmMzYjY0YmE3NDRhNDhkMTg5NDY3NTJj
MzQ5Y2IwZThmMzBkZDM3NjAyNmExOWQ4YTMzZGM5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5HmxhsNKqJfqjpGDjODsyWXgD+VV48iY8qToTu5qi1P/4
FnED8dpr9+ixYES6DOsuhxZ18BOaR3qpUATcOz4rze6TsiuyYw6AwH1ZSdnB86nB
9CtkEzi/vrsloFYhpMz81SYKcInZI3HWeZTZyMsTRctWf2J1lANEs1d+8lw4qYKa
xhWMfmPEu7+QHafLlTbiyhLyelM4wo16I4qo+n6xVDyE0TCOYCkaqcIu9cPzJT9i
zY+1ZScCurDxtYIc2M0cuWiHdggn7kMYiVmXhfwuIfEv6vrISOB/NAhENX7qAHa7
m6cHE6+FvsoX9UoPRRUP1sA6Ba/WDqCm8ai92/8PAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUN2/woHr0DNtuKDMdj/9IArBVXNcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNjNjBkZGE5LTg4ODItNDg3Yi05NTFiLTE0YmFhOTM1OWU4ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAV9/aAwDQYJKoZIhvcNAQELBQADggEBAC4IUoWzPjbY+/0+BpBskMqCm09c
15UvAqipvU7Hta/05OvY1stREfEe6tVr63Sens/N8eEYCqeppaEsuKj9ycCFu4aJ
rn24EQ9j0Nv+D4odEYaCPIsweY2rktx01XbaQPWS+mNYfMmZ4RkHdL2xP126GcNm
liANQjUtfOPHSU2P782zi815RVlgJfpDUa1ALmu03/jAjpmKGZ3iWO3mB1PkxGeQ
u+hpL6xk0G/q22Bh7PnPki9M9vzVHugL7AdzdVjS/8H+5mLY9bK5ibWftIy2b1FB
EcVD3fudfnX2ZpNzUFg67y/hAy1FwEPOuLJJ1dhB9zHJQCZIL43AqNE+/Vc=
-----END CERTIFICATE-----