Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5e8a746b-196e-4958-804c-1ff8ad621b8e.roa
File:                     5e8a746b-196e-4958-804c-1ff8ad621b8e.roa (raw, json)
Hash identifier:          4Q7u0t56Yx1UCOns0viRiahlqExqAQfWhB4Dm+d69ZU=
Subject key identifier:   93:08:0C:4D:19:40:7D:9E:05:17:BF:79:4E:2B:BA:61:F4:1B:EC:90
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       72FD154EB0FC67A05DB6D267A1E296064A0BDDF4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5e8a746b-196e-4958-804c-1ff8ad621b8e.roa
Signing time:             Sat 11 Oct 2025 00:21:16 +0000
ROA not before:           Sat 11 Oct 2025 00:21:16 +0000
ROA not after:            Sat 15 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        121.95.128.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:fd:15:4e:b0:fc:67:a0:5d:b6:d2:67:a1:e2:96:06:4a:0b:dd:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 11 00:21:16 2025 GMT
            Not After : Nov 15 23:59:59 2025 GMT
        Subject: serialNumber=3007035dae46ca598e60a0c5c55354d5ba5064192b715f2c1893187646da08c7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:13:da:5c:29:ce:0e:67:a8:6a:04:f6:21:5e:
                    10:42:e8:ee:84:b7:bc:88:2c:bc:e9:77:21:3a:79:
                    1a:cd:f2:54:83:a9:b0:a1:f8:72:d2:73:a3:dd:d2:
                    ab:51:1f:d7:fb:87:15:43:d1:89:e2:6e:75:fa:9a:
                    68:3f:d4:da:88:07:8e:6b:b4:f7:5e:b3:40:0d:34:
                    c5:82:be:16:c0:bd:6c:ee:43:f9:2c:4e:ee:e3:22:
                    c1:10:7a:34:84:32:45:cf:06:47:ef:88:52:83:dd:
                    fb:48:31:04:ac:a3:26:41:f5:88:01:d7:75:c9:4b:
                    bd:d4:54:48:41:28:0e:58:ab:4f:eb:85:c5:1d:7f:
                    c4:1e:16:59:e3:c0:e3:8e:c5:89:39:98:6f:b3:5b:
                    68:6f:03:6e:23:8d:59:d0:ba:36:d7:fd:3a:1e:51:
                    1d:8c:99:1d:00:c2:97:d2:89:0d:c8:6a:02:96:8e:
                    4e:3e:6a:9e:f7:f5:9c:b6:bf:c6:f6:1f:96:de:db:
                    68:7b:14:97:57:dd:74:92:f3:1e:ee:3b:e8:1f:cb:
                    c3:f4:81:61:dd:c0:e0:0b:34:d4:87:da:76:df:28:
                    34:3b:14:30:5b:1b:8e:93:89:d0:77:74:41:c9:fc:
                    3f:a1:78:57:c8:da:05:7e:69:97:c5:ba:c4:62:ab:
                    ec:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:08:0C:4D:19:40:7D:9E:05:17:BF:79:4E:2B:BA:61:F4:1B:EC:90
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5e8a746b-196e-4958-804c-1ff8ad621b8e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  121.95.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         66:e1:4f:4b:d5:c0:13:2e:7b:c9:18:27:3e:a3:f6:52:fd:f7:
         5c:5e:b6:19:6e:71:18:8e:8b:bc:64:00:89:de:01:99:24:2e:
         51:ba:b4:65:64:f1:9b:5b:26:dd:10:2f:33:be:dc:34:a6:84:
         61:33:9e:6b:04:cc:77:3f:51:f6:24:18:3f:f1:02:70:b0:3f:
         24:e7:2b:36:fc:63:4e:01:08:89:e9:ad:f3:72:98:c2:90:06:
         f5:4b:f9:b1:4e:24:9e:8a:d2:f7:97:8c:0d:89:66:6c:02:bd:
         14:ac:07:3b:cd:00:45:e5:cb:9f:a8:89:af:4e:4a:a1:00:19:
         bb:7c:51:7a:ba:4d:92:1e:11:0f:9a:b4:14:44:d1:3c:68:24:
         a9:9b:b7:bf:e0:2d:00:19:ec:bf:3c:7c:06:1b:da:d3:bf:42:
         ad:59:02:34:90:14:03:13:b7:34:21:26:47:0b:61:cf:e3:1b:
         92:81:3b:39:6f:b6:95:bb:6c:e1:11:e5:23:15:49:f9:5f:32:
         a1:55:12:26:25:13:ed:12:2b:01:77:94:79:74:c3:11:f1:5b:
         cd:ab:81:79:18:42:9a:26:6e:79:52:50:d1:6b:4c:eb:e3:b4:
         99:6f:ca:93:45:7b:73:7a:16:7a:a6:97:23:3e:3f:59:37:c9:
         95:88:f1:e5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcv0VTrD8Z6BdttJnoeKWBkoL3fQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDExMDAyMTE2WhcNMjUxMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMDA3MDM1ZGFlNDZjYTU5OGU2MGEwYzVjNTUzNTRkNWJh
NTA2NDE5MmI3MTVmMmMxODkzMTg3NjQ2ZGEwOGM3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClE9pcKc4OZ6hqBPYhXhBC6O6Et7yILLzpdyE6eRrN8lSD
qbCh+HLSc6Pd0qtRH9f7hxVD0YnibnX6mmg/1NqIB45rtPdes0ANNMWCvhbAvWzu
Q/ksTu7jIsEQejSEMkXPBkfviFKD3ftIMQSsoyZB9YgB13XJS73UVEhBKA5Yq0/r
hcUdf8QeFlnjwOOOxYk5mG+zW2hvA24jjVnQujbX/ToeUR2MmR0AwpfSiQ3IagKW
jk4+ap739Zy2v8b2H5be22h7FJdX3XSS8x7uO+gfy8P0gWHdwOALNNSH2nbfKDQ7
FDBbG46TidB3dEHJ/D+heFfI2gV+aZfFusRiq+zLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkwgMTRlAfZ4FF795Tiu6YfQb7JAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVlOGE3NDZiLTE5NmUtNDk1OC04MDRjLTFmZjhhZDYyMWI4ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAd5X4AwDQYJKoZIhvcNAQELBQADggEBAGbhT0vVwBMue8kYJz6j9lL991xe
thlucRiOi7xkAIneAZkkLlG6tGVk8ZtbJt0QLzO+3DSmhGEznmsEzHc/UfYkGD/x
AnCwPyTnKzb8Y04BCInprfNymMKQBvVL+bFOJJ6K0veXjA2JZmwCvRSsBzvNAEXl
y5+oia9OSqEAGbt8UXq6TZIeEQ+atBRE0TxoJKmbt7/gLQAZ7L88fAYb2tO/Qq1Z
AjSQFAMTtzQhJkcLYc/jG5KBOzlvtpW7bOER5SMVSflfMqFVEiYlE+0SKwF3lHl0
wxHxW82rgXkYQpombnlSUNFrTOvjtJlvypNFe3N6FnqmlyM+P1k3yZWI8eU=
-----END CERTIFICATE-----