Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8469210f-a38a-4fc9-9e32-10f79df8ee72.roa
File:                     8469210f-a38a-4fc9-9e32-10f79df8ee72.roa (raw, json)
Hash identifier:          JMEPk3xYvORi22z9JA9+SnOy5z2/bUOBIi7kkvMplUw=
Subject key identifier:   67:BE:26:F5:23:13:4B:1F:A4:8A:6C:55:54:6D:D0:74:AB:66:F2:FC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       301D9DA50BF6620B4102BD1B32A63DBBE4883E20
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8469210f-a38a-4fc9-9e32-10f79df8ee72.roa
Signing time:             Sat 11 Oct 2025 00:39:22 +0000
ROA not before:           Sat 11 Oct 2025 00:39:22 +0000
ROA not after:            Sat 15 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        203.110.200.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:1d:9d:a5:0b:f6:62:0b:41:02:bd:1b:32:a6:3d:bb:e4:88:3e:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 11 00:39:22 2025 GMT
            Not After : Nov 15 23:59:59 2025 GMT
        Subject: serialNumber=d0f19d3e82e31018ac3a9ec00feec721cf43f8241e1508b542c1b3218d4c103c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:c3:fb:aa:cc:f5:0c:41:3d:31:0e:f4:7c:5b:
                    52:a9:4b:05:96:be:40:ab:31:72:db:c2:57:26:4e:
                    9c:38:db:76:74:02:47:06:13:32:66:c1:2c:1b:3e:
                    5a:58:0a:3b:54:ce:f9:8a:97:44:bb:8f:df:9f:39:
                    8c:4f:e1:eb:a1:aa:b9:51:5c:5e:cb:f6:8f:96:24:
                    84:be:20:c0:e4:5c:32:69:66:52:49:59:fc:47:61:
                    8e:43:4c:aa:1c:08:8b:88:99:89:4c:d2:64:a6:7a:
                    0f:63:b2:04:d6:1d:31:c8:cf:ab:2d:3d:f1:35:4e:
                    c2:29:93:0f:c6:94:e1:55:04:d2:38:b6:58:b4:41:
                    d1:f5:64:70:b6:e6:b4:13:bf:e2:b1:92:e4:e4:dd:
                    bd:c9:c5:42:e9:09:00:0b:9a:8e:0a:26:50:42:ec:
                    4c:91:50:dd:e1:71:07:6e:9b:ca:19:30:7e:3b:11:
                    e6:a9:7c:4f:4d:67:59:ee:3c:b0:3a:de:5f:c2:ab:
                    3c:a9:76:59:1b:e6:0f:c0:f9:ea:9a:d0:07:54:44:
                    b3:49:07:94:eb:ff:d8:b9:f1:38:3c:90:ff:2f:d5:
                    40:40:a3:c2:e2:77:31:80:6f:7c:ad:19:9d:7a:33:
                    ca:16:62:1c:96:ba:38:39:4b:e9:81:b8:81:e8:9c:
                    b1:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:BE:26:F5:23:13:4B:1F:A4:8A:6C:55:54:6D:D0:74:AB:66:F2:FC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8469210f-a38a-4fc9-9e32-10f79df8ee72.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.110.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:ef:b3:80:51:5d:06:eb:75:30:73:b0:a4:55:88:07:a6:f0:
         81:d5:ed:d5:ea:e3:60:55:35:27:9d:39:b1:a4:2c:66:b4:be:
         34:f8:54:30:09:9c:de:4f:21:f2:3b:f7:4a:1d:94:ab:e5:f5:
         03:74:b7:6f:95:d0:08:bc:ed:f0:a4:d4:9b:54:e1:2a:c2:12:
         f9:73:09:8c:cb:99:5c:05:99:d3:15:cb:7e:32:bb:9b:69:52:
         66:e7:c1:d2:0c:15:9f:37:07:1a:03:98:9c:82:ac:7f:f2:0e:
         bf:3a:1e:71:f1:49:7f:3b:e9:8b:6a:12:d7:9f:76:a1:de:14:
         a7:77:c0:3f:1d:6b:28:be:44:d2:95:ad:c6:3c:a7:d2:fc:b8:
         c7:25:8d:61:0a:53:d1:55:13:ea:87:d7:11:24:ba:00:f3:21:
         e7:ac:48:1e:41:0a:c6:24:91:c1:2b:1b:69:8c:e0:d2:3e:47:
         fc:e7:44:75:b7:e4:2d:e1:4f:a9:b4:92:40:ce:85:ea:cb:d0:
         b1:0a:32:0e:0e:99:a8:66:0f:2a:0d:23:08:a5:88:db:87:ca:
         f7:92:d8:73:21:47:84:a8:39:da:16:91:0c:57:a7:8a:51:0d:
         58:67:69:f6:ec:53:ac:67:71:8c:69:14:8f:0d:b6:c1:7f:f0:
         ff:6e:67:96
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMB2dpQv2YgtBAr0bMqY9u+SIPiAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDExMDAzOTIyWhcNMjUxMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMGYxOWQzZTgyZTMxMDE4YWMzYTllYzAwZmVlYzcyMWNm
NDNmODI0MWUxNTA4YjU0MmMxYjMyMThkNGMxMDNjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCMw/uqzPUMQT0xDvR8W1KpSwWWvkCrMXLbwlcmTpw423Z0
AkcGEzJmwSwbPlpYCjtUzvmKl0S7j9+fOYxP4euhqrlRXF7L9o+WJIS+IMDkXDJp
ZlJJWfxHYY5DTKocCIuImYlM0mSmeg9jsgTWHTHIz6stPfE1TsIpkw/GlOFVBNI4
tli0QdH1ZHC25rQTv+KxkuTk3b3JxULpCQALmo4KJlBC7EyRUN3hcQdum8oZMH47
EeapfE9NZ1nuPLA63l/Cqzypdlkb5g/A+eqa0AdURLNJB5Tr/9i58Tg8kP8v1UBA
o8LidzGAb3ytGZ16M8oWYhyWujg5S+mBuIHonLGpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZ74m9SMTSx+kimxVVG3QdKtm8vwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg0NjkyMTBmLWEzOGEtNGZjOS05ZTMyLTEwZjc5ZGY4ZWU3Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADLbsgwDQYJKoZIhvcNAQELBQADggEBAKrvs4BRXQbrdTBzsKRViAem8IHV
7dXq42BVNSedObGkLGa0vjT4VDAJnN5PIfI790odlKvl9QN0t2+V0Ai87fCk1JtU
4SrCEvlzCYzLmVwFmdMVy34yu5tpUmbnwdIMFZ83BxoDmJyCrH/yDr86HnHxSX87
6YtqEtefdqHeFKd3wD8dayi+RNKVrcY8p9L8uMcljWEKU9FVE+qH1xEkugDzIees
SB5BCsYkkcErG2mM4NI+R/znRHW35C3hT6m0kkDOherL0LEKMg4OmahmDyoNIwil
iNuHyveS2HMhR4SoOdoWkQxXp4pRDVhnafbsU6xncYxpFI8NtsF/8P9uZ5Y=
-----END CERTIFICATE-----