Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a53faf94-0ead-4217-83a1-8cea694483a0.roa
File:                     a53faf94-0ead-4217-83a1-8cea694483a0.roa (raw, json)
Hash identifier:          aiSGL5KFZAZt4vZmZaDgPsAw3tvcx5zUc3oFP5WniSw=
Subject key identifier:   6F:F5:FB:BE:8A:DC:4B:12:70:E6:47:E0:94:45:0A:45:97:51:1A:4A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       372238DBE3FAE4563E4CEF6453E667F1EAABC285
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a53faf94-0ead-4217-83a1-8cea694483a0.roa
Signing time:             Sat 18 Oct 2025 00:10:05 +0000
ROA not before:           Sat 18 Oct 2025 00:10:05 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        121.91.198.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:22:38:db:e3:fa:e4:56:3e:4c:ef:64:53:e6:67:f1:ea:ab:c2:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 00:10:05 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=964c0e2ba8d01a15f3b2a79b16b2ae3519e8f463f9fd8c12add6b8410d63096e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:52:87:d3:6f:66:e4:c2:0a:fc:c0:73:44:2f:
                    fe:e1:c2:f1:3b:91:74:b9:0b:39:63:68:74:29:bb:
                    e1:cb:f5:1a:c8:9a:75:cd:6b:04:c2:32:91:ef:3c:
                    e6:56:de:54:ee:11:20:6d:50:22:ba:f3:f5:9e:bb:
                    9b:cb:7c:69:09:52:9b:d6:6a:7a:49:ef:14:c2:35:
                    86:f8:fc:78:19:f0:b4:49:d5:9c:fa:62:21:33:51:
                    fb:44:c5:33:46:e9:59:8a:96:2e:ec:af:c3:26:26:
                    04:32:7e:b7:73:b8:d0:77:e6:af:e3:fb:c7:5c:fa:
                    3d:e9:74:b6:80:d0:1a:fb:13:78:a3:27:8a:3d:ca:
                    5e:ac:01:6e:80:7e:7d:f0:c5:4d:f1:6f:0d:e5:43:
                    f0:16:80:df:da:3b:4b:0b:3f:37:0b:5b:62:7c:22:
                    ec:31:a4:69:cc:c1:67:39:48:6a:b0:f5:97:d1:0c:
                    b2:fa:00:fd:b0:58:f5:d9:dc:68:62:9d:ad:42:2a:
                    88:de:c3:e2:45:e7:a2:13:bf:46:71:cc:e5:bc:1c:
                    56:69:86:09:53:7a:b5:55:9a:25:9a:79:e3:f8:4f:
                    91:00:e7:97:47:89:24:cd:54:d6:fa:4a:7d:62:73:
                    7c:37:21:1e:31:eb:d3:ae:df:ba:3c:dc:36:6e:d9:
                    f0:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:F5:FB:BE:8A:DC:4B:12:70:E6:47:E0:94:45:0A:45:97:51:1A:4A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a53faf94-0ead-4217-83a1-8cea694483a0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  121.91.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:04:ef:a9:e1:b3:61:92:6d:a0:c1:22:8d:d8:41:3d:e0:a7:
         74:17:4a:14:cc:06:ca:d6:81:0a:98:2d:71:dd:f8:8f:3a:66:
         0e:c2:17:d6:e5:25:88:a3:cb:e1:ad:4c:a6:9c:ea:54:2f:a2:
         65:c5:14:e1:08:ef:04:16:b5:15:18:50:72:b1:5e:22:66:85:
         33:29:c0:5c:19:56:b3:f9:e8:80:95:c1:cc:ae:04:90:5d:99:
         33:32:41:92:ea:d7:fa:b7:2a:4a:8d:ac:f0:48:fc:32:1b:a8:
         c9:5e:86:1b:f1:59:45:ae:4e:9c:8e:31:b2:52:9d:3d:f1:91:
         52:1f:9d:f0:ac:84:73:67:7f:ee:da:1c:be:2b:c2:f9:b9:66:
         e0:73:cf:f5:60:09:76:2e:c0:39:cb:44:42:83:0e:f1:74:f3:
         e6:e0:0a:f4:ba:ab:52:41:ea:9f:bf:d2:7f:55:3f:41:68:9b:
         56:75:73:d9:36:1b:05:22:ae:72:1c:a9:20:58:a3:24:74:e1:
         21:e6:9c:cf:0a:85:b6:53:1a:c0:58:6a:d7:eb:59:67:42:aa:
         32:d1:b7:da:56:e4:a5:77:d2:03:65:f4:60:ef:21:aa:85:c4:
         98:e8:ff:34:fc:b0:a8:47:37:18:0b:a0:69:96:d9:2e:76:9e:
         3f:f8:05:f5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNyI42+P65FY+TO9kU+Zn8eqrwoUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDAxMDA1WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NjRjMGUyYmE4ZDAxYTE1ZjNiMmE3OWIxNmIyYWUzNTE5
ZThmNDYzZjlmZDhjMTJhZGQ2Yjg0MTBkNjMwOTZlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCUofTb2bkwgr8wHNEL/7hwvE7kXS5CzljaHQpu+HL9RrI
mnXNawTCMpHvPOZW3lTuESBtUCK68/Weu5vLfGkJUpvWanpJ7xTCNYb4/HgZ8LRJ
1Zz6YiEzUftExTNG6VmKli7sr8MmJgQyfrdzuNB35q/j+8dc+j3pdLaA0Br7E3ij
J4o9yl6sAW6Afn3wxU3xbw3lQ/AWgN/aO0sLPzcLW2J8IuwxpGnMwWc5SGqw9ZfR
DLL6AP2wWPXZ3Ghina1CKojew+JF56ITv0ZxzOW8HFZphglTerVVmiWaeeP4T5EA
55dHiSTNVNb6Sn1ic3w3IR4x69Ou37o83DZu2fARAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUb/X7vorcSxJw5kfglEUKRZdRGkowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E1M2ZhZjk0LTBlYWQtNDIxNy04M2ExLThjZWE2OTQ0ODNhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAB5W8YwDQYJKoZIhvcNAQELBQADggEBAAEE76nhs2GSbaDBIo3YQT3gp3QX
ShTMBsrWgQqYLXHd+I86Zg7CF9blJYijy+GtTKac6lQvomXFFOEI7wQWtRUYUHKx
XiJmhTMpwFwZVrP56ICVwcyuBJBdmTMyQZLq1/q3KkqNrPBI/DIbqMlehhvxWUWu
TpyOMbJSnT3xkVIfnfCshHNnf+7aHL4rwvm5ZuBzz/VgCXYuwDnLREKDDvF08+bg
CvS6q1JB6p+/0n9VP0Fom1Z1c9k2GwUirnIcqSBYoyR04SHmnM8KhbZTGsBYatfr
WWdCqjLRt9pW5KV30gNl9GDvIaqFxJjo/zT8sKhHNxgLoGmW2S52nj/4BfU=
-----END CERTIFICATE-----