Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf6029c4-99f9-4ad6-ab7f-89d3b235b77d.roa
File:                     bf6029c4-99f9-4ad6-ab7f-89d3b235b77d.roa (raw, json)
Hash identifier:          sVdTPylv8oNBkjJ6WvMr58OoAZgfXo9v9QF2Wts+dQk=
Subject key identifier:   66:0A:6A:A8:AD:ED:A1:49:7E:1E:E3:8A:74:80:9C:ED:89:E6:9D:1F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2E16DE49C76729892D89574434E2588789E6CA0D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf6029c4-99f9-4ad6-ab7f-89d3b235b77d.roa
Signing time:             Sat 18 Oct 2025 03:30:13 +0000
ROA not before:           Sat 18 Oct 2025 03:30:13 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        123.200.242.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:16:de:49:c7:67:29:89:2d:89:57:44:34:e2:58:87:89:e6:ca:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 03:30:13 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=4d8d07a84c72a23f0ed82bfd0e62fd5b6b6d6cdeb31977163eaceb604aa9137d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:03:7c:b8:8d:cd:00:75:45:24:b0:f5:8f:1e:
                    20:fe:1b:61:83:df:f6:fb:6d:9c:a6:ce:fb:20:34:
                    23:6f:b9:9b:2f:51:74:55:92:b8:97:e9:19:a7:c7:
                    9e:76:cb:7b:59:9f:b7:a9:63:f3:cf:69:6e:ed:69:
                    7e:38:11:16:28:09:a0:56:15:98:fc:60:81:33:45:
                    e7:18:ca:5f:98:f5:60:dd:50:73:b5:18:c2:93:a3:
                    1c:cb:03:3b:5d:73:c6:c3:61:9e:49:af:86:11:f8:
                    e3:31:50:f1:71:31:b2:3b:4f:b3:6d:33:d9:e7:fe:
                    ee:d5:df:72:e7:2b:28:64:69:17:c4:5d:f2:de:e8:
                    22:ae:77:5a:54:94:bf:f0:0a:ff:d2:03:61:ac:49:
                    36:c3:f7:25:23:e4:1c:cc:dc:4d:38:72:52:93:ff:
                    0a:63:6e:eb:77:15:e3:09:19:92:c2:9b:69:26:44:
                    11:d1:ff:9a:8b:6d:04:5e:bb:9d:7a:aa:d9:a0:db:
                    6c:c4:0e:5c:bb:e7:ec:d8:b7:b7:66:e4:4d:ba:5a:
                    7e:b3:bc:47:e7:37:ae:57:30:e3:50:60:0a:35:50:
                    ff:f2:df:9b:6c:2e:72:f4:4b:5d:cf:be:76:da:2e:
                    05:8e:eb:75:e2:56:9e:fb:5b:3d:54:54:00:ed:e6:
                    07:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:0A:6A:A8:AD:ED:A1:49:7E:1E:E3:8A:74:80:9C:ED:89:E6:9D:1F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf6029c4-99f9-4ad6-ab7f-89d3b235b77d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  123.200.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b4:80:a7:73:6b:2b:cc:fe:ca:3d:7f:a4:37:2c:15:90:4d:47:
         46:c6:86:8f:08:f1:7d:14:be:c0:46:e0:18:f1:fe:f5:21:68:
         78:b9:40:20:87:dc:cb:8f:bb:44:7b:6c:a4:b2:0e:a1:36:3a:
         38:3e:d2:2d:69:97:48:42:84:35:7d:62:51:a4:f8:4b:9c:2d:
         97:1d:22:8f:88:c2:40:df:33:89:d1:c0:fd:04:8b:db:9f:e2:
         92:0c:51:2b:3e:ea:6c:00:d7:b0:17:43:c9:46:5a:58:e4:5e:
         6b:eb:4f:9b:90:d9:4a:58:0e:6e:ef:6a:9a:72:27:be:34:ab:
         39:a5:ec:4d:99:6f:49:f1:c2:31:53:13:b5:29:17:be:94:06:
         f9:ed:0b:2f:df:fb:33:ee:6f:20:24:7e:a4:45:d9:3d:d8:f6:
         f5:c2:8b:c5:41:54:8f:6d:61:10:1c:ce:3b:de:30:7d:42:c0:
         f4:c2:32:60:8c:03:20:12:9c:fb:1d:db:0c:c8:09:2c:81:2e:
         15:ba:18:95:4b:53:2b:2c:93:d4:1c:71:18:fe:1f:e0:17:af:
         a8:ae:e8:f5:ce:54:bb:ec:61:bc:2f:27:b3:47:dc:76:1a:f3:
         c7:14:1d:21:12:81:25:b1:1d:13:de:b9:2f:37:3f:f1:ad:0a:
         fb:53:0a:1b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULhbeScdnKYktiVdENOJYh4nmyg0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDMzMDEzWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZDhkMDdhODRjNzJhMjNmMGVkODJiZmQwZTYyZmQ1YjZi
NmQ2Y2RlYjMxOTc3MTYzZWFjZWI2MDRhYTkxMzdkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDtA3y4jc0AdUUksPWPHiD+G2GD3/b7bZymzvsgNCNvuZsv
UXRVkriX6Rmnx552y3tZn7epY/PPaW7taX44ERYoCaBWFZj8YIEzRecYyl+Y9WDd
UHO1GMKToxzLAztdc8bDYZ5Jr4YR+OMxUPFxMbI7T7NtM9nn/u7V33LnKyhkaRfE
XfLe6CKud1pUlL/wCv/SA2GsSTbD9yUj5BzM3E04clKT/wpjbut3FeMJGZLCm2km
RBHR/5qLbQReu516qtmg22zEDly75+zYt7dm5E26Wn6zvEfnN65XMONQYAo1UP/y
35tsLnL0S13PvnbaLgWO63XiVp77Wz1UVADt5gdXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZgpqqK3toUl+HuOKdICc7YnmnR8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JmNjAyOWM0LTk5ZjktNGFkNi1hYjdmLTg5ZDNiMjM1Yjc3ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAF7yPIwDQYJKoZIhvcNAQELBQADggEBALSAp3NrK8z+yj1/pDcsFZBNR0bG
ho8I8X0UvsBG4Bjx/vUhaHi5QCCH3MuPu0R7bKSyDqE2Ojg+0i1pl0hChDV9YlGk
+EucLZcdIo+IwkDfM4nRwP0Ei9uf4pIMUSs+6mwA17AXQ8lGWljkXmvrT5uQ2UpY
Dm7vappyJ740qzml7E2Zb0nxwjFTE7UpF76UBvntCy/f+zPubyAkfqRF2T3Y9vXC
i8VBVI9tYRAczjveMH1CwPTCMmCMAyASnPsd2wzICSyBLhW6GJVLUyssk9QccRj+
H+AXr6iu6PXOVLvsYbwvJ7NH3HYa88cUHSESgSWxHRPeuS83P/GtCvtTChs=
-----END CERTIFICATE-----