Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cfac5e42-d87d-4980-a4d4-ab785bf678d8.roa
File:                     cfac5e42-d87d-4980-a4d4-ab785bf678d8.roa (raw, json)
Hash identifier:          +7Z8vs1UDThdf2K6QJQyv7OPhjguGeIOYGGSLut/slc=
Subject key identifier:   22:A8:EB:CB:D5:84:97:5E:C5:24:C3:06:C1:0C:42:A3:D7:0E:63:B0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       40618CF36E3ADAEA32B9886B2760524534AF86E5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cfac5e42-d87d-4980-a4d4-ab785bf678d8.roa
Signing time:             Fri 17 Oct 2025 00:41:55 +0000
ROA not before:           Fri 17 Oct 2025 00:41:55 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        114.56.185.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:61:8c:f3:6e:3a:da:ea:32:b9:88:6b:27:60:52:45:34:af:86:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 17 00:41:55 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=5a29a498cbcad1131391e7cb588852229a8b982669c0ca26a161fb5ccfae2490, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:7b:db:86:b7:d9:70:e6:6a:d2:1a:18:b9:03:
                    41:1f:f3:5b:41:94:bc:2b:2d:38:19:44:86:90:6b:
                    7a:3d:04:97:e2:92:91:da:49:9e:6b:21:78:d1:93:
                    64:3c:4b:c3:f1:2f:da:65:d3:7e:a9:b8:47:8b:e4:
                    be:4b:1b:fb:0a:f5:fa:f7:a5:82:76:91:23:37:5c:
                    9e:08:80:14:5a:f9:e0:52:0e:cd:2e:1b:05:3b:54:
                    73:3b:2f:bf:c3:1f:02:6a:fa:10:d1:a2:90:47:06:
                    3e:7b:25:24:a0:af:f4:f4:a1:42:fa:42:be:30:34:
                    07:66:5b:11:22:13:9e:cf:10:c7:8f:88:2a:b6:71:
                    c0:e4:89:b5:6b:03:0f:5f:16:51:6c:0c:9e:be:92:
                    e1:dd:c9:61:38:e0:8b:d9:f0:66:0d:5d:cb:73:c6:
                    5f:ec:96:2e:1c:f5:3f:5e:d8:7e:3d:f8:62:c0:57:
                    69:18:30:cb:10:be:75:f4:3a:90:c4:fb:f2:8b:60:
                    9e:65:53:6d:df:33:1c:93:b8:75:6d:f4:47:a4:c2:
                    5e:a7:87:c0:ca:09:d7:8b:f1:f8:51:ec:e7:df:07:
                    42:a9:c5:d7:45:a3:3c:13:a7:af:70:23:5d:8c:a8:
                    75:21:e1:ca:fd:2e:11:e4:b9:20:4e:7d:7d:0f:9f:
                    54:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:A8:EB:CB:D5:84:97:5E:C5:24:C3:06:C1:0C:42:A3:D7:0E:63:B0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cfac5e42-d87d-4980-a4d4-ab785bf678d8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  114.56.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:22:a2:20:11:7d:7c:c9:a4:71:06:0a:12:e1:49:4e:95:d0:
         46:a6:16:c1:1c:40:7c:aa:b5:c9:76:71:d7:a5:e2:bf:0a:b4:
         00:c2:5b:a4:96:27:fe:5f:da:5d:ce:2c:cf:90:00:86:50:49:
         f3:8f:89:a1:b7:5c:be:0e:63:c3:ea:f7:66:61:e8:08:ac:c6:
         6a:4b:10:73:9a:1d:8f:8e:14:93:78:87:7e:5e:b7:a2:76:eb:
         d4:6b:32:10:34:93:6f:5b:d8:25:5d:c9:6d:7d:3d:9d:17:43:
         04:1c:4b:66:89:81:21:a5:01:77:c8:25:0f:76:04:00:c3:ab:
         be:24:41:12:1d:9c:28:c1:dd:bd:d6:a9:6e:9e:e1:ed:1d:c9:
         6a:2b:0b:5c:84:5b:40:06:fa:bb:ea:f7:20:e4:ce:5d:e3:01:
         ce:6e:21:27:c5:0d:b6:1b:00:bc:74:2e:22:d8:d8:cd:16:42:
         51:28:e0:d9:11:d7:63:a2:9d:76:37:a2:b4:35:a1:33:cd:45:
         2b:0b:31:9e:fc:b0:04:fb:4b:c1:2d:50:49:88:5e:fb:46:91:
         27:5d:4a:91:b8:35:5b:1a:bc:10:70:8b:cb:a1:c3:1b:bb:fb:
         8d:45:40:dd:36:a0:6b:b9:75:f1:be:f4:f8:0a:3a:33:8f:e9:
         f4:ba:2c:e6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQGGM82462uoyuYhrJ2BSRTSvhuUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE3MDA0MTU1WhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1YTI5YTQ5OGNiY2FkMTEzMTM5MWU3Y2I1ODg4NTIyMjlh
OGI5ODI2NjljMGNhMjZhMTYxZmI1Y2NmYWUyNDkwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXe9uGt9lw5mrSGhi5A0Ef81tBlLwrLTgZRIaQa3o9BJfi
kpHaSZ5rIXjRk2Q8S8PxL9pl036puEeL5L5LG/sK9fr3pYJ2kSM3XJ4IgBRa+eBS
Ds0uGwU7VHM7L7/DHwJq+hDRopBHBj57JSSgr/T0oUL6Qr4wNAdmWxEiE57PEMeP
iCq2ccDkibVrAw9fFlFsDJ6+kuHdyWE44IvZ8GYNXctzxl/sli4c9T9e2H49+GLA
V2kYMMsQvnX0OpDE+/KLYJ5lU23fMxyTuHVt9Eekwl6nh8DKCdeL8fhR7OffB0Kp
xddFozwTp69wI12MqHUh4cr9LhHkuSBOfX0Pn1RrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIqjry9WEl17FJMMGwQxCo9cOY7AwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NmYWM1ZTQyLWQ4N2QtNDk4MC1hNGQ0LWFiNzg1YmY2NzhkOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAByOLkwDQYJKoZIhvcNAQELBQADggEBAJYioiARfXzJpHEGChLhSU6V0Eam
FsEcQHyqtcl2cdel4r8KtADCW6SWJ/5f2l3OLM+QAIZQSfOPiaG3XL4OY8Pq92Zh
6AisxmpLEHOaHY+OFJN4h35et6J269RrMhA0k29b2CVdyW19PZ0XQwQcS2aJgSGl
AXfIJQ92BADDq74kQRIdnCjB3b3WqW6e4e0dyWorC1yEW0AG+rvq9yDkzl3jAc5u
ISfFDbYbALx0LiLY2M0WQlEo4NkR12OinXY3orQ1oTPNRSsLMZ78sAT7S8EtUEmI
XvtGkSddSpG4NVsavBBwi8uhwxu7+41FQN02oGu5dfG+9PgKOjOP6fS6LOY=
-----END CERTIFICATE-----