Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0cb9a01-4d9c-439b-9afc-ee6f4809aaa3.roa
File:                     d0cb9a01-4d9c-439b-9afc-ee6f4809aaa3.roa (raw, json)
Hash identifier:          y20b+fVYb/VYSYAHNpSeIxdeH6wnIwXpWpLBm6uGdGY=
Subject key identifier:   76:D2:EA:A3:62:C4:AA:D1:3A:7D:FD:89:22:6B:8B:1E:F7:10:EC:95
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4A6C13097C05C65CBD62036BA0C13A8555927606
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0cb9a01-4d9c-439b-9afc-ee6f4809aaa3.roa
Signing time:             Mon 06 Oct 2025 16:21:16 +0000
ROA not before:           Mon 06 Oct 2025 16:21:16 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        5.174.96.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:6c:13:09:7c:05:c6:5c:bd:62:03:6b:a0:c1:3a:85:55:92:76:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 16:21:16 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=2cfb4a97f29cd01d4bdfa61bb60d9634e89d1871cfc79862ff7ddc292d27c5a7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:8e:ab:2f:32:d3:67:f5:d4:dd:3d:d1:a9:52:
                    45:95:d1:dd:a1:8d:6a:b9:94:a4:1c:3e:f4:31:0e:
                    51:3d:6c:08:eb:ef:50:50:0b:9a:2d:32:ed:e9:9c:
                    07:1c:ba:c4:94:a0:10:0d:89:3a:93:5e:28:bf:46:
                    bd:e4:a5:5a:0f:27:5b:7f:06:af:75:88:de:6a:0c:
                    ff:9e:e9:da:e8:a5:03:da:09:d8:2c:95:11:5a:b1:
                    19:91:6d:18:b8:e1:e3:32:52:44:15:c9:97:01:1e:
                    9e:33:60:c7:57:2a:c3:15:c6:b8:1a:ce:6c:88:62:
                    df:89:98:5a:67:42:a6:a2:60:61:b8:b2:3b:e5:5c:
                    22:98:0c:17:3f:51:f1:ce:5a:77:05:91:c6:a8:58:
                    75:99:6a:66:15:1f:bd:4e:43:ea:28:96:e9:49:ab:
                    1e:0a:7b:c8:d8:7e:e2:74:bf:bf:46:60:0e:fb:7a:
                    09:e7:10:5e:df:fe:73:4b:75:56:ea:c0:a9:a4:8d:
                    60:23:43:ec:35:b3:d9:86:bf:ac:1a:71:e2:53:eb:
                    2f:14:11:48:63:e3:a5:c7:4b:28:d4:bb:01:dd:ec:
                    93:fe:4b:10:50:ee:75:51:0d:df:47:80:fe:9c:9d:
                    6f:4a:ef:c8:ee:8f:6d:e1:46:59:96:a1:10:c7:6b:
                    6b:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:D2:EA:A3:62:C4:AA:D1:3A:7D:FD:89:22:6B:8B:1E:F7:10:EC:95
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0cb9a01-4d9c-439b-9afc-ee6f4809aaa3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.174.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         21:8d:70:89:91:ee:e0:14:24:04:f4:4a:5c:f6:b2:4b:71:99:
         1a:47:16:6e:4a:06:1e:45:a7:74:3a:5c:8c:28:0f:d2:0c:ca:
         33:15:5a:44:06:89:fa:ef:36:04:fc:3a:b8:6d:57:f9:b2:10:
         0a:7b:1a:09:1a:8c:fe:b6:2b:e0:b8:97:16:b5:5a:62:a0:9d:
         18:14:7e:e8:0a:f1:c6:73:39:3f:c3:4b:0a:2d:52:d9:d0:20:
         50:29:e3:c9:b5:93:7f:67:27:63:a9:c3:41:fa:8a:48:6a:6c:
         fa:8e:45:0b:41:48:72:a3:c8:42:0a:32:e2:2c:5c:44:56:ca:
         01:48:2e:31:82:73:4c:32:66:cd:fe:09:fb:fb:e6:49:af:5e:
         c1:5a:c3:3c:7d:0a:11:7d:63:4e:12:70:8d:f0:73:71:fe:ac:
         be:8f:f4:4a:d3:3e:eb:eb:16:a0:31:a4:26:57:e0:37:79:e0:
         14:b6:29:0c:09:53:51:b4:d0:cc:5b:4c:f7:ff:43:0e:c7:a9:
         a0:b3:4a:73:2e:e7:69:51:23:a1:4f:ba:a9:56:b4:2f:d1:e9:
         14:b9:ba:3c:a0:e0:a4:e6:bf:34:12:8f:b6:26:39:01:e1:85:
         85:6f:09:5e:ea:fb:c4:1a:8e:fe:fb:47:06:64:93:7b:0c:e7:
         94:ea:bc:fb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSmwTCXwFxly9YgNroME6hVWSdgYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTYyMTE2WhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AyY2ZiNGE5N2YyOWNkMDFkNGJkZmE2MWJiNjBkOTYzNGU4
OWQxODcxY2ZjNzk4NjJmZjdkZGMyOTJkMjdjNWE3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdjqsvMtNn9dTdPdGpUkWV0d2hjWq5lKQcPvQxDlE9bAjr
71BQC5otMu3pnAccusSUoBANiTqTXii/Rr3kpVoPJ1t/Bq91iN5qDP+e6dropQPa
CdgslRFasRmRbRi44eMyUkQVyZcBHp4zYMdXKsMVxrgazmyIYt+JmFpnQqaiYGG4
sjvlXCKYDBc/UfHOWncFkcaoWHWZamYVH71OQ+oolulJqx4Ke8jYfuJ0v79GYA77
egnnEF7f/nNLdVbqwKmkjWAjQ+w1s9mGv6waceJT6y8UEUhj46XHSyjUuwHd7JP+
SxBQ7nVRDd9HgP6cnW9K78juj23hRlmWoRDHa2uBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdtLqo2LEqtE6ff2JImuLHvcQ7JUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QwY2I5YTAxLTRkOWMtNDM5Yi05YWZjLWVlNmY0ODA5YWFhMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQFrmAwDQYJKoZIhvcNAQELBQADggEBACGNcImR7uAUJAT0Slz2sktxmRpH
Fm5KBh5Fp3Q6XIwoD9IMyjMVWkQGifrvNgT8OrhtV/myEAp7GgkajP62K+C4lxa1
WmKgnRgUfugK8cZzOT/DSwotUtnQIFAp48m1k39nJ2Opw0H6ikhqbPqORQtBSHKj
yEIKMuIsXERWygFILjGCc0wyZs3+Cfv75kmvXsFawzx9ChF9Y04ScI3wc3H+rL6P
9ErTPuvrFqAxpCZX4Dd54BS2KQwJU1G00MxbTPf/Qw7HqaCzSnMu52lRI6FPuqlW
tC/R6RS5ujyg4KTmvzQSj7YmOQHhhYVvCV7q+8Qajv77RwZkk3sM55TqvPs=
-----END CERTIFICATE-----