Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f2c885d6-4061-421b-99ff-f05202cdada5.roa
File:                     f2c885d6-4061-421b-99ff-f05202cdada5.roa (raw, json)
Hash identifier:          PJ9QlK4UXcx3kNzkw4eqpmagYQVQxd4Pfo5y3P29bT8=
Subject key identifier:   DA:FD:A5:0B:E5:22:86:EC:D0:CF:33:5F:9B:B1:11:DA:8F:26:11:66
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       56A0ABF158BD4A6CD0BF5DE3A1F8DC4C97AB18E5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f2c885d6-4061-421b-99ff-f05202cdada5.roa
Signing time:             Mon 06 Oct 2025 16:12:00 +0000
ROA not before:           Mon 06 Oct 2025 16:12:00 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        44.223.121.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:a0:ab:f1:58:bd:4a:6c:d0:bf:5d:e3:a1:f8:dc:4c:97:ab:18:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 16:12:00 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=635f38e2e4d46fed7388972e029cac2cf818e9830960b9eb2a9456f4d0e9b596, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:0e:0f:7d:15:62:3f:e4:d4:2b:e8:54:15:63:
                    c0:ae:00:6b:81:89:e5:ed:cb:27:98:5b:c5:e8:35:
                    06:cd:59:3f:21:05:39:61:a2:52:af:b3:b3:0e:26:
                    d6:3f:34:1d:20:06:f9:09:8b:d9:90:97:1a:b7:84:
                    ea:2e:7b:dc:7d:ed:40:74:fa:5b:31:a3:da:cb:58:
                    8a:43:98:83:2a:8e:8c:b3:a8:76:1b:56:e4:16:53:
                    92:3e:69:01:d8:6c:75:c2:97:44:94:92:3a:b7:bc:
                    fe:28:f5:35:27:fa:3f:b1:6b:d6:4a:e8:07:6e:36:
                    8e:f4:22:b4:e1:6a:e4:11:ee:9d:c5:6c:0a:4d:29:
                    a3:42:dc:cb:a8:b7:9f:53:97:3a:47:f9:4d:13:81:
                    c0:5f:bf:8d:45:9c:ee:74:de:12:3b:71:7e:ef:ab:
                    41:09:c5:c2:73:43:c8:8b:f0:16:b7:ec:2e:a8:dd:
                    32:32:54:9f:f6:56:8b:1f:d3:cc:3e:76:16:04:20:
                    70:d3:96:8a:6e:76:fb:ba:51:e3:ff:38:7e:41:96:
                    eb:ea:31:8f:1a:a9:5b:9f:ed:4b:3a:07:25:6c:94:
                    ab:d2:30:9b:3c:cb:bf:2b:5f:5e:e9:56:6f:d9:68:
                    d6:d8:41:9a:f6:c1:53:24:a1:c8:4e:7b:65:be:22:
                    6d:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:FD:A5:0B:E5:22:86:EC:D0:CF:33:5F:9B:B1:11:DA:8F:26:11:66
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f2c885d6-4061-421b-99ff-f05202cdada5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  44.223.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:1a:60:ad:0f:f9:dc:63:e7:13:4e:da:43:cb:79:fd:39:1b:
         10:74:e7:c0:6a:94:77:ff:22:40:3c:f6:64:47:6e:c8:3f:3d:
         db:7b:1a:a4:ff:1c:3f:d4:fb:bb:29:71:f4:32:dc:77:70:e9:
         ab:57:b3:a2:0c:aa:64:ab:05:f7:1d:3f:f2:42:06:ca:f0:a1:
         79:4d:a5:2f:ee:0a:5e:1b:79:1f:63:da:25:bf:82:87:f5:e9:
         c2:cf:d3:d6:36:86:50:d8:fe:c6:e3:22:5f:d1:e6:63:d8:2a:
         54:54:20:d0:10:5e:0f:14:82:d3:dd:c3:b0:0c:6a:d6:31:c5:
         a7:a6:99:b9:13:f9:59:5f:2f:15:6c:32:6d:ca:3b:e6:0b:e3:
         43:65:c3:85:1c:81:fb:46:22:bf:2a:1c:3f:5e:c4:9f:b0:be:
         79:a9:f4:65:8d:92:98:0d:e1:68:5e:85:b3:aa:49:9a:64:6b:
         0c:69:01:61:11:42:a8:04:6e:1b:02:21:92:83:7e:22:9e:73:
         fd:64:e1:83:19:22:5e:ea:0e:40:6b:75:a7:57:b5:c8:02:8a:
         08:be:cb:f2:d2:80:64:78:c2:bd:1d:37:f7:51:9f:fb:5c:8e:
         0d:cb:8f:fa:ed:1f:8a:b8:08:6c:b7:61:af:61:37:d6:31:7f:
         3d:53:35:20
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVqCr8Vi9SmzQv13jofjcTJerGOUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTYxMjAwWhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MzVmMzhlMmU0ZDQ2ZmVkNzM4ODk3MmUwMjljYWMyY2Y4
MThlOTgzMDk2MGI5ZWIyYTk0NTZmNGQwZTliNTk2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDaDg99FWI/5NQr6FQVY8CuAGuBieXtyyeYW8XoNQbNWT8h
BTlholKvs7MOJtY/NB0gBvkJi9mQlxq3hOoue9x97UB0+lsxo9rLWIpDmIMqjoyz
qHYbVuQWU5I+aQHYbHXCl0SUkjq3vP4o9TUn+j+xa9ZK6AduNo70IrThauQR7p3F
bApNKaNC3Muot59TlzpH+U0TgcBfv41FnO503hI7cX7vq0EJxcJzQ8iL8Ba37C6o
3TIyVJ/2Vosf08w+dhYEIHDTlopudvu6UeP/OH5BluvqMY8aqVuf7Us6ByVslKvS
MJs8y78rX17pVm/ZaNbYQZr2wVMkochOe2W+Im2TAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2v2lC+UihuzQzzNfm7ER2o8mEWYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YyYzg4NWQ2LTQwNjEtNDIxYi05OWZmLWYwNTIwMmNkYWRhNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAs33kwDQYJKoZIhvcNAQELBQADggEBAJgaYK0P+dxj5xNO2kPLef05GxB0
58BqlHf/IkA89mRHbsg/Pdt7GqT/HD/U+7spcfQy3Hdw6atXs6IMqmSrBfcdP/JC
BsrwoXlNpS/uCl4beR9j2iW/gof16cLP09Y2hlDY/sbjIl/R5mPYKlRUINAQXg8U
gtPdw7AMatYxxaemmbkT+VlfLxVsMm3KO+YL40Nlw4UcgftGIr8qHD9exJ+wvnmp
9GWNkpgN4WhehbOqSZpkawxpAWERQqgEbhsCIZKDfiKec/1k4YMZIl7qDkBrdadX
tcgCigi+y/LSgGR4wr0dN/dRn/tcjg3Lj/rtH4q4CGy3Ya9hN9Yxfz1TNSA=
-----END CERTIFICATE-----