Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38bc1d9a-dc0a-4557-8f0c-45df0c392516.roa
File:                     38bc1d9a-dc0a-4557-8f0c-45df0c392516.roa (raw, json)
Hash identifier:          mCU3b+7d/kfZkIE2BUfOdrxSpvP0chOQelZxYN4CY68=
Subject key identifier:   EC:69:F4:AB:EA:5E:D2:B1:99:A1:6A:70:C5:42:F6:98:5E:E4:10:2B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       33F07738B1835C0B2D4CD7D0A8EDAD7D8FCF6DA7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38bc1d9a-dc0a-4557-8f0c-45df0c392516.roa
Signing time:             Sat 15 Nov 2025 00:40:43 +0000
ROA not before:           Sat 15 Nov 2025 00:40:43 +0000
ROA not after:            Sat 20 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        86.112.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:f0:77:38:b1:83:5c:0b:2d:4c:d7:d0:a8:ed:ad:7d:8f:cf:6d:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 15 00:40:43 2025 GMT
            Not After : Dec 20 23:59:59 2025 GMT
        Subject: serialNumber=7c8770e35dd2e85045732c6ab5f25d5b646ca92c10806589eab12b2b516daf95, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:2f:41:b8:97:c7:ed:bf:99:1a:fa:98:3e:0b:
                    1e:fd:41:a4:f5:82:a4:f9:77:e7:fb:81:02:a2:22:
                    d3:a7:b6:6c:75:f5:aa:3d:a0:53:3a:4f:2e:5c:fe:
                    59:bc:37:fd:0c:12:f9:ea:99:d1:dd:e3:32:c7:ee:
                    f9:56:f5:0b:53:60:35:e8:35:7b:b8:df:36:f8:0c:
                    f3:70:64:61:91:13:a4:1d:cd:ff:54:0e:2a:69:66:
                    b7:da:54:c8:16:26:25:41:fd:3d:c5:23:2b:5e:df:
                    7a:ea:00:bd:5e:47:ee:56:4b:86:b7:bc:e1:47:e4:
                    aa:6c:58:71:54:06:a7:9d:f9:30:5d:a2:c0:97:54:
                    1a:5c:f0:aa:50:8f:3b:e5:80:9d:95:e9:30:cf:da:
                    c6:ae:5c:08:0a:8c:7c:3f:5a:90:86:4b:49:cd:d5:
                    96:18:49:f9:dc:f3:9d:08:4d:62:80:a1:d6:21:44:
                    10:a2:34:af:31:69:79:a9:47:06:a8:d6:c7:b3:1f:
                    2e:81:4e:65:b3:80:bb:31:3e:81:66:95:fc:dc:83:
                    dd:ab:09:30:09:b5:31:e0:f6:73:76:ff:78:c9:f7:
                    87:2e:d0:89:ef:07:2a:e6:fb:b8:84:06:b2:44:5a:
                    9c:b7:4c:a3:06:30:1e:be:e5:3f:65:ee:61:f3:7e:
                    01:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:69:F4:AB:EA:5E:D2:B1:99:A1:6A:70:C5:42:F6:98:5E:E4:10:2B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/38bc1d9a-dc0a-4557-8f0c-45df0c392516.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.112.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         30:1e:3e:d3:85:5d:b7:3f:b5:33:9a:cd:5c:20:04:1c:ed:3a:
         a8:b9:af:35:bf:8d:71:3f:23:87:dc:37:01:32:49:b7:40:e1:
         aa:12:68:f2:b7:c2:b4:18:74:7f:a9:fc:ef:f5:45:d5:6e:1f:
         e6:ec:6d:9f:23:24:41:20:f9:f2:40:43:9f:89:34:fa:28:24:
         93:4c:c7:85:2a:e7:7d:cc:95:d2:8e:aa:65:cb:2d:e2:3b:e8:
         6f:cf:6a:56:ce:31:70:79:49:61:38:ff:4d:64:ae:ff:ff:ed:
         b7:01:35:6a:be:87:f7:18:10:f9:00:08:08:54:ad:2b:53:51:
         47:a8:e3:65:0e:f8:5e:09:cc:26:96:d9:59:21:59:b0:28:38:
         9e:3e:37:b4:68:8f:4c:40:06:05:57:d0:37:03:75:d4:9f:fb:
         49:27:94:99:24:40:35:b4:54:fb:4f:42:cb:eb:52:eb:ab:2b:
         5e:69:8b:09:7a:fc:c0:4d:a5:2c:a6:75:c2:8e:8f:e8:62:dd:
         17:8c:dc:c7:0c:60:6c:e5:c3:b8:29:2c:36:58:f0:f0:86:59:
         11:58:dc:68:18:25:86:e4:4e:89:2c:65:9b:21:6a:6e:d9:aa:
         fb:32:79:8c:6a:19:c2:e3:8c:9b:7c:00:7b:8e:8f:16:9f:d2:
         72:03:34:db
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUM/B3OLGDXAstTNfQqO2tfY/PbacwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE1MDA0MDQzWhcNMjUxMjIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3Yzg3NzBlMzVkZDJlODUwNDU3MzJjNmFiNWYyNWQ1YjY0
NmNhOTJjMTA4MDY1ODllYWIxMmIyYjUxNmRhZjk1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoL0G4l8ftv5ka+pg+Cx79QaT1gqT5d+f7gQKiItOntmx1
9ao9oFM6Ty5c/lm8N/0MEvnqmdHd4zLH7vlW9QtTYDXoNXu43zb4DPNwZGGRE6Qd
zf9UDippZrfaVMgWJiVB/T3FIyte33rqAL1eR+5WS4a3vOFH5KpsWHFUBqed+TBd
osCXVBpc8KpQjzvlgJ2V6TDP2sauXAgKjHw/WpCGS0nN1ZYYSfnc850ITWKAodYh
RBCiNK8xaXmpRwao1sezHy6BTmWzgLsxPoFmlfzcg92rCTAJtTHg9nN2/3jJ94cu
0InvByrm+7iEBrJEWpy3TKMGMB6+5T9l7mHzfgH5AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU7Gn0q+pe0rGZoWpwxUL2mF7kECswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM4YmMxZDlhLWRjMGEtNDU1Ny04ZjBjLTQ1ZGYwYzM5MjUxNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwFWcDANBgkqhkiG9w0BAQsFAAOCAQEAMB4+04Vdtz+1M5rNXCAEHO06qLmv
Nb+NcT8jh9w3ATJJt0DhqhJo8rfCtBh0f6n87/VF1W4f5uxtnyMkQSD58kBDn4k0
+igkk0zHhSrnfcyV0o6qZcst4jvob89qVs4xcHlJYTj/TWSu///ttwE1ar6H9xgQ
+QAICFStK1NRR6jjZQ74XgnMJpbZWSFZsCg4nj43tGiPTEAGBVfQNwN11J/7SSeU
mSRANbRU+09Cy+tS66srXmmLCXr8wE2lLKZ1wo6P6GLdF4zcxwxgbOXDuCksNljw
8IZZEVjcaBglhuROiSxlmyFqbtmq+zJ5jGoZwuOMm3wAe46PFp/ScgM02w==
-----END CERTIFICATE-----