Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3e7c3721-b1a3-4a25-bf48-db620d09215a.roa
File:                     3e7c3721-b1a3-4a25-bf48-db620d09215a.roa (raw, json)
Hash identifier:          XfCveXNTfyxCv3TgACA5nLVbUTCfpPlJGogdfEjUxQ4=
Subject key identifier:   FF:94:1B:6D:C8:C5:D3:4F:B7:BC:77:73:46:3E:A0:15:B1:F6:EC:30
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       60D55009DBFB2D491BB53CA4AF05DD2605492726
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3e7c3721-b1a3-4a25-bf48-db620d09215a.roa
Signing time:             Sun 16 Nov 2025 00:31:15 +0000
ROA not before:           Sun 16 Nov 2025 00:31:15 +0000
ROA not after:            Sun 21 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        203.119.12.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:d5:50:09:db:fb:2d:49:1b:b5:3c:a4:af:05:dd:26:05:49:27:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 16 00:31:15 2025 GMT
            Not After : Dec 21 23:59:59 2025 GMT
        Subject: serialNumber=3353cd492fac66253b927c40c237f51cde420bd3600585eda82d388ef59286e6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:35:d8:a9:18:07:4e:ed:d7:c4:be:81:a7:e4:
                    da:32:45:aa:98:a1:68:34:25:82:11:72:c9:86:d6:
                    56:37:46:e7:50:08:3b:8d:79:a7:1e:a6:d2:b6:52:
                    28:12:22:8c:4d:e6:cc:69:18:6c:8d:81:e3:da:93:
                    2e:62:35:b2:7f:9d:c1:8a:e1:64:1c:f6:6d:e8:5d:
                    ab:12:a4:64:53:de:ee:e2:b1:12:a4:ab:0b:bb:fc:
                    d8:6d:88:ac:ee:06:48:bd:a5:16:a9:50:16:14:27:
                    ba:3d:0f:82:2a:e3:cd:3e:0c:a9:f1:94:9e:17:8e:
                    09:54:b6:2d:51:76:04:42:3c:cb:f0:ba:76:d4:14:
                    ad:e8:22:28:fb:2f:c0:12:88:d7:eb:0e:fe:a9:2c:
                    c9:df:07:9f:5f:1c:ab:08:78:5a:f0:9f:bc:ce:ec:
                    06:fd:ce:82:e9:94:57:8f:3b:8e:6e:e1:b2:16:a9:
                    72:28:ea:42:83:42:79:da:cf:f8:d0:64:1c:c8:76:
                    2e:d2:16:e5:9a:bf:b4:51:5b:4b:18:98:17:a0:aa:
                    d3:93:30:af:6f:88:9b:41:70:c0:5e:ef:2a:1d:60:
                    26:bb:e1:07:18:47:e6:96:82:bb:4a:c3:0e:82:37:
                    13:cd:e6:65:a0:3a:0b:df:33:58:34:3b:d3:c8:80:
                    ef:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:94:1B:6D:C8:C5:D3:4F:B7:BC:77:73:46:3E:A0:15:B1:F6:EC:30
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3e7c3721-b1a3-4a25-bf48-db620d09215a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.119.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:98:8d:9b:00:6a:31:03:a3:9d:c4:5e:08:bd:e3:ef:16:94:
         01:12:ef:90:98:ff:ef:3a:b4:c5:8d:d5:59:a1:88:ca:97:1e:
         13:ff:50:a4:3c:68:cf:d3:c1:b0:f4:7b:f4:dd:0b:91:90:81:
         8e:da:6a:66:39:4d:e3:76:f8:4e:25:5a:4a:94:f9:79:b6:c7:
         62:2f:27:52:d6:29:30:1d:9f:3b:c0:e7:a0:82:94:f8:95:df:
         8c:66:b1:d1:10:28:ac:e5:25:02:f6:c2:4a:20:d0:fd:2a:e0:
         cf:4c:db:09:d0:07:52:1b:f3:da:67:d8:29:e3:d9:94:90:f6:
         3d:70:8e:b7:99:a4:fd:01:27:cb:30:37:35:04:eb:d2:79:6d:
         21:91:63:8f:18:9a:e4:64:37:50:dd:d1:5e:fa:80:e6:72:f0:
         d6:f7:25:b6:66:64:63:03:93:92:7d:95:1a:ed:44:b1:8c:f4:
         82:cb:64:58:f5:dc:30:6f:9d:37:bc:a0:ad:8a:b3:76:23:d8:
         2d:d3:28:b4:18:9d:f9:cc:01:57:26:63:f4:57:6f:93:8a:58:
         cf:35:71:fc:79:b5:23:e5:7a:0b:dc:88:30:2d:96:f2:78:b5:
         ab:7b:07:fc:10:66:ec:88:2c:d0:46:af:8f:96:f8:fe:1a:55:
         1a:c5:1b:c0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYNVQCdv7LUkbtTykrwXdJgVJJyYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE2MDAzMTE1WhcNMjUxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMzUzY2Q0OTJmYWM2NjI1M2I5MjdjNDBjMjM3ZjUxY2Rl
NDIwYmQzNjAwNTg1ZWRhODJkMzg4ZWY1OTI4NmU2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDrNdipGAdO7dfEvoGn5NoyRaqYoWg0JYIRcsmG1lY3RudQ
CDuNeaceptK2UigSIoxN5sxpGGyNgePaky5iNbJ/ncGK4WQc9m3oXasSpGRT3u7i
sRKkqwu7/NhtiKzuBki9pRapUBYUJ7o9D4Iq480+DKnxlJ4XjglUti1RdgRCPMvw
unbUFK3oIij7L8ASiNfrDv6pLMnfB59fHKsIeFrwn7zO7Ab9zoLplFePO45u4bIW
qXIo6kKDQnnaz/jQZBzIdi7SFuWav7RRW0sYmBegqtOTMK9viJtBcMBe7yodYCa7
4QcYR+aWgrtKww6CNxPN5mWgOgvfM1g0O9PIgO9RAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/5QbbcjF00+3vHdzRj6gFbH27DAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNlN2MzNzIxLWIxYTMtNGEyNS1iZjQ4LWRiNjIwZDA5MjE1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADLdwwwDQYJKoZIhvcNAQELBQADggEBABiYjZsAajEDo53EXgi94+8WlAES
75CY/+86tMWN1VmhiMqXHhP/UKQ8aM/TwbD0e/TdC5GQgY7aamY5TeN2+E4lWkqU
+Xm2x2IvJ1LWKTAdnzvA56CClPiV34xmsdEQKKzlJQL2wkog0P0q4M9M2wnQB1Ib
89pn2Cnj2ZSQ9j1wjreZpP0BJ8swNzUE69J5bSGRY48YmuRkN1Dd0V76gOZy8Nb3
JbZmZGMDk5J9lRrtRLGM9ILLZFj13DBvnTe8oK2Ks3Yj2C3TKLQYnfnMAVcmY/RX
b5OKWM81cfx5tSPlegvciDAtlvJ4tat7B/wQZuyILNBGr4+W+P4aVRrFG8A=
-----END CERTIFICATE-----