Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6b0118f9-aa06-473f-9164-82651f7287ff.roa
File:                     6b0118f9-aa06-473f-9164-82651f7287ff.roa (raw, json)
Hash identifier:          n4P0ZtpDlzrw84UXriG+41FCu4I5ECccTFxv4d5u0Nk=
Subject key identifier:   93:DE:BD:26:EE:4F:CF:86:2A:9A:91:2D:0C:73:7A:08:9D:8D:6C:E0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0B4AFA0C6D90D781135A417CBD49E880D87B5488
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6b0118f9-aa06-473f-9164-82651f7287ff.roa
Signing time:             Tue 18 Nov 2025 00:11:38 +0000
ROA not before:           Tue 18 Nov 2025 00:11:38 +0000
ROA not after:            Mon 16 Feb 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        128.212.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:4a:fa:0c:6d:90:d7:81:13:5a:41:7c:bd:49:e8:80:d8:7b:54:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 18 00:11:38 2025 GMT
            Not After : Feb 16 23:59:59 2026 GMT
        Subject: serialNumber=eefa28e183286a5040c5b77fb256b02dd0223a75104d5acb9e7dbfbc1f93ec34, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:9b:04:f3:42:90:97:a1:4f:f9:a9:2e:25:d9:
                    f4:8c:63:23:9b:b3:fd:72:b5:12:75:7d:97:89:3a:
                    54:29:e8:3e:41:df:c2:61:1e:ab:05:2a:66:4c:d1:
                    e3:05:fb:60:2a:b4:2c:0e:94:a6:2e:74:ef:1e:67:
                    08:cc:bd:cc:dd:f5:d9:a6:68:54:d1:4e:09:ca:68:
                    4e:d5:32:39:74:31:04:5f:c6:ef:ad:7c:ea:a7:80:
                    b6:26:2a:53:92:8b:79:ab:f7:9d:8b:0a:e1:f6:59:
                    b5:b4:76:be:e3:ec:4d:61:5b:4d:fe:5f:a2:47:5a:
                    18:53:bf:4f:d8:8e:5b:fd:d2:05:8b:81:b6:e7:a1:
                    fa:12:de:78:8f:77:49:20:6f:5e:30:93:95:72:d4:
                    4e:55:da:01:bc:09:6f:47:dd:0e:06:38:20:71:e5:
                    46:54:2f:5a:30:d0:21:b2:4a:23:7c:7b:83:ff:3c:
                    45:96:87:16:ce:ce:3e:73:f3:7b:8d:49:4e:2a:a5:
                    e0:df:24:b8:a3:4c:78:fe:22:99:5a:7c:bd:f1:4f:
                    14:a5:08:28:9b:52:27:c6:ea:dc:c1:4b:08:68:66:
                    b4:00:d3:a3:a2:1a:73:3b:f3:b5:45:02:b9:73:6a:
                    f4:8c:d0:c7:9a:de:c9:0e:e5:80:3d:db:2c:99:45:
                    d6:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:DE:BD:26:EE:4F:CF:86:2A:9A:91:2D:0C:73:7A:08:9D:8D:6C:E0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6b0118f9-aa06-473f-9164-82651f7287ff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.212.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         60:cb:94:91:46:79:9c:73:03:8c:5b:30:d0:5e:7f:32:0d:79:
         13:2c:3d:b0:78:0f:11:32:f7:2a:0d:6e:85:c6:35:51:c0:4c:
         ce:0b:f4:f8:2f:39:22:5a:b3:b1:6d:72:5d:a3:7c:83:f5:77:
         5a:28:6f:ac:a9:75:1a:f8:c8:fa:86:8f:84:7b:e4:d1:58:27:
         8a:d5:f4:92:9f:c7:3f:87:c4:14:d5:8a:31:66:3a:c8:3e:2d:
         41:77:05:2c:60:c6:8d:78:6a:7f:c3:1a:8f:e4:70:c3:4e:37:
         05:29:14:1a:20:77:07:1f:42:56:dc:94:75:09:4f:8f:12:0e:
         81:fa:e7:88:5d:7b:8a:db:37:1f:98:dd:c9:83:b5:54:3d:89:
         30:b6:1c:62:79:90:f6:d1:5f:a8:97:24:a7:94:20:2d:5e:ca:
         a3:63:ad:fa:4d:2b:6b:2b:6d:62:df:75:96:7a:bc:8a:ea:d7:
         7a:f1:43:50:2d:a6:ee:7a:ef:e2:26:0e:2a:73:74:c6:16:c2:
         8b:08:19:cb:93:31:5c:9b:97:da:51:53:7a:0a:ad:42:5a:6b:
         1a:19:08:f6:ca:79:5e:ac:03:07:7a:d5:a7:88:e0:dc:d4:a9:
         26:06:37:33:95:85:88:48:03:b8:f9:f2:ef:3f:d1:5e:86:73:
         b5:89:c0:59
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUC0r6DG2Q14ETWkF8vUnogNh7VIgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE4MDAxMTM4WhcNMjYwMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZWZhMjhlMTgzMjg2YTUwNDBjNWI3N2ZiMjU2YjAyZGQw
MjIzYTc1MTA0ZDVhY2I5ZTdkYmZiYzFmOTNlYzM0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkmwTzQpCXoU/5qS4l2fSMYyObs/1ytRJ1fZeJOlQp6D5B
38JhHqsFKmZM0eMF+2AqtCwOlKYudO8eZwjMvczd9dmmaFTRTgnKaE7VMjl0MQRf
xu+tfOqngLYmKlOSi3mr952LCuH2WbW0dr7j7E1hW03+X6JHWhhTv0/Yjlv90gWL
gbbnofoS3niPd0kgb14wk5Vy1E5V2gG8CW9H3Q4GOCBx5UZUL1ow0CGySiN8e4P/
PEWWhxbOzj5z83uNSU4qpeDfJLijTHj+IplafL3xTxSlCCibUifG6tzBSwhoZrQA
06OiGnM787VFArlzavSM0Mea3skO5YA92yyZRdaPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUk969Ju5Pz4YqmpEtDHN6CJ2NbOAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZiMDExOGY5LWFhMDYtNDczZi05MTY0LTgyNjUxZjcyODdmZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCA1DANBgkqhkiG9w0BAQsFAAOCAQEAYMuUkUZ5nHMDjFsw0F5/Mg15Eyw9
sHgPETL3Kg1uhcY1UcBMzgv0+C85IlqzsW1yXaN8g/V3WihvrKl1GvjI+oaPhHvk
0VgnitX0kp/HP4fEFNWKMWY6yD4tQXcFLGDGjXhqf8Maj+Rww043BSkUGiB3Bx9C
VtyUdQlPjxIOgfrniF17its3H5jdyYO1VD2JMLYcYnmQ9tFfqJckp5QgLV7Ko2Ot
+k0rayttYt91lnq8iurXevFDUC2m7nrv4iYOKnN0xhbCiwgZy5MxXJuX2lFTegqt
QlprGhkI9sp5XqwDB3rVp4jg3NSpJgY3M5WFiEgDuPny7z/RXoZztYnAWQ==
-----END CERTIFICATE-----