Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7ec798da-a6c2-44be-afd4-f4a224668ad8.roa
File:                     7ec798da-a6c2-44be-afd4-f4a224668ad8.roa (raw, json)
Hash identifier:          wD7n5+6VDG8C0rVcG8BIz0Z5/1eDNAjkbU8Z88od+so=
Subject key identifier:   3C:94:82:C3:B3:69:4A:01:B9:22:9F:22:CF:E3:0B:F7:30:3F:16:41
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6D99575A1FFE88FE7C1DFC714182645B2747C5EB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7ec798da-a6c2-44be-afd4-f4a224668ad8.roa
Signing time:             Wed 12 Nov 2025 00:40:12 +0000
ROA not before:           Wed 12 Nov 2025 00:40:12 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        119.13.52.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:99:57:5a:1f:fe:88:fe:7c:1d:fc:71:41:82:64:5b:27:47:c5:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 00:40:12 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=87241f23b5ed7f3e71019bdf139e5a78b196390a8a3538ed6eb3337dcaf307ec, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:66:65:bb:a8:c3:5f:5f:de:a8:fe:1d:1e:49:
                    97:c2:39:25:dc:1c:2d:ea:bd:05:06:1a:33:53:ef:
                    b3:14:e0:f3:fb:15:23:19:58:89:85:09:ce:65:9a:
                    fd:02:39:ac:ba:80:86:eb:ee:9a:e0:9b:e7:a7:54:
                    98:1d:cc:7f:af:3c:4a:4c:97:9c:f8:1f:5b:f4:0e:
                    d4:e2:a4:a3:8e:78:00:29:ad:36:1e:00:e5:f8:27:
                    c0:38:4f:48:19:2c:22:96:25:a6:93:b0:b0:65:a9:
                    62:2f:b3:51:d8:df:36:33:2d:7e:30:4d:df:1f:45:
                    85:a2:42:25:e2:b1:0d:69:8d:72:b8:20:ad:1c:e5:
                    dd:9b:ac:25:eb:e8:82:8d:f3:46:99:f7:bb:ff:3f:
                    15:27:ce:ac:39:c4:98:7b:95:3b:6a:1a:74:97:16:
                    35:b5:2f:49:87:51:30:d3:e9:a7:fe:21:ef:42:b2:
                    ee:dd:d8:59:a4:36:40:b6:1b:1a:04:1b:f9:41:a3:
                    f7:57:af:64:04:53:33:e3:bd:ea:90:33:59:e3:3e:
                    0e:57:be:40:0b:d0:ec:68:9d:f9:03:2e:c0:58:5d:
                    7f:f1:93:a8:c6:70:78:da:7c:38:50:03:fb:6c:1d:
                    55:53:47:57:82:db:5c:3a:bf:8a:22:da:c4:56:66:
                    b8:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:94:82:C3:B3:69:4A:01:B9:22:9F:22:CF:E3:0B:F7:30:3F:16:41
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7ec798da-a6c2-44be-afd4-f4a224668ad8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.13.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:80:1f:c0:e9:df:3d:85:bc:aa:10:f6:e1:00:45:23:89:10:
         65:08:6c:c2:59:f9:0e:36:32:36:20:40:2a:50:97:5a:fa:52:
         f3:5c:84:db:ee:79:21:56:0a:25:42:d1:3e:e1:29:12:c1:95:
         8d:10:81:37:b1:56:f7:fc:54:76:ad:d0:1b:a4:d8:0e:70:68:
         2b:1b:29:71:10:7a:a4:aa:22:34:d4:99:5b:c8:79:68:e2:ae:
         ec:fc:67:fe:0d:16:f9:36:c9:4e:36:3f:71:aa:ed:2f:2b:5b:
         22:16:13:fe:69:ca:8c:bb:1d:f8:9b:1f:26:c6:2f:d5:fb:8c:
         f2:c5:ba:fb:61:d5:16:c3:4b:69:2a:ab:88:40:42:bd:dc:75:
         c1:7c:71:a5:53:56:78:4e:fc:61:a5:03:71:9d:b1:65:f8:39:
         8f:0c:04:c4:4a:48:83:53:5e:60:ad:70:ea:ea:d2:5e:9b:1d:
         7a:fc:af:57:47:35:11:4d:85:ce:d9:75:e2:e1:42:10:21:b4:
         f7:1e:57:2b:a1:b3:d5:62:f0:e2:97:b5:2f:0c:9b:99:d7:5e:
         66:ab:81:7a:dd:f1:60:b9:eb:95:e2:34:fc:c3:4f:27:7b:a1:
         73:fb:20:d3:eb:fd:9d:4f:20:a8:c6:cc:c9:e9:76:3e:03:2f:
         e8:2e:8f:3c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbZlXWh/+iP58HfxxQYJkWydHxeswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDA0MDEyWhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NzI0MWYyM2I1ZWQ3ZjNlNzEwMTliZGYxMzllNWE3OGIx
OTYzOTBhOGEzNTM4ZWQ2ZWIzMzM3ZGNhZjMwN2VjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7ZmW7qMNfX96o/h0eSZfCOSXcHC3qvQUGGjNT77MU4PP7
FSMZWImFCc5lmv0COay6gIbr7prgm+enVJgdzH+vPEpMl5z4H1v0DtTipKOOeAAp
rTYeAOX4J8A4T0gZLCKWJaaTsLBlqWIvs1HY3zYzLX4wTd8fRYWiQiXisQ1pjXK4
IK0c5d2brCXr6IKN80aZ97v/PxUnzqw5xJh7lTtqGnSXFjW1L0mHUTDT6af+Ie9C
su7d2FmkNkC2GxoEG/lBo/dXr2QEUzPjveqQM1njPg5XvkAL0OxonfkDLsBYXX/x
k6jGcHjafDhQA/tsHVVTR1eC21w6v4oi2sRWZriVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPJSCw7NpSgG5Ip8iz+ML9zA/FkEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdlYzc5OGRhLWE2YzItNDRiZS1hZmQ0LWY0YTIyNDY2OGFkOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJ3DTQwDQYJKoZIhvcNAQELBQADggEBAF6AH8Dp3z2FvKoQ9uEARSOJEGUI
bMJZ+Q42MjYgQCpQl1r6UvNchNvueSFWCiVC0T7hKRLBlY0QgTexVvf8VHat0Buk
2A5waCsbKXEQeqSqIjTUmVvIeWjiruz8Z/4NFvk2yU42P3Gq7S8rWyIWE/5pyoy7
HfibHybGL9X7jPLFuvth1RbDS2kqq4hAQr3cdcF8caVTVnhO/GGlA3GdsWX4OY8M
BMRKSINTXmCtcOrq0l6bHXr8r1dHNRFNhc7ZdeLhQhAhtPceVyuhs9Vi8OKXtS8M
m5nXXmargXrd8WC565XiNPzDTyd7oXP7INPr/Z1PIKjGzMnpdj4DL+gujzw=
-----END CERTIFICATE-----