Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/884a8c0d-72de-41fb-885a-1c084a948135.roa
File:                     884a8c0d-72de-41fb-885a-1c084a948135.roa (raw, json)
Hash identifier:          VS9jIoauTe/aACi6SxDXLJ+4gJshL89+oIF0gfRoDTk=
Subject key identifier:   9D:66:A1:54:08:BD:49:15:DB:8F:12:47:0B:8A:45:93:84:E0:1B:A7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6EAA3AE09FABB8FC2879A43782F1C819C4B94299
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/884a8c0d-72de-41fb-885a-1c084a948135.roa
Signing time:             Tue 11 Nov 2025 01:52:07 +0000
ROA not before:           Tue 11 Nov 2025 01:52:07 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        202.147.64.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:aa:3a:e0:9f:ab:b8:fc:28:79:a4:37:82:f1:c8:19:c4:b9:42:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:52:07 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=b86a4479fc331f70b932b503a47e160424fad9b3dfc9251b7cfae12039bcdb8c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:8c:13:50:27:0f:99:0d:d8:ef:d1:f8:1b:50:
                    8f:00:49:24:69:aa:5d:33:1a:03:d1:03:3e:25:16:
                    bf:1b:d2:64:d8:d1:0d:3f:53:d4:4a:a0:b9:78:67:
                    90:36:1f:30:f9:d5:98:ae:b7:1a:17:e4:c6:92:d3:
                    7a:5c:7b:ad:e5:6c:cc:bf:10:c8:fc:bc:06:0c:ba:
                    84:30:61:ce:60:ed:15:13:9d:6d:25:e1:ce:e4:fe:
                    f2:b6:01:be:e2:77:9d:f1:72:8d:3a:65:0d:24:c4:
                    98:92:70:d2:43:4a:99:0c:fd:bf:08:c5:ec:fe:4e:
                    a6:aa:1c:6a:a5:32:ca:03:8a:af:f5:b2:38:9a:e6:
                    9c:19:18:84:d2:00:a6:eb:26:43:a9:9e:de:02:bb:
                    69:d9:8e:ff:0b:a4:b9:a2:b1:e4:d4:fa:67:a3:8d:
                    3d:26:c8:bc:c4:54:ca:9f:6a:8b:4e:ad:85:57:d1:
                    49:6d:64:a9:cb:c6:24:d0:4e:c7:6b:94:0e:d4:7f:
                    e9:dc:75:ab:22:bd:3c:ae:cd:12:fe:f4:ee:37:79:
                    1c:b1:50:27:cb:8a:31:68:7d:5a:4d:d5:f0:67:b7:
                    26:6e:e0:ef:c9:6b:fb:28:d9:0d:48:51:63:29:be:
                    99:c9:28:47:12:5e:2e:cf:22:8b:34:c6:78:87:f7:
                    be:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:66:A1:54:08:BD:49:15:DB:8F:12:47:0B:8A:45:93:84:E0:1B:A7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/884a8c0d-72de-41fb-885a-1c084a948135.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.147.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         ad:67:0e:c4:34:3f:08:9c:c3:ee:06:56:00:a3:3b:31:1e:74:
         03:4c:e4:7d:37:c0:cc:a1:40:fd:1b:30:d5:6d:1d:27:84:ca:
         43:91:35:96:2c:27:96:1d:d9:26:9f:04:41:d3:d0:8c:d0:68:
         03:cc:ec:49:ee:97:3c:33:dc:1e:23:2a:15:56:bd:50:4d:da:
         d7:97:9a:eb:14:a2:68:aa:54:73:09:89:f7:e5:f8:7a:4b:98:
         cb:7c:2b:ad:77:96:49:b0:a3:9f:e0:7f:ac:62:36:f2:d3:0f:
         8f:77:c4:00:3a:6e:e6:85:12:2a:20:7b:4e:4f:33:b1:dd:14:
         41:94:4b:31:e7:ae:c0:cf:cc:36:a3:75:36:20:01:93:f9:98:
         21:f8:41:3e:79:72:95:88:7e:dc:4d:ab:b7:35:53:98:54:4e:
         01:98:79:65:e9:15:37:bc:b8:5e:2b:fb:2b:43:9d:d8:a3:98:
         3e:82:50:b4:85:b6:d0:54:e2:39:1f:f5:80:98:dd:eb:f8:d0:
         b8:39:40:a5:99:8b:73:5f:59:6b:c1:50:06:56:af:bb:4a:21:
         8b:78:00:6c:b6:82:06:73:f0:42:67:7c:b7:f2:c2:83:d1:e7:
         99:27:c2:56:6c:7f:48:ff:4c:a1:ab:3e:2f:cd:7e:02:1b:4c:
         8f:de:a9:18
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbqo64J+ruPwoeaQ3gvHIGcS5QpkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDE1MjA3WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BiODZhNDQ3OWZjMzMxZjcwYjkzMmI1MDNhNDdlMTYwNDI0
ZmFkOWIzZGZjOTI1MWI3Y2ZhZTEyMDM5YmNkYjhjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgjBNQJw+ZDdjv0fgbUI8ASSRpql0zGgPRAz4lFr8b0mTY
0Q0/U9RKoLl4Z5A2HzD51ZiutxoX5MaS03pce63lbMy/EMj8vAYMuoQwYc5g7RUT
nW0l4c7k/vK2Ab7id53xco06ZQ0kxJiScNJDSpkM/b8Ixez+TqaqHGqlMsoDiq/1
sjia5pwZGITSAKbrJkOpnt4Cu2nZjv8LpLmiseTU+mejjT0myLzEVMqfaotOrYVX
0UltZKnLxiTQTsdrlA7Uf+ncdasivTyuzRL+9O43eRyxUCfLijFofVpN1fBntyZu
4O/Ja/so2Q1IUWMpvpnJKEcSXi7PIos0xniH977RAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnWahVAi9SRXbjxJHC4pFk4TgG6cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg4NGE4YzBkLTcyZGUtNDFmYi04ODVhLTFjMDg0YTk0ODEzNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXKk0AwDQYJKoZIhvcNAQELBQADggEBAK1nDsQ0Pwicw+4GVgCjOzEedANM
5H03wMyhQP0bMNVtHSeEykORNZYsJ5Yd2SafBEHT0IzQaAPM7Enulzwz3B4jKhVW
vVBN2teXmusUomiqVHMJiffl+HpLmMt8K613lkmwo5/gf6xiNvLTD493xAA6buaF
Eioge05PM7HdFEGUSzHnrsDPzDajdTYgAZP5mCH4QT55cpWIftxNq7c1U5hUTgGY
eWXpFTe8uF4r+ytDndijmD6CULSFttBU4jkf9YCY3ev40Lg5QKWZi3NfWWvBUAZW
r7tKIYt4AGy2ggZz8EJnfLfywoPR55knwlZsf0j/TKGrPi/NfgIbTI/eqRg=
-----END CERTIFICATE-----