Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/88ad3ecf-8794-428a-bc51-4ac3eff6ca62.roa
File:                     88ad3ecf-8794-428a-bc51-4ac3eff6ca62.roa (raw, json)
Hash identifier:          5h9oB0NFRZYpPpbS4pjv2EucnDxC6mFf1waqMCnkSZQ=
Subject key identifier:   7B:D1:54:AD:D4:7C:1E:19:63:BE:6F:3E:A6:87:40:85:5B:0E:CC:72
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3E10A4452AB77970875509A9DFCFA9B4283471BE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/88ad3ecf-8794-428a-bc51-4ac3eff6ca62.roa
Signing time:             Tue 11 Nov 2025 00:30:08 +0000
ROA not before:           Tue 11 Nov 2025 00:30:08 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        212.111.160.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:10:a4:45:2a:b7:79:70:87:55:09:a9:df:cf:a9:b4:28:34:71:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 00:30:08 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=516186097b8017066a1575d20df328df5ca8f4aa09065e0f3a2ae6cb1dbb7b34, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:7c:0e:55:40:c7:f8:24:14:01:09:d7:53:7c:
                    96:e9:78:e4:31:cc:a0:62:0c:cc:a7:30:65:a9:b6:
                    6e:05:d2:65:29:eb:b0:f9:47:34:28:29:31:72:f9:
                    9d:ca:3b:37:0d:03:de:30:ed:f1:51:87:f0:7b:b3:
                    95:e3:88:45:42:b9:21:95:c2:a7:dc:eb:cf:08:d1:
                    63:ed:b7:78:3e:ca:c4:a5:26:24:69:c5:25:ea:bf:
                    24:7a:28:04:9c:77:23:a3:64:be:8e:b0:31:2a:8e:
                    0d:a2:d7:13:91:ae:60:72:9c:7f:45:e9:3d:be:f6:
                    6d:0b:58:9e:0e:88:d7:61:68:d2:c2:e9:63:2b:9a:
                    7f:c2:9c:1c:c7:cf:6b:62:19:40:2c:b0:75:93:e6:
                    63:74:b4:26:9f:ca:83:4a:06:27:d4:49:ee:52:c2:
                    ba:5b:c6:6b:c6:4a:1a:32:be:6d:52:b1:72:ee:da:
                    b3:84:f1:15:ba:5c:51:3e:89:c1:16:62:c5:7d:45:
                    c3:d2:7b:f0:13:da:b1:eb:b5:d7:2a:f3:a0:1c:80:
                    92:c5:d0:39:07:89:f7:0e:e0:41:fb:16:e5:d0:93:
                    07:86:78:fc:79:03:c6:d9:c1:78:b4:69:bd:b7:83:
                    8a:b0:12:57:74:27:b6:14:f7:41:45:9d:25:0d:50:
                    17:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:D1:54:AD:D4:7C:1E:19:63:BE:6F:3E:A6:87:40:85:5B:0E:CC:72
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/88ad3ecf-8794-428a-bc51-4ac3eff6ca62.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.111.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         d3:9e:75:eb:e4:1b:30:b9:5f:c3:1b:e1:e0:1f:4f:da:8d:9a:
         46:46:a2:9c:fc:6d:4d:ef:f0:66:ff:1f:ad:19:61:04:42:f2:
         1c:45:8f:65:3b:77:a1:7d:bb:67:9b:78:bb:b5:1a:a4:36:7f:
         e7:f8:bd:b0:2b:c7:18:ce:64:f9:27:85:28:01:70:08:f2:34:
         cb:df:c1:1c:a6:07:73:a0:8e:30:27:5b:0c:f2:40:c9:c8:33:
         7a:2c:36:0a:42:19:a8:c2:1b:e8:9b:0b:57:2d:1a:73:38:73:
         87:1f:f5:32:37:76:c4:f7:16:92:3d:1f:4a:30:be:0f:a8:e2:
         15:5d:cd:50:60:7a:f6:6c:08:62:7f:df:32:f0:c5:82:87:c9:
         54:3b:05:a4:2a:6e:fd:3d:3b:d8:72:83:61:1e:38:01:c7:24:
         d3:7f:04:73:74:9e:47:ed:fc:d4:87:2c:7d:d5:0f:3f:e6:d4:
         8f:38:85:a8:2a:a2:98:9a:1f:b0:92:4c:36:ca:85:20:24:53:
         de:31:42:5c:7d:e3:63:fa:ac:71:a6:ec:00:6c:d4:d8:04:7c:
         12:7f:bf:9e:90:1f:95:85:1a:64:27:3e:9b:74:21:f9:e0:6f:
         b4:fe:5b:70:5c:59:c7:fe:38:70:c8:f8:0f:13:7d:1a:7b:94:
         c1:44:fc:39
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPhCkRSq3eXCHVQmp38+ptCg0cb4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDAzMDA4WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MTYxODYwOTdiODAxNzA2NmExNTc1ZDIwZGYzMjhkZjVj
YThmNGFhMDkwNjVlMGYzYTJhZTZjYjFkYmI3YjM0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8fA5VQMf4JBQBCddTfJbpeOQxzKBiDMynMGWptm4F0mUp
67D5RzQoKTFy+Z3KOzcNA94w7fFRh/B7s5XjiEVCuSGVwqfc688I0WPtt3g+ysSl
JiRpxSXqvyR6KAScdyOjZL6OsDEqjg2i1xORrmBynH9F6T2+9m0LWJ4OiNdhaNLC
6WMrmn/CnBzHz2tiGUAssHWT5mN0tCafyoNKBifUSe5SwrpbxmvGShoyvm1SsXLu
2rOE8RW6XFE+icEWYsV9RcPSe/AT2rHrtdcq86AcgJLF0DkHifcO4EH7FuXQkweG
ePx5A8bZwXi0ab23g4qwEld0J7YU90FFnSUNUBelAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUe9FUrdR8Hhljvm8+podAhVsOzHIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg4YWQzZWNmLTg3OTQtNDI4YS1iYzUxLTRhYzNlZmY2Y2E2Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXUb6AwDQYJKoZIhvcNAQELBQADggEBANOedevkGzC5X8Mb4eAfT9qNmkZG
opz8bU3v8Gb/H60ZYQRC8hxFj2U7d6F9u2ebeLu1GqQ2f+f4vbArxxjOZPknhSgB
cAjyNMvfwRymB3OgjjAnWwzyQMnIM3osNgpCGajCG+ibC1ctGnM4c4cf9TI3dsT3
FpI9H0owvg+o4hVdzVBgevZsCGJ/3zLwxYKHyVQ7BaQqbv09O9hyg2EeOAHHJNN/
BHN0nkft/NSHLH3VDz/m1I84hagqopiaH7CSTDbKhSAkU94xQlx942P6rHGm7ABs
1NgEfBJ/v56QH5WFGmQnPpt0Ifngb7T+W3BcWcf+OHDI+A8TfRp7lMFE/Dk=
-----END CERTIFICATE-----