Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/88ad3ecf-8794-428a-bc51-4ac3eff6ca62.roa
File:                     88ad3ecf-8794-428a-bc51-4ac3eff6ca62.roa (raw, json)
Hash identifier:          EKtCed66VckHCroUa/Lnia/YMZKizjM1jlTZiC+Ab/E=
Subject key identifier:   C6:FD:FD:76:B6:F2:61:D6:41:39:F7:64:94:78:06:17:BE:B4:A4:30
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       457B5C85BC246560483105510F0ADB9C04AC696E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/88ad3ecf-8794-428a-bc51-4ac3eff6ca62.roa
Signing time:             Fri 28 Mar 2025 00:01:43 +0000
ROA not before:           Fri 28 Mar 2025 00:01:43 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        212.111.160.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:7b:5c:85:bc:24:65:60:48:31:05:51:0f:0a:db:9c:04:ac:69:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 28 00:01:43 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:af:a2:79:12:bd:05:6c:b5:83:22:3a:a7:51:
                    28:04:72:74:ec:e5:00:11:d0:04:97:49:72:70:41:
                    65:5f:6b:75:4b:cd:6b:5e:0e:69:2a:47:94:d6:75:
                    cc:8c:0c:77:61:9e:12:29:19:ab:45:84:36:95:40:
                    5f:1b:b7:9f:04:b4:60:48:5e:d9:2c:2c:65:71:df:
                    8a:f2:40:e9:84:15:0d:3f:ce:ed:ef:60:68:b0:16:
                    78:b6:df:61:1b:63:17:36:13:2c:b6:bc:58:72:c6:
                    3c:9c:b9:69:f8:c7:34:6f:b2:85:18:67:2c:0a:e8:
                    35:cb:85:83:fc:b2:88:55:24:85:73:e6:65:9c:7f:
                    be:3f:e3:72:f2:75:30:0e:8b:5a:bc:4a:4e:12:c7:
                    5f:12:c9:d7:95:71:26:dc:be:71:c2:63:cf:11:24:
                    8c:ed:81:37:38:7c:87:82:b6:1e:f2:46:df:c0:5c:
                    8b:1f:e3:94:31:37:f3:62:a5:fe:6d:55:13:5d:3f:
                    f8:57:47:5b:15:63:ae:10:60:19:06:ca:da:56:23:
                    31:14:65:ba:8a:be:d8:4d:7c:a2:55:23:e2:90:41:
                    90:b5:82:7b:d5:0f:28:2b:32:11:71:5d:54:c3:da:
                    2a:93:e1:70:d9:8a:05:13:bb:b8:03:e7:4d:76:b2:
                    96:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:FD:FD:76:B6:F2:61:D6:41:39:F7:64:94:78:06:17:BE:B4:A4:30
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/88ad3ecf-8794-428a-bc51-4ac3eff6ca62.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.111.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         76:40:77:80:16:a9:fd:d5:5c:ba:df:49:60:9e:1d:88:5d:2a:
         5f:d8:71:8c:6d:37:5e:b7:5d:db:b4:8d:4d:ab:9a:a9:02:b3:
         fc:43:d7:43:12:97:a5:ad:58:49:a7:eb:3a:32:48:66:0b:da:
         77:03:7a:96:85:4f:6b:17:a6:a9:3e:3b:02:6c:dc:9f:c9:15:
         e2:17:99:a8:23:69:16:70:86:b3:c3:8b:93:4c:a3:74:9d:53:
         a6:81:e1:53:0f:56:d3:33:55:5a:a2:8c:d1:06:b7:1f:4f:03:
         9f:88:4c:c3:43:e9:f8:87:84:0a:73:79:49:d4:1c:30:03:c1:
         83:c0:aa:6a:34:d0:af:d7:99:3e:f2:58:25:34:84:98:fc:4c:
         46:01:83:84:3a:d0:36:3c:14:27:b2:95:93:1b:8d:88:d5:81:
         0f:c6:77:41:f6:04:c1:64:f8:78:20:79:88:9b:93:d7:ae:7a:
         a5:f4:7f:86:73:0a:05:cf:ec:af:c2:94:dd:c2:eb:47:4d:76:
         43:98:cd:d2:e2:c3:60:59:c1:1f:a4:b4:ff:5d:f4:00:c4:8a:
         3b:d3:81:b2:c9:f8:f2:a1:b0:25:e5:b6:79:d3:5a:2c:c9:83:
         8e:a9:86:05:47:a3:1b:6d:d5:b9:c8:60:38:e9:42:be:f0:3c:
         9e:bc:3f:bd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURXtchbwkZWBIMQVRDwrbnASsaW4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI4MDAwMTQzWhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BkOWZmYjBlMjdlOTg3MDAxMTFiNmJiOTViNTU0ZGYyNzVh
OTBlMmQ0M2ZkYzRlOTAzY2Y4MWY1ZmE0YjhmNjg0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNr6J5Er0FbLWDIjqnUSgEcnTs5QAR0ASXSXJwQWVfa3VL
zWteDmkqR5TWdcyMDHdhnhIpGatFhDaVQF8bt58EtGBIXtksLGVx34ryQOmEFQ0/
zu3vYGiwFni232EbYxc2Eyy2vFhyxjycuWn4xzRvsoUYZywK6DXLhYP8sohVJIVz
5mWcf74/43LydTAOi1q8Sk4Sx18SydeVcSbcvnHCY88RJIztgTc4fIeCth7yRt/A
XIsf45QxN/Nipf5tVRNdP/hXR1sVY64QYBkGytpWIzEUZbqKvthNfKJVI+KQQZC1
gnvVDygrMhFxXVTD2iqT4XDZigUTu7gD5012spbRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxv39drbyYdZBOfdklHgGF760pDAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg4YWQzZWNmLTg3OTQtNDI4YS1iYzUxLTRhYzNlZmY2Y2E2Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXUb6AwDQYJKoZIhvcNAQELBQADggEBAHZAd4AWqf3VXLrfSWCeHYhdKl/Y
cYxtN163Xdu0jU2rmqkCs/xD10MSl6WtWEmn6zoySGYL2ncDepaFT2sXpqk+OwJs
3J/JFeIXmagjaRZwhrPDi5NMo3SdU6aB4VMPVtMzVVqijNEGtx9PA5+ITMND6fiH
hApzeUnUHDADwYPAqmo00K/XmT7yWCU0hJj8TEYBg4Q60DY8FCeylZMbjYjVgQ/G
d0H2BMFk+HggeYibk9eueqX0f4ZzCgXP7K/ClN3C60dNdkOYzdLiw2BZwR+ktP9d
9ADEijvTgbLJ+PKhsCXltnnTWizJg46phgVHoxtt1bnIYDjpQr7wPJ68P70=
-----END CERTIFICATE-----