Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a788d599-2c60-4aa0-a3d2-135fff75c258.roa
File:                     a788d599-2c60-4aa0-a3d2-135fff75c258.roa (raw, json)
Hash identifier:          qepR6KjcUzcebwu+Js3wxd4lUpi19QnmBMBUTdMQ3YQ=
Subject key identifier:   1B:90:0D:E9:D2:D6:B1:D8:E2:C3:B7:90:92:38:51:B4:4A:8D:43:A0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       427D80B1C6AB8DF4A3373CED670749E086B13D9E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a788d599-2c60-4aa0-a3d2-135fff75c258.roa
Signing time:             Sun 16 Nov 2025 00:20:11 +0000
ROA not before:           Sun 16 Nov 2025 00:20:11 +0000
ROA not after:            Sun 21 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        203.88.84.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:7d:80:b1:c6:ab:8d:f4:a3:37:3c:ed:67:07:49:e0:86:b1:3d:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 16 00:20:11 2025 GMT
            Not After : Dec 21 23:59:59 2025 GMT
        Subject: serialNumber=85a42ed65926591cde8da8ae4c1f4c6b6246026b4653c7f428932b745c1bdfba, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:7e:ca:c2:db:99:53:86:8e:72:e4:60:9a:19:
                    64:68:e1:47:f7:d7:68:b9:f1:4b:cb:33:f8:b6:12:
                    e2:15:a1:ec:55:9e:30:6e:51:8a:61:3e:93:00:eb:
                    2c:54:23:27:fa:8c:b6:26:cc:cc:aa:62:b5:7c:52:
                    06:9c:6c:2b:d0:15:36:a0:63:b9:99:5f:ee:d8:76:
                    36:81:c2:3a:17:32:bf:a1:8c:6e:56:f2:4b:7a:f9:
                    8c:67:e2:9b:52:19:71:ac:1b:cb:fc:78:1c:1c:e6:
                    ee:b5:74:0c:8e:27:4d:5a:b0:6c:3c:e3:8f:46:06:
                    d5:45:0c:d0:03:ef:98:b0:d1:9a:c7:7c:6a:7a:1f:
                    89:5e:14:bc:60:8c:74:9e:82:98:66:73:60:63:38:
                    83:6e:e1:95:29:0c:a3:ad:7b:a9:15:ac:75:20:37:
                    d8:1a:93:9c:ca:62:03:f4:d6:b9:ed:4b:d7:5f:83:
                    ad:e4:96:09:8e:19:78:8a:98:98:78:71:c3:e9:05:
                    2c:41:80:01:a0:f9:ad:bd:2d:0a:8b:fa:dc:e4:0f:
                    10:81:fb:51:03:aa:64:c5:76:d6:5e:91:11:cb:f0:
                    bf:67:28:5c:f2:53:8d:c6:17:08:56:59:17:d6:71:
                    4a:bf:c0:35:37:61:56:dd:0f:0e:6b:46:aa:d8:7f:
                    59:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:90:0D:E9:D2:D6:B1:D8:E2:C3:B7:90:92:38:51:B4:4A:8D:43:A0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a788d599-2c60-4aa0-a3d2-135fff75c258.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.88.84.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:7e:88:65:4c:c6:7e:af:0e:6e:2c:34:7f:05:f7:b5:27:1f:
         e0:18:de:05:14:8a:e7:39:b8:ea:e4:a7:e6:bd:70:f2:f0:43:
         c1:bc:51:3e:27:4f:d6:ff:10:0c:a1:3f:04:bd:49:26:3d:87:
         c5:2f:9e:b0:2c:c0:f4:0e:f3:6a:1d:19:a8:f4:3d:ee:02:a5:
         83:35:30:f6:ac:ad:83:fc:2e:7d:38:54:78:cd:b9:01:e0:12:
         1d:fe:42:60:c1:4a:a5:e7:04:d4:29:9a:31:bc:14:84:f4:c6:
         c9:ba:52:f7:c0:0a:b5:54:30:a2:ce:30:5e:e3:93:c1:68:ec:
         ff:2c:e8:82:2e:f4:54:72:5a:3c:b0:27:d1:47:99:17:6f:4f:
         55:c5:c4:f6:59:cb:0a:d4:e6:d9:02:47:1e:c4:de:69:95:18:
         11:c0:c4:8e:c1:60:01:35:7b:ca:48:02:1a:f6:1f:14:89:60:
         4b:64:e2:26:58:dd:85:a5:01:47:b9:32:79:6d:c9:c7:e5:92:
         7b:e2:46:80:71:7a:6a:92:0c:76:04:30:b2:47:80:0e:08:66:
         b4:4e:9c:ff:84:24:2d:82:1d:86:39:05:3a:cc:b7:00:73:37:
         dd:ef:2b:9d:71:ce:6c:6e:7d:33:36:c0:c5:d7:77:a5:65:26:
         de:27:44:76
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQn2AscarjfSjNzztZwdJ4IaxPZ4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE2MDAyMDExWhcNMjUxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NWE0MmVkNjU5MjY1OTFjZGU4ZGE4YWU0YzFmNGM2YjYy
NDYwMjZiNDY1M2M3ZjQyODkzMmI3NDVjMWJkZmJhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZfsrC25lTho5y5GCaGWRo4Uf312i58UvLM/i2EuIVoexV
njBuUYphPpMA6yxUIyf6jLYmzMyqYrV8UgacbCvQFTagY7mZX+7YdjaBwjoXMr+h
jG5W8kt6+Yxn4ptSGXGsG8v8eBwc5u61dAyOJ01asGw8449GBtVFDNAD75iw0ZrH
fGp6H4leFLxgjHSegphmc2BjOINu4ZUpDKOte6kVrHUgN9gak5zKYgP01rntS9df
g63klgmOGXiKmJh4ccPpBSxBgAGg+a29LQqL+tzkDxCB+1EDqmTFdtZekRHL8L9n
KFzyU43GFwhWWRfWcUq/wDU3YVbdDw5rRqrYf1nZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUG5AN6dLWsdjiw7eQkjhRtEqNQ6AwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E3ODhkNTk5LTJjNjAtNGFhMC1hM2QyLTEzNWZmZjc1YzI1OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAHLWFQwDQYJKoZIhvcNAQELBQADggEBAIJ+iGVMxn6vDm4sNH8F97UnH+AY
3gUUiuc5uOrkp+a9cPLwQ8G8UT4nT9b/EAyhPwS9SSY9h8UvnrAswPQO82odGaj0
Pe4CpYM1MPasrYP8Ln04VHjNuQHgEh3+QmDBSqXnBNQpmjG8FIT0xsm6UvfACrVU
MKLOMF7jk8Fo7P8s6IIu9FRyWjywJ9FHmRdvT1XFxPZZywrU5tkCRx7E3mmVGBHA
xI7BYAE1e8pIAhr2HxSJYEtk4iZY3YWlAUe5MnltycflknviRoBxemqSDHYEMLJH
gA4IZrROnP+EJC2CHYY5BTrMtwBzN93vK51xzmxufTM2wMXXd6VlJt4nRHY=
-----END CERTIFICATE-----