Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ee522d32-18fa-41ec-9fef-6162dfabf12f.roa
File:                     ee522d32-18fa-41ec-9fef-6162dfabf12f.roa (raw, json)
Hash identifier:          Xxohpy+lO5SNQWNPKZeVlTAVpxdH41KeGX57JLHn/wM=
Subject key identifier:   42:3A:8F:3B:17:1D:AA:0D:A8:47:CC:1B:71:71:E2:A2:BD:E0:67:AD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       77831F359DBF9621C46D7893077CEF3337049B56
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ee522d32-18fa-41ec-9fef-6162dfabf12f.roa
Signing time:             Sun 16 Nov 2025 00:30:13 +0000
ROA not before:           Sun 16 Nov 2025 00:30:13 +0000
ROA not after:            Sun 21 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        203.88.92.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:83:1f:35:9d:bf:96:21:c4:6d:78:93:07:7c:ef:33:37:04:9b:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 16 00:30:13 2025 GMT
            Not After : Dec 21 23:59:59 2025 GMT
        Subject: serialNumber=3489e6c6e0e6181f3b98c59474a4d587fdb55bd0b6b625ec4660607849fcaba0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:6d:77:fc:2c:2f:b1:a7:11:0f:e2:60:d3:77:
                    46:a0:e8:53:b9:f4:8b:32:cb:f2:54:93:2b:41:71:
                    9a:10:ce:3e:41:c6:f6:be:82:62:2c:3f:2d:3c:23:
                    43:61:7d:65:83:75:3e:09:ce:c8:a7:ee:6b:09:17:
                    7c:70:43:2e:47:ef:76:4e:9d:3c:7a:dc:f5:69:19:
                    e1:d3:95:58:2a:aa:ee:e6:a5:18:b8:7a:a7:28:b9:
                    b1:cd:88:63:60:5d:bc:2a:f0:b2:d4:8e:0c:b1:a8:
                    cd:2d:7d:34:fa:d3:ad:98:1e:57:be:1d:50:54:29:
                    41:6a:35:e8:cb:6a:22:74:b5:76:64:ed:41:a9:5d:
                    0c:49:a7:df:aa:13:5b:e2:5d:e7:1e:70:c9:a0:6c:
                    6e:49:01:a6:51:b9:5a:38:16:89:66:33:92:50:a2:
                    c8:33:f6:0a:21:29:e9:25:1e:ec:bf:01:20:ac:74:
                    9f:3a:c0:14:b0:0f:fb:18:e0:f1:4d:0c:5d:59:6e:
                    25:4b:cb:98:16:7c:09:2f:a3:00:ad:00:5a:25:8d:
                    fe:28:c9:c3:56:0e:7b:50:c1:29:ec:dc:5a:4b:43:
                    f3:6b:14:ba:9b:9a:59:1d:38:31:86:13:48:df:54:
                    9e:81:2f:23:16:67:e0:2b:34:17:0e:bc:c7:9a:ad:
                    60:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:3A:8F:3B:17:1D:AA:0D:A8:47:CC:1B:71:71:E2:A2:BD:E0:67:AD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ee522d32-18fa-41ec-9fef-6162dfabf12f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.88.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:29:84:cd:9a:f3:78:00:77:b3:e5:b8:ea:1e:2f:6f:96:c0:
         31:39:0d:95:61:96:f4:08:c7:95:bc:ac:bf:c5:fb:ed:62:be:
         f3:f5:7e:ac:18:70:25:c8:8b:d6:b0:0a:dc:a9:5c:40:15:5c:
         d7:fe:d1:3a:fb:54:b2:05:8f:f8:bb:39:8f:bd:f2:1a:2a:a6:
         52:33:cb:4b:9a:5c:f1:d6:7d:e6:7c:e4:0e:3a:ad:70:9b:52:
         6b:5e:1c:ea:bd:2a:63:d3:95:c2:b7:e1:da:ed:c7:73:24:3d:
         95:98:bc:1f:04:0d:d6:5d:89:87:93:c3:08:82:ba:61:f2:18:
         ef:3a:91:8c:f9:f7:2d:b2:6d:e5:0f:78:e7:f5:4f:18:9b:30:
         1c:68:a0:9c:9a:79:aa:61:79:d7:a3:04:b6:d1:c6:15:a9:3e:
         8f:11:6d:88:67:7e:b6:14:48:7f:fa:27:bc:0b:69:cd:23:07:
         15:b3:ca:45:49:f1:0a:99:98:5a:4d:33:c1:f1:d6:34:03:10:
         89:a0:f8:a2:76:cc:17:5b:28:01:94:eb:1c:05:04:a5:16:94:
         2c:21:54:64:51:9b:57:3d:ba:12:49:30:ac:af:90:1f:49:45:
         17:a1:4e:45:48:9e:ea:21:c4:fe:fe:2d:2c:20:b9:6b:6f:b3:
         9c:b7:52:3d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUd4MfNZ2/liHEbXiTB3zvMzcEm1YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE2MDAzMDEzWhcNMjUxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AzNDg5ZTZjNmUwZTYxODFmM2I5OGM1OTQ3NGE0ZDU4N2Zk
YjU1YmQwYjZiNjI1ZWM0NjYwNjA3ODQ5ZmNhYmEwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCubXf8LC+xpxEP4mDTd0ag6FO59Isyy/JUkytBcZoQzj5B
xva+gmIsPy08I0NhfWWDdT4Jzsin7msJF3xwQy5H73ZOnTx63PVpGeHTlVgqqu7m
pRi4eqcoubHNiGNgXbwq8LLUjgyxqM0tfTT6062YHle+HVBUKUFqNejLaiJ0tXZk
7UGpXQxJp9+qE1viXececMmgbG5JAaZRuVo4FolmM5JQosgz9gohKeklHuy/ASCs
dJ86wBSwD/sY4PFNDF1ZbiVLy5gWfAkvowCtAFoljf4oycNWDntQwSns3FpLQ/Nr
FLqbmlkdODGGE0jfVJ6BLyMWZ+ArNBcOvMearWBHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQjqPOxcdqg2oR8wbcXHior3gZ60wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VlNTIyZDMyLTE4ZmEtNDFlYy05ZmVmLTYxNjJkZmFiZjEyZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAHLWFwwDQYJKoZIhvcNAQELBQADggEBACophM2a83gAd7PluOoeL2+WwDE5
DZVhlvQIx5W8rL/F++1ivvP1fqwYcCXIi9awCtypXEAVXNf+0Tr7VLIFj/i7OY+9
8hoqplIzy0uaXPHWfeZ85A46rXCbUmteHOq9KmPTlcK34drtx3MkPZWYvB8EDdZd
iYeTwwiCumHyGO86kYz59y2ybeUPeOf1TxibMBxooJyaeaphedejBLbRxhWpPo8R
bYhnfrYUSH/6J7wLac0jBxWzykVJ8QqZmFpNM8Hx1jQDEImg+KJ2zBdbKAGU6xwF
BKUWlCwhVGRRm1c9uhJJMKyvkB9JRRehTkVInuohxP7+LSwguWtvs5y3Uj0=
-----END CERTIFICATE-----