Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/345a635d-bc4c-4cac-91f9-d663b0d1bdb9.roa
File:                     345a635d-bc4c-4cac-91f9-d663b0d1bdb9.roa (raw, json)
Hash identifier:          HYPI2aJGQbHemvnAIqw6SsB7lB/h5y5rN4Z5iUBcajU=
Subject key identifier:   1F:1C:96:60:55:F6:23:1C:0A:3A:D1:D0:EC:F8:64:E9:C1:83:97:3C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4D24448E36FCBBFFDE82BA9682CAA9C63F71E61C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/345a635d-bc4c-4cac-91f9-d663b0d1bdb9.roa
Signing time:             Sat 27 Sep 2025 00:01:14 +0000
ROA not before:           Sat 27 Sep 2025 00:01:14 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        203.88.64.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:24:44:8e:36:fc:bb:ff:de:82:ba:96:82:ca:a9:c6:3f:71:e6:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 27 00:01:14 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=c547b27ab42f9e08690248a9411875eec720e241f721b9403b5761d07d063f56, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:1c:4f:ba:15:34:c5:15:7c:77:89:fb:55:50:
                    b4:3c:53:b7:cf:ba:cc:03:9c:3b:51:d0:6d:57:d5:
                    d4:ca:40:21:fa:b7:34:ad:48:79:11:3e:c5:f0:68:
                    c1:21:57:82:46:4e:b6:41:e2:3a:e8:78:9b:57:9e:
                    d3:8d:13:c6:c1:45:38:11:54:df:d6:45:88:c4:ec:
                    33:5d:28:6e:47:bc:a0:a3:e3:be:4f:e6:d5:40:16:
                    42:4b:1c:a8:e2:30:54:f9:a1:4f:9f:b4:1f:33:ae:
                    a6:24:21:d6:56:ea:e1:4a:25:7d:2f:e1:34:b8:7b:
                    e5:19:89:4d:3f:93:dd:e9:05:73:94:0e:ba:99:b5:
                    33:8c:04:07:34:99:12:44:4a:df:14:4a:86:24:f3:
                    24:99:41:3a:f0:04:1c:13:5d:27:21:57:c1:73:54:
                    5a:ef:29:0f:18:4f:ac:b9:8d:9e:e7:36:2c:f1:15:
                    d9:43:66:be:71:94:a0:f7:4c:3c:bb:ce:61:4b:f8:
                    4b:08:05:a0:23:81:0a:6a:f3:38:63:cf:d6:a6:ad:
                    0f:2a:04:de:de:26:cd:27:69:13:34:6e:fa:07:49:
                    22:62:5f:fb:a2:52:c5:4e:2e:21:9f:3c:89:e0:c5:
                    a3:5f:b3:71:96:68:f8:61:6d:9a:3f:d7:a7:81:85:
                    2a:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:1C:96:60:55:F6:23:1C:0A:3A:D1:D0:EC:F8:64:E9:C1:83:97:3C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/345a635d-bc4c-4cac-91f9-d663b0d1bdb9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.88.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         57:38:b7:25:dc:32:1c:19:fc:68:96:47:82:8a:a9:56:dc:12:
         54:95:8e:4f:77:fd:e8:b0:8f:71:0c:f1:54:d3:49:cc:98:75:
         e8:96:ca:e2:fb:5f:63:ee:ce:fd:8d:32:f7:36:09:93:43:fe:
         21:c8:4d:47:17:08:44:52:a3:c5:7c:fb:1a:6b:54:9f:59:99:
         03:7d:ea:b1:82:84:51:aa:40:f6:de:94:70:84:11:23:ff:2a:
         9e:19:02:79:47:ea:8a:a8:a7:82:21:76:9a:1b:aa:28:46:3b:
         42:85:a2:84:30:78:fd:2c:00:36:8d:16:71:81:9b:2a:7b:72:
         8f:ce:30:9a:7d:aa:dd:bf:1b:6b:78:ca:ea:e8:b6:e9:bd:dc:
         84:cb:d8:cd:0d:01:e7:04:be:dd:12:6f:0f:41:a8:ce:73:c5:
         ca:91:39:58:7e:0d:4f:81:1f:b9:36:0b:9d:fd:8d:f9:3b:54:
         4d:0c:59:84:cb:df:0c:9c:05:84:e5:4e:b8:40:99:82:74:c0:
         92:df:83:b9:df:e0:90:7d:65:1b:d4:eb:0f:cf:f6:cf:bc:0a:
         e8:6e:97:98:59:72:f4:21:18:2f:90:93:e0:cd:75:92:5d:42:
         d5:9d:cf:69:65:74:a4:f8:5a:9c:73:14:ec:c1:dd:38:16:4d:
         94:88:ed:81
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTSREjjb8u//egrqWgsqpxj9x5hwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI3MDAwMTE0WhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNTQ3YjI3YWI0MmY5ZTA4NjkwMjQ4YTk0MTE4NzVlZWM3
MjBlMjQxZjcyMWI5NDAzYjU3NjFkMDdkMDYzZjU2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjHE+6FTTFFXx3iftVULQ8U7fPuswDnDtR0G1X1dTKQCH6
tzStSHkRPsXwaMEhV4JGTrZB4jroeJtXntONE8bBRTgRVN/WRYjE7DNdKG5HvKCj
475P5tVAFkJLHKjiMFT5oU+ftB8zrqYkIdZW6uFKJX0v4TS4e+UZiU0/k93pBXOU
DrqZtTOMBAc0mRJESt8USoYk8ySZQTrwBBwTXSchV8FzVFrvKQ8YT6y5jZ7nNizx
FdlDZr5xlKD3TDy7zmFL+EsIBaAjgQpq8zhjz9amrQ8qBN7eJs0naRM0bvoHSSJi
X/uiUsVOLiGfPIngxaNfs3GWaPhhbZo/16eBhSoZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHxyWYFX2IxwKOtHQ7Phk6cGDlzwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM0NWE2MzVkLWJjNGMtNGNhYy05MWY5LWQ2NjNiMGQxYmRiOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATLWEAwDQYJKoZIhvcNAQELBQADggEBAFc4tyXcMhwZ/GiWR4KKqVbcElSV
jk93/eiwj3EM8VTTScyYdeiWyuL7X2Puzv2NMvc2CZND/iHITUcXCERSo8V8+xpr
VJ9ZmQN96rGChFGqQPbelHCEESP/Kp4ZAnlH6oqop4IhdpobqihGO0KFooQweP0s
ADaNFnGBmyp7co/OMJp9qt2/G2t4yurotum93ITL2M0NAecEvt0Sbw9BqM5zxcqR
OVh+DU+BH7k2C539jfk7VE0MWYTL3wycBYTlTrhAmYJ0wJLfg7nf4JB9ZRvU6w/P
9s+8Cuhul5hZcvQhGC+Qk+DNdZJdQtWdz2lldKT4WpxzFOzB3TgWTZSI7YE=
-----END CERTIFICATE-----