Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9efa147a-8234-4801-a8dd-96fc19dc752f.roa
File:                     9efa147a-8234-4801-a8dd-96fc19dc752f.roa (raw, json)
Hash identifier:          523qDW3Uon8H//I9dGCr/z0DKUUq0Fx9oLlmQHvgbgE=
Subject key identifier:   CF:43:71:32:81:B9:39:05:49:39:15:90:78:47:35:5E:E0:23:91:89
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4C7D60A00B4EB882DC419EF2F41A5A2F97852590
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9efa147a-8234-4801-a8dd-96fc19dc752f.roa
Signing time:             Sat 18 Oct 2025 05:11:41 +0000
ROA not before:           Sat 18 Oct 2025 05:11:41 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        119.13.11.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:7d:60:a0:0b:4e:b8:82:dc:41:9e:f2:f4:1a:5a:2f:97:85:25:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 05:11:41 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=001a787bc5b7518f3c1a2863eee9eace4ee9a9ad6144df1333f356ad125c0267, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:58:1d:38:7b:de:c2:48:5e:69:af:f3:8e:74:
                    4c:22:27:8e:ec:81:52:3f:83:80:1f:7c:ca:5c:6f:
                    e2:97:e6:9f:38:14:ba:ed:78:aa:d2:d1:55:88:58:
                    a3:b7:dd:5b:2d:75:48:e4:56:f7:d5:00:ce:63:9d:
                    d5:32:a6:10:94:18:16:88:e7:c4:2e:52:2d:91:de:
                    76:e1:f2:c5:1f:a3:78:33:bc:38:fe:14:90:89:69:
                    5d:48:dd:ee:42:46:b9:ea:50:f9:2b:a3:03:a8:4d:
                    a4:0f:f5:ed:54:95:c2:93:c2:96:7f:8e:25:55:35:
                    48:13:09:2f:72:91:3d:bb:f0:53:cf:e1:fd:dc:81:
                    f8:c3:e0:0b:f4:e2:e4:0a:42:04:12:0a:87:5c:f6:
                    7e:1c:e2:b1:75:03:5d:9f:25:2b:dd:2e:b0:06:e9:
                    e8:cb:64:21:64:ae:d4:55:57:fe:5f:a6:56:0d:f0:
                    0d:bb:a8:c1:bb:49:19:e4:f4:37:13:b6:ee:54:bb:
                    62:75:3c:f6:ac:7c:a9:9b:4c:81:62:6e:a2:76:7e:
                    22:71:24:d8:25:98:16:a0:08:f0:ab:71:2b:fe:48:
                    97:62:69:9e:ea:60:70:aa:b0:dd:ac:cf:8a:f5:39:
                    71:5c:6c:fa:81:7f:49:19:04:a1:ab:d6:39:4f:ac:
                    a7:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:43:71:32:81:B9:39:05:49:39:15:90:78:47:35:5E:E0:23:91:89
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9efa147a-8234-4801-a8dd-96fc19dc752f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.13.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:21:ee:44:22:b2:bc:7e:f7:4c:a2:a8:af:13:ac:8d:5e:7e:
         c6:8b:4b:b0:bb:c4:6b:92:c9:f5:00:86:37:bf:2b:ce:91:0c:
         0a:ae:49:9a:4a:d9:3e:f3:76:e9:6d:a5:80:1b:8e:40:7a:b2:
         5b:5b:48:6b:f2:d3:cf:e1:23:56:02:ac:31:ca:f8:31:7e:b7:
         f3:f8:43:2f:d5:a8:86:7e:77:cc:b3:c0:a7:cf:06:f8:0f:47:
         7a:f9:d9:0c:f0:bc:9c:d6:28:f3:12:11:58:cc:ed:36:7f:cc:
         89:ee:30:75:da:73:0e:79:29:ae:45:7c:62:41:cd:9f:02:72:
         d0:d0:99:ff:c2:21:c7:5e:14:0e:fc:b0:7e:a6:0b:24:09:44:
         ac:76:2e:63:ee:0e:7d:b0:bf:8a:4a:67:d4:91:77:6e:50:7f:
         1a:64:74:78:de:8d:c5:74:12:8c:6f:58:32:f8:e3:f9:d7:0d:
         28:f9:af:93:86:99:4a:df:ba:38:6f:4b:1b:d7:d0:f8:e7:4f:
         b2:9b:85:bf:2f:00:0a:73:7b:c6:ea:29:1f:c8:44:1d:80:35:
         36:c3:79:bd:67:c0:85:49:ea:4c:23:a8:d1:7a:3b:1c:fe:34:
         5e:17:e6:8d:3a:b7:ff:f6:29:a0:c9:64:35:2f:53:18:70:45:
         cf:d2:0a:7e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTH1goAtOuILcQZ7y9BpaL5eFJZAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDUxMTQxWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwMDFhNzg3YmM1Yjc1MThmM2MxYTI4NjNlZWU5ZWFjZTRl
ZTlhOWFkNjE0NGRmMTMzM2YzNTZhZDEyNWMwMjY3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClWB04e97CSF5pr/OOdEwiJ47sgVI/g4AffMpcb+KX5p84
FLrteKrS0VWIWKO33VstdUjkVvfVAM5jndUyphCUGBaI58QuUi2R3nbh8sUfo3gz
vDj+FJCJaV1I3e5CRrnqUPkrowOoTaQP9e1UlcKTwpZ/jiVVNUgTCS9ykT278FPP
4f3cgfjD4Av04uQKQgQSCodc9n4c4rF1A12fJSvdLrAG6ejLZCFkrtRVV/5fplYN
8A27qMG7SRnk9DcTtu5Uu2J1PPasfKmbTIFibqJ2fiJxJNglmBagCPCrcSv+SJdi
aZ7qYHCqsN2sz4r1OXFcbPqBf0kZBKGr1jlPrKcFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUz0NxMoG5OQVJORWQeEc1XuAjkYkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzllZmExNDdhLTgyMzQtNDgwMS1hOGRkLTk2ZmMxOWRjNzUyZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAB3DQswDQYJKoZIhvcNAQELBQADggEBAIUh7kQisrx+90yiqK8TrI1efsaL
S7C7xGuSyfUAhje/K86RDAquSZpK2T7zdultpYAbjkB6sltbSGvy08/hI1YCrDHK
+DF+t/P4Qy/VqIZ+d8yzwKfPBvgPR3r52QzwvJzWKPMSEVjM7TZ/zInuMHXacw55
Ka5FfGJBzZ8CctDQmf/CIcdeFA78sH6mCyQJRKx2LmPuDn2wv4pKZ9SRd25Qfxpk
dHjejcV0EoxvWDL44/nXDSj5r5OGmUrfujhvSxvX0PjnT7Kbhb8vAApze8bqKR/I
RB2ANTbDeb1nwIVJ6kwjqNF6Oxz+NF4X5o06t//2KaDJZDUvUxhwRc/SCn4=
-----END CERTIFICATE-----