Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/345a635d-bc4c-4cac-91f9-d663b0d1bdb9.roa
File:                     345a635d-bc4c-4cac-91f9-d663b0d1bdb9.roa (raw, json)
Hash identifier:          UYs9oeRHHyuO0LpJVpA3qa0lvdCxJzWEf0gvOzWPiBs=
Subject key identifier:   B4:24:F2:79:6D:B7:28:6C:06:A7:82:2A:98:86:F1:68:4E:40:B2:57
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6613BC3B0A65CF5BA649B96704EFA659E059828A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/345a635d-bc4c-4cac-91f9-d663b0d1bdb9.roa
Signing time:             Wed 22 Oct 2025 00:01:42 +0000
ROA not before:           Wed 22 Oct 2025 00:01:42 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        203.88.64.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:13:bc:3b:0a:65:cf:5b:a6:49:b9:67:04:ef:a6:59:e0:59:82:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:01:42 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=9668aa35592c878ab6dc71acf70e10d1690910de34a8ff7ee89397294a56ba07, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:07:41:ce:d3:e9:db:66:55:91:f6:67:31:5d:
                    7e:51:83:3c:ca:b4:18:ab:8d:8e:a9:fc:fa:ab:10:
                    aa:18:65:36:eb:49:2f:6c:70:38:a7:aa:dd:94:67:
                    a5:fa:6e:3b:15:b3:f0:64:cc:87:56:97:ec:42:e2:
                    06:65:5b:c2:c7:69:77:c8:ac:c1:e6:c3:3f:8b:7e:
                    cf:00:a2:1c:5e:a9:cd:cf:85:01:42:48:4f:fd:bf:
                    8a:2a:b7:5f:1f:d2:76:a3:3e:de:9d:74:d1:de:e8:
                    c9:ff:72:37:6f:a0:76:60:74:8d:eb:ab:81:17:c3:
                    5f:34:1f:11:11:18:3e:1d:59:35:c0:a0:bb:05:e7:
                    1f:fe:23:a8:e1:7d:ab:10:d1:72:a3:8f:ba:84:39:
                    6a:07:85:52:57:9d:33:3e:6a:18:e5:b7:61:0a:86:
                    52:98:69:6f:81:03:94:14:20:f8:80:95:e3:65:de:
                    8c:dd:6f:c9:bb:0b:8e:40:f5:f8:99:f9:4f:f8:06:
                    e5:c2:f7:a7:6a:3e:40:b7:79:68:a5:d0:fe:41:1d:
                    7d:5d:95:2e:53:ea:88:96:45:44:98:32:f1:ef:00:
                    7c:3d:74:05:92:aa:fd:29:00:c8:67:54:d8:7a:2a:
                    5a:a1:d0:9e:3e:0f:4c:ed:01:46:c6:8a:22:e6:1d:
                    fb:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:24:F2:79:6D:B7:28:6C:06:A7:82:2A:98:86:F1:68:4E:40:B2:57
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/345a635d-bc4c-4cac-91f9-d663b0d1bdb9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.88.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         0b:af:80:b6:0d:6d:78:37:2a:9c:9f:92:c7:7c:f5:1a:25:bf:
         51:d4:af:82:98:d5:e9:b8:58:03:d8:fc:3a:59:4d:4d:c5:69:
         d6:bb:c8:fc:74:c5:32:17:a8:4f:42:d8:96:5d:9e:2b:db:5c:
         26:e0:5a:14:d4:e9:92:8d:b9:eb:ff:7d:b4:0d:c5:02:52:40:
         76:b3:3e:33:97:96:66:8b:8a:47:15:da:74:95:8b:cd:66:e7:
         25:1a:fb:8a:ad:a4:cf:e9:74:d9:0d:f6:9d:30:2b:28:da:34:
         1c:f8:00:ba:1c:88:1d:e8:0f:44:ae:0c:0f:1a:a2:3b:a8:7a:
         9b:18:3f:df:a4:0e:6a:7a:3a:55:2d:ba:5e:23:a8:68:86:28:
         44:cc:b0:66:b0:f0:b0:94:67:32:4e:b5:db:66:45:eb:17:e4:
         47:14:ac:0f:0e:32:0b:e4:d3:2b:9b:81:60:c5:04:dc:c0:f1:
         da:c4:1c:1b:74:3d:d1:4c:d8:79:58:12:45:d0:03:4a:c4:63:
         7c:1f:e1:c6:39:52:f0:bb:c4:58:55:15:a4:92:76:43:f7:7f:
         45:9f:f6:29:4a:a3:18:55:cd:6f:3a:5f:bf:02:39:00:7c:62:
         f5:ef:44:a3:4d:47:d4:7d:43:ba:18:78:8e:d6:e9:cb:8b:d5:
         ae:03:98:a1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZhO8Owplz1umSblnBO+mWeBZgoowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAwMTQyWhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NjY4YWEzNTU5MmM4NzhhYjZkYzcxYWNmNzBlMTBkMTY5
MDkxMGRlMzRhOGZmN2VlODkzOTcyOTRhNTZiYTA3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrB0HO0+nbZlWR9mcxXX5RgzzKtBirjY6p/PqrEKoYZTbr
SS9scDinqt2UZ6X6bjsVs/BkzIdWl+xC4gZlW8LHaXfIrMHmwz+Lfs8Aohxeqc3P
hQFCSE/9v4oqt18f0najPt6ddNHe6Mn/cjdvoHZgdI3rq4EXw180HxERGD4dWTXA
oLsF5x/+I6jhfasQ0XKjj7qEOWoHhVJXnTM+ahjlt2EKhlKYaW+BA5QUIPiAleNl
3ozdb8m7C45A9fiZ+U/4BuXC96dqPkC3eWil0P5BHX1dlS5T6oiWRUSYMvHvAHw9
dAWSqv0pAMhnVNh6Klqh0J4+D0ztAUbGiiLmHfsrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtCTyeW23KGwGp4IqmIbxaE5AslcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM0NWE2MzVkLWJjNGMtNGNhYy05MWY5LWQ2NjNiMGQxYmRiOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATLWEAwDQYJKoZIhvcNAQELBQADggEBAAuvgLYNbXg3Kpyfksd89Rolv1HU
r4KY1em4WAPY/DpZTU3Fada7yPx0xTIXqE9C2JZdnivbXCbgWhTU6ZKNuev/fbQN
xQJSQHazPjOXlmaLikcV2nSVi81m5yUa+4qtpM/pdNkN9p0wKyjaNBz4ALociB3o
D0SuDA8aojuoepsYP9+kDmp6OlUtul4jqGiGKETMsGaw8LCUZzJOtdtmResX5EcU
rA8OMgvk0yubgWDFBNzA8drEHBt0PdFM2HlYEkXQA0rEY3wf4cY5UvC7xFhVFaSS
dkP3f0Wf9ilKoxhVzW86X78COQB8YvXvRKNNR9R9Q7oYeI7W6cuL1a4DmKE=
-----END CERTIFICATE-----