Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3c60dda9-8882-487b-951b-14baa9359e8e.roa
File:                     3c60dda9-8882-487b-951b-14baa9359e8e.roa (raw, json)
Hash identifier:          jFSn1TAqhC6zJdjuruhUk5GIpWelntfl4HcO/IKXcd0=
Subject key identifier:   D7:89:7E:ED:21:A7:DE:85:D5:36:64:E7:A3:83:DF:3D:39:B4:3F:53
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       520F3CEC313C4A6B93DDD57CC161221070491A75
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3c60dda9-8882-487b-951b-14baa9359e8e.roa
Signing time:             Wed 05 Nov 2025 00:21:17 +0000
ROA not before:           Wed 05 Nov 2025 00:21:17 +0000
ROA not after:            Wed 10 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        125.253.160.0/19 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:0f:3c:ec:31:3c:4a:6b:93:dd:d5:7c:c1:61:22:10:70:49:1a:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  5 00:21:17 2025 GMT
            Not After : Dec 10 23:59:59 2025 GMT
        Subject: serialNumber=3427df2253e39bc54f05c9bb58b59705007f5250d90192f294dbb1c453f1bf9e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:fb:f6:01:5d:2e:8d:0b:cb:e4:00:7f:bf:f2:
                    c5:d7:9d:b7:3e:34:68:66:e7:5a:8d:79:3d:5c:a3:
                    8a:59:e4:78:90:bb:2c:d9:e2:35:05:53:bf:d8:52:
                    6b:3f:e4:66:0f:db:50:ce:27:f1:66:da:45:67:5c:
                    e6:47:3c:f0:8a:b4:64:6c:b8:b1:70:76:07:30:08:
                    70:dc:d6:c7:99:c6:9a:23:8c:0a:72:c0:5d:db:66:
                    9c:42:d1:c0:53:fe:fc:a8:56:07:79:ce:38:55:c9:
                    cd:17:9b:6a:24:9d:ea:28:23:ce:d6:0b:6c:d7:65:
                    24:69:28:9f:b7:a3:7e:e8:30:a3:aa:6f:a4:a4:d4:
                    6f:5d:9d:21:bb:ec:92:46:3c:21:94:c6:06:fc:53:
                    36:95:21:5b:08:f9:41:8e:cd:84:43:93:58:66:6b:
                    1f:0b:73:91:6a:c7:1b:85:6a:1d:23:a5:0b:36:9a:
                    59:cd:c8:ae:be:6b:e4:de:9b:07:b6:2c:e0:01:81:
                    ab:aa:4b:65:95:11:ef:86:46:24:6f:6f:6c:fb:52:
                    3f:35:a7:77:f0:72:51:ef:b9:fb:e2:58:67:b0:88:
                    6d:79:f7:4c:48:67:f3:9a:f7:be:2b:23:5a:af:56:
                    19:7b:24:85:d3:2d:45:a7:42:ee:24:85:77:9e:24:
                    39:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:89:7E:ED:21:A7:DE:85:D5:36:64:E7:A3:83:DF:3D:39:B4:3F:53
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3c60dda9-8882-487b-951b-14baa9359e8e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  125.253.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         d7:d7:e9:ba:5d:ee:df:f2:79:43:72:0e:4d:ef:f1:4e:08:bf:
         69:6c:41:f0:6f:5f:d4:97:ee:0b:f4:04:ec:a3:ab:18:a6:be:
         1f:28:1c:dd:db:6e:ca:2b:48:34:71:6c:76:3b:11:c3:2b:c7:
         3b:6c:ed:ab:14:29:67:86:c0:6b:a6:88:8a:32:83:61:16:2e:
         b7:8e:51:43:f5:8e:93:3c:a2:c2:3e:f2:18:28:c7:c0:2b:21:
         7a:f2:f1:a8:cf:f8:86:47:31:d5:bc:d8:d4:43:04:dc:e9:03:
         ab:98:fc:99:5f:a7:98:2b:6f:6c:88:dd:68:69:dc:52:96:0b:
         1a:eb:d1:46:4d:8a:a6:8d:8b:c2:ec:bc:46:e6:22:cd:13:c3:
         23:ca:c4:b2:dd:b4:35:db:09:c1:1c:f9:05:59:43:a8:55:29:
         16:75:da:c4:f8:5a:38:0e:74:fc:eb:63:11:ca:9b:0b:01:54:
         86:18:e2:24:6d:86:44:fe:fc:90:15:da:24:9c:9f:3e:d1:a6:
         8a:f8:7a:3a:aa:b2:13:a2:9f:22:bf:89:f9:67:8f:5d:fe:95:
         78:fc:f4:92:18:a7:7f:46:da:2c:29:8e:c0:73:af:98:61:c5:
         9d:95:e9:48:13:04:84:ae:ee:e2:ca:50:de:10:a8:58:70:b4:
         0f:5d:e2:00
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUg887DE8SmuT3dV8wWEiEHBJGnUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA1MDAyMTE3WhcNMjUxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzNDI3ZGYyMjUzZTM5YmM1NGYwNWM5YmI1OGI1OTcwNTAw
N2Y1MjUwZDkwMTkyZjI5NGRiYjFjNDUzZjFiZjllMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDc+/YBXS6NC8vkAH+/8sXXnbc+NGhm51qNeT1co4pZ5HiQ
uyzZ4jUFU7/YUms/5GYP21DOJ/Fm2kVnXOZHPPCKtGRsuLFwdgcwCHDc1seZxpoj
jApywF3bZpxC0cBT/vyoVgd5zjhVyc0Xm2okneooI87WC2zXZSRpKJ+3o37oMKOq
b6Sk1G9dnSG77JJGPCGUxgb8UzaVIVsI+UGOzYRDk1hmax8Lc5FqxxuFah0jpQs2
mlnNyK6+a+Temwe2LOABgauqS2WVEe+GRiRvb2z7Uj81p3fwclHvufviWGewiG15
90xIZ/Oa974rI1qvVhl7JIXTLUWnQu4khXeeJDkLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU14l+7SGn3oXVNmTno4PfPTm0P1MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNjNjBkZGE5LTg4ODItNDg3Yi05NTFiLTE0YmFhOTM1OWU4ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAV9/aAwDQYJKoZIhvcNAQELBQADggEBANfX6bpd7t/yeUNyDk3v8U4Iv2ls
QfBvX9SX7gv0BOyjqximvh8oHN3bbsorSDRxbHY7EcMrxzts7asUKWeGwGumiIoy
g2EWLreOUUP1jpM8osI+8hgox8ArIXry8ajP+IZHMdW82NRDBNzpA6uY/Jlfp5gr
b2yI3Whp3FKWCxrr0UZNiqaNi8LsvEbmIs0TwyPKxLLdtDXbCcEc+QVZQ6hVKRZ1
2sT4WjgOdPzrYxHKmwsBVIYY4iRthkT+/JAV2iScnz7Rpor4ejqqshOinyK/ifln
j13+lXj89JIYp39G2iwpjsBzr5hhxZ2V6UgTBISu7uLKUN4QqFhwtA9d4gA=
-----END CERTIFICATE-----