Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb7f1187-36a4-49c8-a940-b8a58490830b.roa
File:                     cb7f1187-36a4-49c8-a940-b8a58490830b.roa (raw, json)
Hash identifier:          mgEUqrFGwfPII/LDFlZyHNmROgmiAsNCIYTUn3rnZ9E=
Subject key identifier:   5E:68:4D:08:A0:76:A8:CB:BF:55:CF:A7:B3:C1:9A:01:56:A0:94:77
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6C7D29E25E871A94FD7D44688BF38AC81CC27C44
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb7f1187-36a4-49c8-a940-b8a58490830b.roa
Signing time:             Fri 31 Oct 2025 01:00:37 +0000
ROA not before:           Fri 31 Oct 2025 01:00:37 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.162.0.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:7d:29:e2:5e:87:1a:94:fd:7d:44:68:8b:f3:8a:c8:1c:c2:7c:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 01:00:37 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=3bb1e8232890eae697356a73c184c490c0fc8bfbdd614a5b2f13d766c72e2919, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:6b:e6:9d:8d:e2:65:2e:37:5e:c2:9b:c8:67:
                    84:72:0a:e3:ae:60:ef:cd:2e:b2:bf:02:06:c5:6d:
                    ba:6b:13:fc:f1:42:3e:17:a5:11:8c:fc:d0:a6:1a:
                    f7:4d:1d:9b:8f:9f:a5:b9:3a:0c:e3:44:6d:bc:94:
                    fd:8f:47:d7:b0:e3:cd:ea:01:7c:6c:1e:00:d1:53:
                    a6:eb:ce:d5:d3:1e:f2:92:74:03:d2:a6:73:3f:06:
                    fa:0e:26:f9:ee:80:03:d2:d1:b8:89:de:d9:7a:44:
                    9b:14:1c:a3:fd:75:28:97:a8:2c:b0:21:5b:89:0a:
                    d7:4d:b3:66:18:8a:a7:70:21:b0:b5:ed:25:bf:95:
                    61:ec:1b:d1:4e:c3:46:ed:aa:fe:e1:03:2d:6e:1c:
                    bc:5d:d9:68:c0:cc:17:f2:a3:76:f0:94:41:7f:6b:
                    1a:f3:83:ad:b1:c6:e9:54:d3:ca:5b:0a:f8:3d:f2:
                    d5:e1:bc:f9:cc:06:b4:83:67:de:62:1f:9f:b2:b4:
                    e3:cc:a7:a6:77:27:3e:95:54:c8:d1:e1:54:6b:be:
                    ab:4b:02:87:0b:ad:be:45:47:3b:0b:7f:eb:ef:cd:
                    d8:e7:c3:b0:8f:3a:4c:8c:29:d0:1e:c5:69:38:81:
                    81:07:37:2f:87:df:0d:65:49:d1:b9:c4:85:30:eb:
                    46:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:68:4D:08:A0:76:A8:CB:BF:55:CF:A7:B3:C1:9A:01:56:A0:94:77
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb7f1187-36a4-49c8-a940-b8a58490830b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.162.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         04:a8:1a:0e:a5:df:db:1e:2e:85:94:ff:c2:bc:11:a7:df:ce:
         8a:6a:17:97:af:37:b2:86:0e:b6:cf:fe:d4:f7:a3:c5:c2:6f:
         92:99:0f:11:37:ae:a0:3c:f1:33:fd:9b:e0:11:0e:ee:cf:59:
         20:db:bd:e3:05:27:ff:18:3d:06:31:11:f7:b5:9b:a8:be:0b:
         cf:ba:4b:70:dd:c6:ce:38:95:77:cc:ce:bb:95:ab:fa:d5:c7:
         22:6f:76:c5:4e:42:da:bd:19:44:e8:84:94:fa:72:f9:9b:85:
         2c:2a:e9:75:42:f0:0b:67:46:21:6d:f5:93:7e:7b:28:c6:e5:
         23:69:58:93:f3:01:8f:7d:ee:ee:85:b7:ed:9a:c5:ae:07:15:
         e3:59:ed:f0:68:a5:b5:1d:68:3b:94:4e:bb:8c:6d:91:37:3b:
         2f:90:87:09:4d:36:34:75:56:ed:70:00:95:4f:07:01:e6:b5:
         3a:79:18:83:d9:3e:4b:f6:db:8e:f4:db:e5:f1:bf:19:f9:2b:
         3f:29:fd:00:a8:31:04:21:31:94:27:8d:01:83:a0:19:77:92:
         3b:81:29:85:cc:8d:87:f2:fa:6d:9d:43:54:3d:6f:21:22:bd:
         9d:84:af:46:0d:f0:43:90:f6:6b:3e:a7:61:7c:d1:4d:e1:df:
         b8:05:fd:84
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbH0p4l6HGpT9fURoi/OKyBzCfEQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMDEwMDM3WhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYmIxZTgyMzI4OTBlYWU2OTczNTZhNzNjMTg0YzQ5MGMw
ZmM4YmZiZGQ2MTRhNWIyZjEzZDc2NmM3MmUyOTE5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3a+adjeJlLjdewpvIZ4RyCuOuYO/NLrK/AgbFbbprE/zx
Qj4XpRGM/NCmGvdNHZuPn6W5OgzjRG28lP2PR9ew483qAXxsHgDRU6brztXTHvKS
dAPSpnM/BvoOJvnugAPS0biJ3tl6RJsUHKP9dSiXqCywIVuJCtdNs2YYiqdwIbC1
7SW/lWHsG9FOw0btqv7hAy1uHLxd2WjAzBfyo3bwlEF/axrzg62xxulU08pbCvg9
8tXhvPnMBrSDZ95iH5+ytOPMp6Z3Jz6VVMjR4VRrvqtLAocLrb5FRzsLf+vvzdjn
w7CPOkyMKdAexWk4gYEHNy+H3w1lSdG5xIUw60YRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXmhNCKB2qMu/Vc+ns8GaAVaglHcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NiN2YxMTg3LTM2YTQtNDljOC1hOTQwLWI4YTU4NDkwODMwYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQNogAwDQYJKoZIhvcNAQELBQADggEBAASoGg6l39seLoWU/8K8Eaffzopq
F5evN7KGDrbP/tT3o8XCb5KZDxE3rqA88TP9m+ARDu7PWSDbveMFJ/8YPQYxEfe1
m6i+C8+6S3Ddxs44lXfMzruVq/rVxyJvdsVOQtq9GUTohJT6cvmbhSwq6XVC8Atn
RiFt9ZN+eyjG5SNpWJPzAY997u6Ft+2axa4HFeNZ7fBopbUdaDuUTruMbZE3Oy+Q
hwlNNjR1Vu1wAJVPBwHmtTp5GIPZPkv224702+Xxvxn5Kz8p/QCoMQQhMZQnjQGD
oBl3kjuBKYXMjYfy+m2dQ1Q9byEivZ2Er0YN8EOQ9ms+p2F80U3h37gF/YQ=
-----END CERTIFICATE-----