Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0dc2871e-4870-49a7-8242-56cfe0f652d5.roa
File:                     0dc2871e-4870-49a7-8242-56cfe0f652d5.roa (raw, json)
Hash identifier:          TKc7FXVfpse93KxQvIfXUzPiKtWk74FJofrcC3AWHLI=
Subject key identifier:   78:CB:E7:62:C0:4A:E3:DE:93:63:C4:5F:9F:97:54:2D:BB:F1:74:7A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       066B2FDBE0FE9E02D89F789668A4EE3CCC3C1C94
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0dc2871e-4870-49a7-8242-56cfe0f652d5.roa
Signing time:             Fri 03 Oct 2025 00:22:54 +0000
ROA not before:           Fri 03 Oct 2025 00:22:54 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.168.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:6b:2f:db:e0:fe:9e:02:d8:9f:78:96:68:a4:ee:3c:cc:3c:1c:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:22:54 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=e7d3538d519920c2f92845362df216c15c3d04f37988bb446bfe1c3f08ac85fe, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:40:d4:f3:fa:0b:0e:5f:41:3e:fc:69:02:63:
                    07:42:ce:cc:a7:16:1a:80:51:05:38:58:cb:40:70:
                    49:5d:1c:db:a0:22:b7:4a:b3:85:53:03:86:66:7a:
                    8f:90:a2:55:0c:fe:b4:58:08:70:ce:e8:c5:ec:88:
                    ff:dc:b8:cb:72:b0:62:79:2e:57:b7:b8:d9:a1:6d:
                    86:9f:cc:ba:13:59:a5:f3:b2:38:15:f4:e6:f5:65:
                    bc:10:7e:cf:aa:36:d8:3f:2a:f0:77:7c:bd:0e:1c:
                    f8:6b:ce:82:4d:db:4b:2a:e0:c3:f4:ae:ac:c8:4b:
                    f8:d1:2b:e9:dd:b6:75:4c:58:2f:0d:f6:e1:0f:cf:
                    34:50:9d:5d:4d:59:08:75:16:3f:2a:be:85:94:87:
                    b6:65:33:93:7e:19:39:7f:2a:a5:b2:9f:c6:71:15:
                    23:89:93:32:5c:31:a2:9f:a3:15:e0:70:46:4e:b3:
                    20:c2:bf:f8:13:57:ba:b5:00:d4:d3:24:20:ee:f5:
                    c8:cc:45:50:bc:9e:53:58:4e:a8:0f:11:0c:3d:b7:
                    9c:88:f1:7b:91:c2:90:e4:2b:54:e1:a3:45:6a:66:
                    f5:33:a1:e3:19:4e:92:61:7b:f6:08:ab:83:5c:fe:
                    47:65:c9:41:3d:21:8a:e1:97:a4:5b:03:a6:df:04:
                    8e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:CB:E7:62:C0:4A:E3:DE:93:63:C4:5F:9F:97:54:2D:BB:F1:74:7A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0dc2871e-4870-49a7-8242-56cfe0f652d5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.168.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         25:df:08:65:50:67:ed:d7:e2:a9:44:b6:ef:28:cc:2d:03:b3:
         d3:e0:ee:89:c4:e6:53:8c:b4:40:56:3d:b7:49:e6:1d:cf:26:
         0c:e3:a1:e6:10:17:c9:0e:86:06:0d:c4:b4:23:0b:28:f1:66:
         20:7e:db:44:d3:44:13:9a:98:5a:2b:a2:d2:aa:e5:cd:f4:22:
         59:b0:12:c3:c5:34:dc:e7:74:f5:3b:b2:e7:1f:66:32:9b:ef:
         fd:a2:08:1d:8a:56:fb:53:e9:63:af:65:df:3a:97:1f:06:3b:
         ee:77:52:c1:27:46:db:37:13:55:e0:85:f3:6e:aa:4a:81:36:
         03:5b:63:aa:2c:97:03:69:54:92:22:6c:23:ce:9a:fc:31:42:
         a8:ea:79:b3:11:59:d8:7a:b2:09:82:4e:f2:52:68:cb:d5:ab:
         ad:2c:de:18:39:df:c9:dd:11:8c:b7:d0:e6:7a:86:a0:db:89:
         15:89:dc:9f:ba:8f:57:91:00:5e:dd:21:d2:7d:5c:a9:88:5e:
         ba:1d:87:3b:b1:8d:e0:e3:06:01:24:7f:de:4e:35:79:27:81:
         cf:ae:11:a6:08:ba:fe:9f:7c:a0:5d:4d:e4:83:fe:e1:40:d2:
         6a:b4:4b:0b:c6:61:91:3e:f7:ae:f2:87:9f:ee:d2:73:8c:62:
         b9:44:9a:60
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBmsv2+D+ngLYn3iWaKTuPMw8HJQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDAyMjU0WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlN2QzNTM4ZDUxOTkyMGMyZjkyODQ1MzYyZGYyMTZjMTVj
M2QwNGYzNzk4OGJiNDQ2YmZlMWMzZjA4YWM4NWZlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUQNTz+gsOX0E+/GkCYwdCzsynFhqAUQU4WMtAcEldHNug
IrdKs4VTA4Zmeo+QolUM/rRYCHDO6MXsiP/cuMtysGJ5Lle3uNmhbYafzLoTWaXz
sjgV9Ob1ZbwQfs+qNtg/KvB3fL0OHPhrzoJN20sq4MP0rqzIS/jRK+ndtnVMWC8N
9uEPzzRQnV1NWQh1Fj8qvoWUh7ZlM5N+GTl/KqWyn8ZxFSOJkzJcMaKfoxXgcEZO
syDCv/gTV7q1ANTTJCDu9cjMRVC8nlNYTqgPEQw9t5yI8XuRwpDkK1Tho0VqZvUz
oeMZTpJhe/YIq4Nc/kdlyUE9IYrhl6RbA6bfBI4BAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUeMvnYsBK496TY8Rfn5dULbvxdHowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBkYzI4NzFlLTQ4NzAtNDlhNy04MjQyLTU2Y2ZlMGY2NTJkNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAoqDANBgkqhkiG9w0BAQsFAAOCAQEAJd8IZVBn7dfiqUS27yjMLQOz0+Du
icTmU4y0QFY9t0nmHc8mDOOh5hAXyQ6GBg3EtCMLKPFmIH7bRNNEE5qYWiui0qrl
zfQiWbASw8U03Od09Tuy5x9mMpvv/aIIHYpW+1PpY69l3zqXHwY77ndSwSdG2zcT
VeCF826qSoE2A1tjqiyXA2lUkiJsI86a/DFCqOp5sxFZ2HqyCYJO8lJoy9WrrSze
GDnfyd0RjLfQ5nqGoNuJFYncn7qPV5EAXt0h0n1cqYheuh2HO7GN4OMGASR/3k41
eSeBz64Rpgi6/p98oF1N5IP+4UDSarRLC8ZhkT73rvKHn+7Sc4xiuUSaYA==
-----END CERTIFICATE-----