Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/16c2233b-7c35-4cc7-90e3-d9434daaada5.roa
File:                     16c2233b-7c35-4cc7-90e3-d9434daaada5.roa (raw, json)
Hash identifier:          iYL2GSQee3K3c6xXUqX/zIe0WVNiGH0YNLeiG2cM3BE=
Subject key identifier:   44:CA:6D:D5:3A:E3:34:3D:DB:E4:45:4D:F9:51:08:AD:01:B6:D9:7C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       63DF2AB1ECF8DBD4C48E2CD9454B279E51BF45DD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/16c2233b-7c35-4cc7-90e3-d9434daaada5.roa
Signing time:             Sat 18 Oct 2025 04:10:57 +0000
ROA not before:           Sat 18 Oct 2025 04:10:57 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.176.0.0/14 maxlen: 14
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:df:2a:b1:ec:f8:db:d4:c4:8e:2c:d9:45:4b:27:9e:51:bf:45:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 04:10:57 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=26d5b0d9c73ccafa05f597a8f08f1cb613123d1cdcdb9fd76881d113702c6f01, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b7:12:39:56:07:3b:25:0b:c7:0a:2b:ed:f1:
                    e7:9c:71:cf:b0:af:6b:2c:e8:be:a4:a2:e2:2c:14:
                    4f:63:3a:8a:ef:89:82:4b:85:93:20:bc:e7:a2:74:
                    53:3e:39:07:e2:09:f8:58:db:6c:ce:a5:f2:99:6a:
                    40:82:3c:43:74:55:13:60:1d:5c:8d:92:41:d4:93:
                    51:4a:fc:fd:cb:4a:6e:d6:6a:55:84:a9:a4:ba:c3:
                    21:28:c4:af:8f:87:02:bd:9f:b3:d1:2c:06:2e:9d:
                    4c:b4:15:93:3c:70:24:81:f2:17:54:ee:22:4c:04:
                    b6:49:00:8a:98:3f:76:cf:26:24:b6:91:00:fd:e3:
                    21:4e:5f:a6:7c:51:78:c1:9a:99:2e:79:42:95:17:
                    e1:87:fe:27:9c:6b:d0:09:b4:ad:80:f1:85:6d:82:
                    8d:92:a6:37:4e:38:fd:5f:3e:f6:71:91:a6:c8:7e:
                    89:c2:c7:45:4b:61:e1:f6:e6:bf:71:51:cf:99:f7:
                    26:71:72:7f:70:14:ed:59:2f:9d:00:3f:79:1f:91:
                    b8:55:b8:66:52:36:fc:f5:f1:6c:17:fd:d3:57:96:
                    8d:a1:fc:fa:89:b7:7d:33:3e:3c:b4:79:89:90:b1:
                    4f:6c:be:6e:c2:4e:dd:19:0c:1f:3e:4f:2f:0c:72:
                    a6:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:CA:6D:D5:3A:E3:34:3D:DB:E4:45:4D:F9:51:08:AD:01:B6:D9:7C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/16c2233b-7c35-4cc7-90e3-d9434daaada5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.176.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         a0:28:51:5c:fc:83:4b:c4:6d:ab:04:2c:64:fc:2a:b3:95:c9:
         01:7c:de:41:ec:4a:fa:4e:c0:8f:6b:2b:d6:1e:ca:52:a3:60:
         a3:39:27:89:1d:ed:67:ed:22:95:99:88:f2:cd:48:25:58:0f:
         ab:d6:e7:89:f7:6c:f3:5d:d6:74:78:03:5c:c5:84:66:a6:88:
         51:a0:a1:0f:f9:fb:3a:38:93:c7:a1:ed:34:bf:08:e5:9b:0f:
         5b:cc:35:6a:6c:23:4e:14:ba:bb:f0:ad:65:b2:8a:57:f3:62:
         bb:7f:e6:5e:36:26:24:b7:df:bf:78:db:89:95:2d:39:a4:4b:
         01:4f:ef:61:47:6c:ac:e9:bb:59:ef:fa:1b:61:48:06:87:ca:
         d1:67:45:07:d3:e2:d2:31:27:6e:fe:b4:1b:54:21:96:db:b7:
         39:1e:b1:f3:2e:08:f2:8b:35:b0:1c:14:24:c6:1a:1e:19:74:
         8f:73:bf:ff:42:48:22:68:0d:c6:57:85:d7:55:cb:62:63:c9:
         a8:33:c7:55:ca:7b:d5:84:ec:fc:be:90:aa:93:ad:f2:20:6e:
         c4:ab:f1:8d:b8:a4:11:a8:00:59:98:24:2b:69:84:dc:47:47:
         3c:98:4a:74:68:4a:90:1b:8d:47:bf:01:71:d5:ec:03:2b:2c:
         54:e4:12:76
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUY98qsez429TEjizZRUsnnlG/Rd0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDQxMDU3WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNmQ1YjBkOWM3M2NjYWZhMDVmNTk3YThmMDhmMWNiNjEz
MTIzZDFjZGNkYjlmZDc2ODgxZDExMzcwMmM2ZjAxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6txI5Vgc7JQvHCivt8eeccc+wr2ss6L6kouIsFE9jOorv
iYJLhZMgvOeidFM+OQfiCfhY22zOpfKZakCCPEN0VRNgHVyNkkHUk1FK/P3LSm7W
alWEqaS6wyEoxK+PhwK9n7PRLAYunUy0FZM8cCSB8hdU7iJMBLZJAIqYP3bPJiS2
kQD94yFOX6Z8UXjBmpkueUKVF+GH/ieca9AJtK2A8YVtgo2SpjdOOP1fPvZxkabI
fonCx0VLYeH25r9xUc+Z9yZxcn9wFO1ZL50AP3kfkbhVuGZSNvz18WwX/dNXlo2h
/PqJt30zPjy0eYmQsU9svm7CTt0ZDB8+Ty8McqYvAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQURMpt1TrjND3b5EVN+VEIrQG22XwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE2YzIyMzNiLTdjMzUtNGNjNy05MGUzLWQ5NDM0ZGFhYWRhNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwIosDANBgkqhkiG9w0BAQsFAAOCAQEAoChRXPyDS8RtqwQsZPwqs5XJAXze
QexK+k7Aj2sr1h7KUqNgozkniR3tZ+0ilZmI8s1IJVgPq9bnifds813WdHgDXMWE
ZqaIUaChD/n7OjiTx6HtNL8I5ZsPW8w1amwjThS6u/CtZbKKV/Niu3/mXjYmJLff
v3jbiZUtOaRLAU/vYUdsrOm7We/6G2FIBofK0WdFB9Pi0jEnbv60G1Qhltu3OR6x
8y4I8os1sBwUJMYaHhl0j3O//0JIImgNxleF11XLYmPJqDPHVcp71YTs/L6QqpOt
8iBuxKvxjbikEagAWZgkK2mE3EdHPJhKdGhKkBuNR78BcdXsAyssVOQSdg==
-----END CERTIFICATE-----