Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/234e46a7-d4c0-4498-863f-fe0ed912a21e.roa
File:                     234e46a7-d4c0-4498-863f-fe0ed912a21e.roa (raw, json)
Hash identifier:          DcMBKQQe9MUUgfv9rZaot1shCzqGh/1veyJlc6djpgg=
Subject key identifier:   C5:03:E1:37:58:0B:F3:E4:E1:1A:6D:97:EA:1B:DB:BC:B8:01:EB:C4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0306486CAC927EF5E1F740F6E35C87C754E6C2D0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/234e46a7-d4c0-4498-863f-fe0ed912a21e.roa
Signing time:             Sat 27 Sep 2025 00:21:19 +0000
ROA not before:           Sat 27 Sep 2025 00:21:19 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.235.0.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:06:48:6c:ac:92:7e:f5:e1:f7:40:f6:e3:5c:87:c7:54:e6:c2:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 27 00:21:19 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=12d4ece0d0f33fe4d84ce0c022b7666df989ca09735dca92a56625008458a015, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:87:b0:d1:3f:d9:73:0b:53:72:95:2c:b4:7a:
                    ac:88:e8:6e:b7:7d:28:8a:87:ca:a1:ff:c7:c6:0e:
                    d9:c8:75:09:79:16:0a:a4:26:96:37:ad:aa:a3:60:
                    cb:6a:66:de:67:d6:8a:c6:29:53:bc:f6:32:e5:81:
                    9d:35:db:8b:2b:c2:e9:e7:8b:3e:ec:af:5c:09:f0:
                    b0:6d:14:b6:90:d1:8d:0b:90:29:29:7e:69:81:fd:
                    81:65:19:54:66:07:41:af:5f:7e:7f:8f:32:01:6d:
                    35:88:c2:63:c2:be:9c:54:2d:56:e1:f7:46:48:09:
                    98:a7:b8:ba:51:63:d6:96:60:ad:e4:5f:4e:56:5b:
                    cd:5c:5e:98:3e:81:27:1b:00:3b:ef:41:9b:fa:a0:
                    32:36:40:a2:b0:f1:00:db:da:a9:47:e7:db:61:92:
                    68:6f:c6:15:e1:6a:67:63:18:50:b5:d6:fc:43:95:
                    ee:54:7b:aa:09:a2:35:21:8d:95:d8:d7:ff:27:c1:
                    24:94:a2:b3:1d:e8:91:72:ba:e7:91:e9:d9:fa:9a:
                    1b:79:c3:a7:f5:7a:cb:e8:37:d5:64:5a:97:cc:65:
                    12:20:69:b5:3e:79:31:5c:a4:0f:ee:1f:29:de:5a:
                    d8:83:02:99:32:99:9c:a5:f0:51:3c:08:b0:22:87:
                    c6:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:03:E1:37:58:0B:F3:E4:E1:1A:6D:97:EA:1B:DB:BC:B8:01:EB:C4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/234e46a7-d4c0-4498-863f-fe0ed912a21e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.235.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         66:a2:69:e5:4f:ff:ef:fa:d1:f2:a4:47:e1:4c:7d:03:5f:d6:
         4b:2b:98:36:5b:27:f1:a5:68:28:c6:df:43:48:72:75:f0:26:
         10:3b:b6:14:d7:32:d7:26:97:96:13:97:d7:6e:39:58:de:97:
         a5:f1:74:ab:39:bc:05:0f:26:1f:06:87:ae:bf:5a:e7:ff:47:
         e1:fc:ef:fe:f9:11:e5:f2:86:cf:1c:b0:98:d2:02:cf:32:5d:
         83:85:cd:6e:c5:44:27:3e:b7:e3:b4:db:2a:ec:df:18:d2:9e:
         a8:6a:b1:80:c3:e0:48:bc:57:d7:5e:cd:2c:7f:d3:53:13:a7:
         ae:66:a3:a7:c3:aa:7e:dc:04:f9:ba:5d:6e:22:84:92:38:fe:
         2f:1c:5f:4c:8c:20:f3:c5:4a:5b:64:13:eb:46:43:93:c3:4a:
         6f:0d:7d:61:9d:3b:f8:89:e4:23:f8:9a:93:99:35:ab:f2:df:
         92:34:2d:26:44:c9:a5:81:04:8c:75:a4:83:fa:3b:bf:e7:df:
         25:b1:df:2d:3d:3a:cc:7d:ac:da:85:59:e8:2d:0d:c2:f3:5d:
         03:11:7d:c1:a5:df:74:25:b0:9a:57:df:c0:4e:99:2d:f8:ef:
         10:00:f9:8a:ef:fa:cd:09:54:e5:81:d7:c8:e0:4a:cf:84:24:
         c7:12:20:b9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAwZIbKySfvXh90D241yHx1TmwtAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI3MDAyMTE5WhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMmQ0ZWNlMGQwZjMzZmU0ZDg0Y2UwYzAyMmI3NjY2ZGY5
ODljYTA5NzM1ZGNhOTJhNTY2MjUwMDg0NThhMDE1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChh7DRP9lzC1NylSy0eqyI6G63fSiKh8qh/8fGDtnIdQl5
FgqkJpY3raqjYMtqZt5n1orGKVO89jLlgZ0124srwunniz7sr1wJ8LBtFLaQ0Y0L
kCkpfmmB/YFlGVRmB0GvX35/jzIBbTWIwmPCvpxULVbh90ZICZinuLpRY9aWYK3k
X05WW81cXpg+gScbADvvQZv6oDI2QKKw8QDb2qlH59thkmhvxhXhamdjGFC11vxD
le5Ue6oJojUhjZXY1/8nwSSUorMd6JFyuueR6dn6mht5w6f1esvoN9VkWpfMZRIg
abU+eTFcpA/uHyneWtiDApkymZyl8FE8CLAih8bfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxQPhN1gL8+ThGm2X6hvbvLgB68QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIzNGU0NmE3LWQ0YzAtNDQ5OC04NjNmLWZlMGVkOTEyYTIxZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYo6wAwDQYJKoZIhvcNAQELBQADggEBAGaiaeVP/+/60fKkR+FMfQNf1ksr
mDZbJ/GlaCjG30NIcnXwJhA7thTXMtcml5YTl9duOVjel6XxdKs5vAUPJh8Gh66/
Wuf/R+H87/75EeXyhs8csJjSAs8yXYOFzW7FRCc+t+O02yrs3xjSnqhqsYDD4Ei8
V9dezSx/01MTp65mo6fDqn7cBPm6XW4ihJI4/i8cX0yMIPPFSltkE+tGQ5PDSm8N
fWGdO/iJ5CP4mpOZNavy35I0LSZEyaWBBIx1pIP6O7/n3yWx3y09Osx9rNqFWegt
DcLzXQMRfcGl33QlsJpX38BOmS347xAA+Yrv+s0JVOWB18jgSs+EJMcSILk=
-----END CERTIFICATE-----