Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/314dad8e-5e1a-4fa2-a8fc-e0055d7f9c10.roa
File:                     314dad8e-5e1a-4fa2-a8fc-e0055d7f9c10.roa (raw, json)
Hash identifier:          jI4GSAN5q/hHGyY0+F+szQ6lr1wgmhEz4u1TvATYviY=
Subject key identifier:   EE:FB:94:E8:D3:FA:B3:2C:41:17:80:C3:BF:2A:5F:C3:60:49:D4:38
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6B2994CD14F8B7E3F88630EA003FC99DBEA62315
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/314dad8e-5e1a-4fa2-a8fc-e0055d7f9c10.roa
Signing time:             Fri 26 Sep 2025 00:39:43 +0000
ROA not before:           Fri 26 Sep 2025 00:39:43 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.234.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:29:94:cd:14:f8:b7:e3:f8:86:30:ea:00:3f:c9:9d:be:a6:23:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 26 00:39:43 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=7d4f37f5cd75e4c90d7c6dd587ecb2765e2aabf9141a49497a85a67adbeefd2e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:4f:10:79:04:a3:1b:2a:4d:ac:38:62:f2:a5:
                    f5:36:ae:db:a0:68:dd:53:a5:11:4f:f7:9c:66:92:
                    8e:8b:6c:e0:b9:f2:35:d4:7b:53:7e:4e:d7:81:30:
                    ff:65:12:b9:4e:c5:6b:a7:8d:84:67:46:b8:42:32:
                    dc:8b:60:62:77:cb:b2:46:ee:36:8f:59:4f:dd:5a:
                    b1:8f:e0:81:e3:1a:b6:1c:85:eb:f4:e7:ad:14:99:
                    ed:6e:3b:a3:f6:40:4b:0e:f0:61:ac:00:b3:b1:78:
                    35:fe:74:c0:1d:d2:38:d9:ea:dc:31:46:65:43:91:
                    c9:91:c0:7a:5c:44:27:42:27:d1:3e:8f:99:b3:00:
                    54:0f:fb:5f:0a:88:f7:f1:1a:07:28:d6:87:59:82:
                    d5:bd:eb:ad:96:bd:e3:13:21:82:90:ff:c4:da:15:
                    24:c0:95:13:2c:cf:0d:2b:30:dd:b9:a4:0f:c4:b5:
                    fc:eb:d9:8e:fa:ea:1c:cd:ea:35:8e:0b:8f:f7:0a:
                    fd:1b:53:d1:38:59:65:2e:ef:0f:0c:44:9e:12:a2:
                    2c:e7:4b:a8:bc:70:dc:cb:34:8b:69:16:cd:75:4c:
                    ea:d4:c4:82:05:d7:4c:2b:08:6f:37:70:bf:af:d9:
                    c7:57:fc:b5:9f:56:14:5a:fb:d2:95:92:d8:2a:8c:
                    1d:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:FB:94:E8:D3:FA:B3:2C:41:17:80:C3:BF:2A:5F:C3:60:49:D4:38
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/314dad8e-5e1a-4fa2-a8fc-e0055d7f9c10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.234.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9c:a0:44:4a:49:db:b6:2a:c9:7c:33:d0:18:fd:45:c2:35:f3:
         45:95:21:96:61:21:66:15:41:66:3c:b7:94:ec:92:eb:0a:83:
         10:2d:5f:b0:c3:52:7b:08:34:24:87:6a:45:52:43:2d:31:8b:
         10:3b:b6:74:7e:75:a8:65:2e:77:c4:6d:ff:2d:0c:de:26:61:
         ab:ad:c9:e5:4e:af:fd:d5:8c:07:26:68:91:b5:14:f8:19:58:
         b6:39:25:12:9c:04:3f:65:3b:29:78:74:af:85:ab:73:82:48:
         89:79:f7:9e:9f:eb:c2:f1:c1:75:17:99:08:38:56:f5:19:1a:
         94:91:6a:2f:be:9f:79:58:a9:5d:c1:a7:f0:22:4b:55:6f:d3:
         af:b3:89:59:a3:fc:d5:89:95:f4:8a:84:5f:49:d5:9b:ff:3e:
         3b:bc:3c:9c:e8:6b:db:53:3f:b4:02:d9:1e:cc:cb:4b:40:a5:
         a4:42:ae:ea:70:cf:8e:29:cb:25:2d:84:74:57:cb:3c:da:1d:
         66:2d:19:75:a6:30:3e:a4:00:a7:69:56:55:b9:58:45:ef:01:
         c3:a4:63:9e:3b:ae:96:3f:09:77:92:10:f0:ed:1f:22:b7:39:
         ea:05:ce:8c:eb:42:b7:b9:ae:e6:4f:d6:e5:ae:ff:2b:82:f9:
         82:15:c8:d0
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUaymUzRT4t+P4hjDqAD/Jnb6mIxUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI2MDAzOTQzWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZDRmMzdmNWNkNzVlNGM5MGQ3YzZkZDU4N2VjYjI3NjVl
MmFhYmY5MTQxYTQ5NDk3YTg1YTY3YWRiZWVmZDJlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcTxB5BKMbKk2sOGLypfU2rtugaN1TpRFP95xmko6LbOC5
8jXUe1N+TteBMP9lErlOxWunjYRnRrhCMtyLYGJ3y7JG7jaPWU/dWrGP4IHjGrYc
hev0560Ume1uO6P2QEsO8GGsALOxeDX+dMAd0jjZ6twxRmVDkcmRwHpcRCdCJ9E+
j5mzAFQP+18KiPfxGgco1odZgtW9662WveMTIYKQ/8TaFSTAlRMszw0rMN25pA/E
tfzr2Y766hzN6jWOC4/3Cv0bU9E4WWUu7w8MRJ4SoiznS6i8cNzLNItpFs11TOrU
xIIF10wrCG83cL+v2cdX/LWfVhRa+9KVktgqjB3JAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU7vuU6NP6syxBF4DDvypfw2BJ1DgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMxNGRhZDhlLTVlMWEtNGZhMi1hOGZjLWUwMDU1ZDdmOWMxMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAo6jANBgkqhkiG9w0BAQsFAAOCAQEAnKBESknbtirJfDPQGP1FwjXzRZUh
lmEhZhVBZjy3lOyS6wqDEC1fsMNSewg0JIdqRVJDLTGLEDu2dH51qGUud8Rt/y0M
3iZhq63J5U6v/dWMByZokbUU+BlYtjklEpwEP2U7KXh0r4Wrc4JIiXn3np/rwvHB
dReZCDhW9RkalJFqL76feVipXcGn8CJLVW/Tr7OJWaP81YmV9IqEX0nVm/8+O7w8
nOhr21M/tALZHszLS0ClpEKu6nDPjinLJS2EdFfLPNodZi0ZdaYwPqQAp2lWVblY
Re8Bw6Rjnjuulj8Jd5IQ8O0fIrc56gXOjOtCt7mu5k/W5a7/K4L5ghXI0A==
-----END CERTIFICATE-----