Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3dbee296-ec09-48ec-b119-3d727f285355.roa
File:                     3dbee296-ec09-48ec-b119-3d727f285355.roa (raw, json)
Hash identifier:          RJUDxM0LBnWbPMguJh4v0tD0A9Tw7vMqXpcx8+E1CSc=
Subject key identifier:   53:AE:5A:D3:C2:94:6E:F4:0E:9B:A7:73:7F:C2:F2:4E:C6:BB:22:EA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4B720697BE593F17BD92EA8777B94092E6C5A90C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3dbee296-ec09-48ec-b119-3d727f285355.roa
Signing time:             Sat 04 Oct 2025 00:51:11 +0000
ROA not before:           Sat 04 Oct 2025 00:51:11 +0000
ROA not after:            Sat 08 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.150.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:72:06:97:be:59:3f:17:bd:92:ea:87:77:b9:40:92:e6:c5:a9:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  4 00:51:11 2025 GMT
            Not After : Nov  8 23:59:59 2025 GMT
        Subject: serialNumber=7ac7f10942a8bb60e203221736b6ade20d7ce4e100db1e7741157a1bc5fc3e00, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:4a:91:fc:64:07:32:0e:05:df:7d:22:ba:5d:
                    e2:b5:b2:54:4f:f9:ba:2b:25:ad:9d:b2:26:da:30:
                    26:20:b3:cf:e5:64:22:2a:29:95:db:60:bf:a9:52:
                    b7:5d:87:7f:7d:09:13:53:2b:f0:45:4b:2a:3a:37:
                    63:21:d6:54:d6:1c:2e:a4:d0:39:9e:40:2c:7a:52:
                    e4:37:3d:fa:d4:83:c5:e1:28:d1:b1:b9:aa:50:27:
                    d9:0e:04:93:07:7a:47:78:3a:1e:3e:0a:97:b6:52:
                    02:84:30:bf:cd:10:f9:7b:a3:e1:cd:91:53:97:5d:
                    1a:03:ec:9d:c7:3b:44:e1:cd:0c:2e:a2:f3:c9:d5:
                    62:2e:02:d6:0d:08:e9:50:fa:77:45:d8:17:62:14:
                    d6:3e:88:0d:33:fb:49:0b:05:2d:55:99:f9:48:2c:
                    1a:d5:02:35:74:9b:e8:71:ff:e4:d0:bb:c5:4c:77:
                    f6:c4:f3:91:69:2a:b7:e5:7e:f7:42:ef:80:77:cd:
                    66:2d:b7:b3:11:db:83:df:09:f3:75:4f:b8:4f:19:
                    4e:dc:75:37:52:ab:b8:11:3a:4f:1d:66:86:e1:f1:
                    2d:74:57:d3:25:d0:7a:e6:6b:a4:28:68:53:8a:af:
                    81:5f:c1:99:19:29:b1:5b:cc:9e:75:e5:27:af:9d:
                    61:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:AE:5A:D3:C2:94:6E:F4:0E:9B:A7:73:7F:C2:F2:4E:C6:BB:22:EA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3dbee296-ec09-48ec-b119-3d727f285355.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.150.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d6:6e:04:b3:cf:14:1a:e8:8e:0e:9e:4b:9c:2f:7f:d2:81:bf:
         0c:53:96:2d:76:db:d1:56:90:c5:df:20:91:e3:31:6d:27:bd:
         b5:8f:7c:bd:82:d6:fa:f4:0f:5c:05:36:86:44:f1:52:0a:94:
         31:a2:8e:6d:d8:bc:cd:70:c2:8b:e7:2c:d0:f2:ef:19:69:5f:
         d2:3e:b5:ef:d5:8a:fd:db:fb:65:da:b7:6d:89:be:7a:0d:ba:
         93:c5:31:90:ed:3c:3b:4e:36:48:df:b8:c7:dd:9d:c4:72:4b:
         0f:30:17:b5:35:be:88:ae:3b:84:14:31:e7:5b:7a:df:d2:6c:
         8f:47:1a:e6:27:0b:e3:0b:9e:67:e2:58:1e:54:23:c4:3d:aa:
         bc:24:d4:3f:1b:9c:02:d4:07:4d:25:77:f8:dd:d4:0c:60:2e:
         24:64:3d:64:2c:92:d4:8b:0f:25:70:ad:45:a4:9f:3c:1f:f5:
         c8:b4:17:a9:26:bd:0d:76:32:ef:a6:8e:40:6a:53:f0:f1:2a:
         fd:a8:26:00:87:b9:c0:85:af:ab:40:8e:60:91:ec:36:58:c0:
         14:4e:ef:4d:bc:4c:3c:1e:4e:7f:de:89:c0:b1:8a:ec:aa:77:
         70:d8:85:27:a2:9a:7b:10:1b:72:d4:c1:b3:46:b2:9b:0d:d5:
         c0:95:73:82
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUS3IGl75ZPxe9kuqHd7lAkubFqQwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA0MDA1MTExWhcNMjUxMTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A3YWM3ZjEwOTQyYThiYjYwZTIwMzIyMTczNmI2YWRlMjBk
N2NlNGUxMDBkYjFlNzc0MTE1N2ExYmM1ZmMzZTAwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRSpH8ZAcyDgXffSK6XeK1slRP+borJa2dsibaMCYgs8/l
ZCIqKZXbYL+pUrddh399CRNTK/BFSyo6N2Mh1lTWHC6k0DmeQCx6UuQ3PfrUg8Xh
KNGxuapQJ9kOBJMHekd4Oh4+Cpe2UgKEML/NEPl7o+HNkVOXXRoD7J3HO0ThzQwu
ovPJ1WIuAtYNCOlQ+ndF2BdiFNY+iA0z+0kLBS1VmflILBrVAjV0m+hx/+TQu8VM
d/bE85FpKrflfvdC74B3zWYtt7MR24PfCfN1T7hPGU7cdTdSq7gROk8dZobh8S10
V9Ml0Hrma6QoaFOKr4FfwZkZKbFbzJ515SevnWEFAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUU65a08KUbvQOm6dzf8LyTsa7IuowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNkYmVlMjk2LWVjMDktNDhlYy1iMTE5LTNkNzI3ZjI4NTM1NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAoljANBgkqhkiG9w0BAQsFAAOCAQEA1m4Es88UGuiODp5LnC9/0oG/DFOW
LXbb0VaQxd8gkeMxbSe9tY98vYLW+vQPXAU2hkTxUgqUMaKObdi8zXDCi+cs0PLv
GWlf0j6179WK/dv7Zdq3bYm+eg26k8UxkO08O042SN+4x92dxHJLDzAXtTW+iK47
hBQx51t639Jsj0ca5icL4wueZ+JYHlQjxD2qvCTUPxucAtQHTSV3+N3UDGAuJGQ9
ZCyS1IsPJXCtRaSfPB/1yLQXqSa9DXYy76aOQGpT8PEq/agmAIe5wIWvq0COYJHs
NljAFE7vTbxMPB5Of96JwLGK7Kp3cNiFJ6KaexAbctTBs0aymw3VwJVzgg==
-----END CERTIFICATE-----