Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4393951a-48f6-4d5e-a6a1-c5a21955005d.roa
File:                     4393951a-48f6-4d5e-a6a1-c5a21955005d.roa (raw, json)
Hash identifier:          lxC7uOSaG81dJGbgWsILD9Pk5L63NqoCaPMdlWG2S8w=
Subject key identifier:   40:A2:98:3E:43:0D:A5:04:B0:0D:09:8A:34:17:6B:8C:7E:8D:B2:DF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7402D5A31BE0FEE036163966D1AB96E6E3202D5B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4393951a-48f6-4d5e-a6a1-c5a21955005d.roa
Signing time:             Sat 27 Sep 2025 00:23:22 +0000
ROA not before:           Sat 27 Sep 2025 00:23:22 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.42.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:02:d5:a3:1b:e0:fe:e0:36:16:39:66:d1:ab:96:e6:e3:20:2d:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 27 00:23:22 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=194e2fa602ddda97e17eae578ddc663af73f35570778f6750e77aeee8e9fd813, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:08:6d:cd:79:01:94:05:9a:ed:cb:0b:83:08:
                    d2:68:8e:ee:e4:e3:be:f0:0c:2c:4f:08:0f:9f:b1:
                    d8:33:5f:6a:17:92:e1:60:2b:16:9f:48:a9:d8:58:
                    24:46:a9:8b:62:0c:cc:b7:5c:3c:90:12:f2:f9:e3:
                    61:b5:fb:c3:1a:00:fb:64:b4:9d:79:53:56:8f:b8:
                    51:e8:eb:75:4a:f4:7a:20:35:0b:31:70:62:ee:87:
                    f3:58:a3:c9:ea:79:84:a6:1f:04:5c:19:0c:88:d4:
                    0d:75:39:f2:e1:9b:36:17:86:89:78:19:57:26:8c:
                    c7:b3:37:d4:83:6c:0c:75:4f:57:e7:41:cd:b3:79:
                    5f:b9:96:c0:79:7f:09:91:ec:34:af:5c:a9:4d:bd:
                    9f:10:65:0b:c6:35:b7:68:ee:4c:b7:00:c8:1c:a7:
                    c3:42:67:32:09:ea:5c:c1:d2:2a:c6:99:cc:2b:db:
                    30:6d:d0:7b:13:82:a3:7d:5e:f2:c7:e4:f9:26:af:
                    99:04:cf:90:24:02:88:49:7c:eb:10:02:f2:bd:9d:
                    f1:68:57:40:d0:73:51:86:eb:0a:be:29:92:d8:1e:
                    89:67:85:21:b5:76:7f:cd:06:d4:ab:ac:13:c1:4a:
                    c3:e5:80:54:66:2a:d5:21:bb:84:0f:73:a3:97:17:
                    c5:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:A2:98:3E:43:0D:A5:04:B0:0D:09:8A:34:17:6B:8C:7E:8D:B2:DF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4393951a-48f6-4d5e-a6a1-c5a21955005d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.42.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a8:25:41:7e:66:e8:26:2e:0f:c9:da:e5:72:19:05:8c:b8:8d:
         65:84:f9:83:e5:11:e6:00:83:45:83:02:32:89:64:40:8e:5e:
         19:7d:05:4e:d6:28:85:2e:6a:60:82:55:7b:77:00:09:2d:c3:
         31:61:6b:eb:7b:9e:a7:65:28:57:2f:34:01:b9:67:b4:cd:48:
         bd:0b:e2:aa:c5:55:01:df:d2:d6:39:b8:3a:8f:e3:f3:bc:ca:
         1c:79:00:a9:fe:21:f7:18:d6:71:f3:b0:e2:97:79:cf:c3:bc:
         7c:00:83:37:b6:4f:74:bf:9b:ef:2b:5a:c2:6b:49:c3:8e:27:
         8a:f7:35:8a:07:3f:1d:d9:82:8f:31:63:c3:c2:6b:1e:db:2b:
         6b:59:8e:a9:f5:27:0c:08:e5:d5:ca:db:9b:55:93:96:56:c0:
         a4:a1:7c:71:4b:e8:a7:b9:8e:22:8e:a4:18:90:ed:78:67:64:
         d8:60:6a:fc:28:56:0c:d3:d7:01:da:96:1a:e9:18:de:05:05:
         13:c3:a5:ba:3e:32:60:f6:64:8b:ac:9f:e6:c6:33:dd:78:3e:
         5f:9e:39:f6:dc:14:7f:3e:92:d1:99:42:31:d2:1a:33:83:53:
         1e:44:ff:63:b6:20:50:a3:9c:0d:ce:7b:be:bf:5d:b8:00:d0:
         86:ca:88:ea
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdALVoxvg/uA2Fjlm0auW5uMgLVswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI3MDAyMzIyWhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxOTRlMmZhNjAyZGRkYTk3ZTE3ZWFlNTc4ZGRjNjYzYWY3
M2YzNTU3MDc3OGY2NzUwZTc3YWVlZThlOWZkODEzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLCG3NeQGUBZrtywuDCNJoju7k477wDCxPCA+fsdgzX2oX
kuFgKxafSKnYWCRGqYtiDMy3XDyQEvL542G1+8MaAPtktJ15U1aPuFHo63VK9Hog
NQsxcGLuh/NYo8nqeYSmHwRcGQyI1A11OfLhmzYXhol4GVcmjMezN9SDbAx1T1fn
Qc2zeV+5lsB5fwmR7DSvXKlNvZ8QZQvGNbdo7ky3AMgcp8NCZzIJ6lzB0irGmcwr
2zBt0HsTgqN9XvLH5Pkmr5kEz5AkAohJfOsQAvK9nfFoV0DQc1GG6wq+KZLYHoln
hSG1dn/NBtSrrBPBSsPlgFRmKtUhu4QPc6OXF8UTAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUQKKYPkMNpQSwDQmKNBdrjH6Nst8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQzOTM5NTFhLTQ4ZjYtNGQ1ZS1hNmExLWM1YTIxOTU1MDA1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAjKjANBgkqhkiG9w0BAQsFAAOCAQEAqCVBfmboJi4PydrlchkFjLiNZYT5
g+UR5gCDRYMCMolkQI5eGX0FTtYohS5qYIJVe3cACS3DMWFr63uep2UoVy80Abln
tM1IvQviqsVVAd/S1jm4Oo/j87zKHHkAqf4h9xjWcfOw4pd5z8O8fACDN7ZPdL+b
7ytawmtJw44nivc1igc/HdmCjzFjw8JrHtsra1mOqfUnDAjl1crbm1WTllbApKF8
cUvop7mOIo6kGJDteGdk2GBq/ChWDNPXAdqWGukY3gUFE8Oluj4yYPZki6yf5sYz
3Xg+X5459twUfz6S0ZlCMdIaM4NTHkT/Y7YgUKOcDc57vr9duADQhsqI6g==
-----END CERTIFICATE-----