Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46a7936f-33e7-4e70-981a-f74a37d534fd.roa
File:                     46a7936f-33e7-4e70-981a-f74a37d534fd.roa (raw, json)
Hash identifier:          veMWzwkcYPwmTMB5ITcLS27hFJk5OHZrKkvzzNA0hvg=
Subject key identifier:   C2:C1:EE:22:79:F1:D8:BE:41:93:6B:33:7E:A0:B7:43:B8:9D:65:7B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       53EDB17495B29B398DA74298C3820BD257D74066
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46a7936f-33e7-4e70-981a-f74a37d534fd.roa
Signing time:             Sat 27 Sep 2025 00:01:22 +0000
ROA not before:           Sat 27 Sep 2025 00:01:22 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        206.125.40.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:ed:b1:74:95:b2:9b:39:8d:a7:42:98:c3:82:0b:d2:57:d7:40:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 27 00:01:22 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=d97bf40bf4ce58e4076aea0d82de5462d3283f34ec99ba891826d61520abbe5a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:58:8d:9a:7a:b4:f3:05:46:2c:07:13:57:4b:
                    b7:2e:be:df:8f:f5:92:74:c0:05:e5:c8:1c:d0:bf:
                    40:9f:b9:94:63:9a:e5:b6:37:d3:e2:2c:ae:9c:00:
                    df:98:d8:2b:19:f7:38:25:4b:a4:44:97:9d:9a:ac:
                    0d:41:81:4a:7e:30:3a:3c:5f:ec:2e:d9:07:39:6e:
                    db:70:9d:4f:29:22:8f:73:fe:76:0b:0b:64:a3:0c:
                    23:ab:4f:8b:c3:8b:7f:aa:ed:8f:c6:4b:5f:32:1d:
                    d4:c8:81:0b:af:bc:9d:d1:8a:78:73:1a:30:b2:10:
                    e5:54:e3:2f:4e:40:70:8e:aa:c0:52:80:2a:47:ff:
                    a9:3a:48:fe:5b:0d:1e:f9:52:b7:5b:2e:0a:ab:38:
                    a6:1a:74:2e:77:88:e6:bf:38:05:fd:03:bc:88:69:
                    9f:4b:c6:3a:98:31:a7:e1:5f:fc:da:04:33:f2:05:
                    9b:2b:15:ec:90:b6:bf:6f:c1:52:82:66:10:ed:ba:
                    dc:38:8f:be:b8:16:0b:9a:2a:6d:e2:62:23:43:a6:
                    ed:15:87:2d:68:23:f6:ba:8d:92:df:f0:4f:a7:1a:
                    e2:d0:ca:f2:7b:81:7a:ef:3f:fc:c0:11:3e:a6:16:
                    e7:a2:e4:47:70:4e:63:1c:08:89:7c:9b:9a:03:c3:
                    78:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:C1:EE:22:79:F1:D8:BE:41:93:6B:33:7E:A0:B7:43:B8:9D:65:7B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46a7936f-33e7-4e70-981a-f74a37d534fd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  206.125.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         d7:d6:46:9a:71:3a:db:31:9f:4c:02:82:74:1c:22:91:7f:6d:
         c3:2a:f9:51:08:f3:ca:8b:2b:97:59:a6:53:e2:4c:41:26:d9:
         b6:5c:f3:17:62:70:99:3f:36:7b:3c:51:c0:75:c5:9f:7f:b1:
         53:1b:9f:8a:39:75:1a:f4:40:76:90:a4:d3:54:be:6e:ac:6b:
         ac:4d:89:5d:00:e8:5a:0d:84:56:1b:95:92:06:ac:3a:c9:e0:
         13:02:8a:61:85:67:df:2e:94:5e:5d:ae:e1:04:d9:95:95:aa:
         a2:56:e2:95:b8:9d:cf:3e:d3:d0:3c:67:2c:a9:f7:29:9b:3a:
         5d:6b:5f:e6:39:db:bc:a7:63:ad:7b:fa:67:47:af:65:ef:67:
         af:f4:d5:37:64:9f:1a:0e:a8:a5:00:ab:17:a0:8b:f7:63:09:
         b2:17:82:7e:d6:4b:7f:e3:a4:2a:a1:90:2f:a4:32:38:81:15:
         bd:58:74:84:1c:0c:9b:86:74:79:d1:f8:7f:bf:9d:d3:29:cb:
         be:3e:83:c8:bf:ca:c1:c0:b7:ce:64:88:8b:85:cc:d7:0b:24:
         73:67:b6:05:f8:00:40:3e:70:d9:5a:ff:6a:80:08:9a:64:37:
         01:5f:12:3b:9f:90:b3:ad:ef:01:8f:98:e4:3e:cc:f8:10:de:
         80:6b:02:c3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU+2xdJWymzmNp0KYw4IL0lfXQGYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI3MDAwMTIyWhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BkOTdiZjQwYmY0Y2U1OGU0MDc2YWVhMGQ4MmRlNTQ2MmQz
MjgzZjM0ZWM5OWJhODkxODI2ZDYxNTIwYWJiZTVhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDfWI2aerTzBUYsBxNXS7cuvt+P9ZJ0wAXlyBzQv0CfuZRj
muW2N9PiLK6cAN+Y2CsZ9zglS6REl52arA1BgUp+MDo8X+wu2Qc5bttwnU8pIo9z
/nYLC2SjDCOrT4vDi3+q7Y/GS18yHdTIgQuvvJ3RinhzGjCyEOVU4y9OQHCOqsBS
gCpH/6k6SP5bDR75UrdbLgqrOKYadC53iOa/OAX9A7yIaZ9LxjqYMafhX/zaBDPy
BZsrFeyQtr9vwVKCZhDtutw4j764FguaKm3iYiNDpu0Vhy1oI/a6jZLf8E+nGuLQ
yvJ7gXrvP/zAET6mFuei5EdwTmMcCIl8m5oDw3grAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwsHuInnx2L5Bk2szfqC3Q7idZXswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ2YTc5MzZmLTMzZTctNGU3MC05ODFhLWY3NGEzN2Q1MzRmZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPOfSgwDQYJKoZIhvcNAQELBQADggEBANfWRppxOtsxn0wCgnQcIpF/bcMq
+VEI88qLK5dZplPiTEEm2bZc8xdicJk/Nns8UcB1xZ9/sVMbn4o5dRr0QHaQpNNU
vm6sa6xNiV0A6FoNhFYblZIGrDrJ4BMCimGFZ98ulF5druEE2ZWVqqJW4pW4nc8+
09A8Zyyp9ymbOl1rX+Y527ynY617+mdHr2XvZ6/01TdknxoOqKUAqxegi/djCbIX
gn7WS3/jpCqhkC+kMjiBFb1YdIQcDJuGdHnR+H+/ndMpy74+g8i/ysHAt85kiIuF
zNcLJHNntgX4AEA+cNla/2qACJpkNwFfEjufkLOt7wGPmOQ+zPgQ3oBrAsM=
-----END CERTIFICATE-----