Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/47f76ec9-1410-4f5f-930d-b1663472dcc6.roa
File:                     47f76ec9-1410-4f5f-930d-b1663472dcc6.roa (raw, json)
Hash identifier:          LYVUscmkvQ3nqzFE5T6dODbeTdRdPrz+q0paxm7FCbE=
Subject key identifier:   68:7E:88:BB:38:BF:BB:AE:D1:F5:91:63:5A:8C:5B:E7:60:92:24:C4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5236626A218F15DA511CAC0CE48DCF6AD29D57B0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/47f76ec9-1410-4f5f-930d-b1663472dcc6.roa
Signing time:             Sat 18 Oct 2025 02:50:53 +0000
ROA not before:           Sat 18 Oct 2025 02:50:53 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.214.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:36:62:6a:21:8f:15:da:51:1c:ac:0c:e4:8d:cf:6a:d2:9d:57:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 02:50:53 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=cf3e31db8c2f452f1b1d76fd12dee6d4a6396bc9382fc730a2e0d711a392a8fa, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f2:44:be:f5:9c:b4:7f:b6:36:72:8d:d4:c5:
                    12:53:97:40:39:13:4b:2d:21:60:0b:2a:39:a4:f6:
                    57:7c:8e:1d:d4:a2:af:68:a7:ce:32:37:e2:3f:b8:
                    a3:d2:ca:d7:81:19:e3:7b:13:12:2f:7f:bf:f8:1d:
                    47:7a:25:bc:14:98:de:1b:70:7c:90:e4:3d:18:5f:
                    6c:8e:37:83:d3:93:9f:a1:08:64:d9:ea:f5:07:d9:
                    87:42:8e:b2:22:bb:de:61:bb:4d:cc:cc:79:0d:99:
                    13:33:ef:6e:f0:b6:9b:26:65:5d:f0:19:29:fd:0f:
                    ce:6d:c8:84:6a:10:83:0f:44:c3:38:1b:3f:b0:10:
                    f1:82:53:34:ca:55:01:14:a5:0a:8a:bb:f7:42:0d:
                    46:d5:e0:45:36:e5:00:99:d7:81:ae:06:c5:6d:fe:
                    d4:e4:d6:db:43:32:22:db:d9:57:57:00:74:33:d5:
                    48:f2:ce:82:6a:f8:7d:9f:35:a2:18:e7:15:e2:c8:
                    69:da:ba:a2:2c:6c:c0:97:d6:b9:4f:a0:be:b5:53:
                    0d:eb:6c:c8:3a:cc:f9:e3:6d:cb:0e:94:8e:6d:76:
                    50:ac:dd:72:49:3b:19:d2:2e:d6:73:d9:0d:ed:2e:
                    0d:b6:54:ad:39:8c:5e:76:4a:0d:6c:6a:a2:a2:e9:
                    da:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:7E:88:BB:38:BF:BB:AE:D1:F5:91:63:5A:8C:5B:E7:60:92:24:C4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/47f76ec9-1410-4f5f-930d-b1663472dcc6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.214.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         30:a7:10:39:57:13:18:5c:3c:00:1c:93:cb:1c:5f:f4:be:7f:
         27:26:63:b9:5d:3c:cf:9c:77:56:e4:bc:f6:a3:8b:2b:f9:35:
         fe:c6:52:d2:a3:84:71:37:b4:29:88:c7:66:71:f6:c1:7f:c0:
         ed:e4:90:8d:db:25:c1:55:96:46:de:43:59:40:ec:d2:f1:ca:
         cb:c8:79:10:7d:1a:33:9b:b6:37:66:78:26:63:64:8e:57:54:
         03:35:4a:68:19:ca:ae:94:75:95:2b:45:1d:f3:38:49:1b:81:
         29:5f:77:d9:e1:50:0f:57:e8:c2:46:67:e5:d8:35:07:f0:29:
         31:91:f7:5f:20:e5:c7:b0:3e:72:4b:b5:e0:87:de:b3:6b:fc:
         7e:0f:26:8d:7c:16:d5:92:0e:78:fc:84:e1:fa:e1:a2:bb:94:
         09:c5:c0:9f:ad:ba:55:75:80:2d:94:20:a6:ec:62:72:ab:79:
         6c:3b:03:05:a9:bf:74:0f:bd:8d:f3:94:d8:57:2f:16:b0:d2:
         3e:ed:fa:ef:69:f0:d8:d0:5d:7b:1b:45:d2:c2:c6:d4:fd:b1:
         90:ba:e2:85:99:a6:e7:86:07:ab:15:34:1a:81:cf:20:47:fc:
         9c:c0:a5:88:11:32:2d:d2:41:ee:ac:bf:f7:35:43:9c:bb:a4:
         be:64:ba:ff
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUUjZiaiGPFdpRHKwM5I3PatKdV7AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDI1MDUzWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BjZjNlMzFkYjhjMmY0NTJmMWIxZDc2ZmQxMmRlZTZkNGE2
Mzk2YmM5MzgyZmM3MzBhMmUwZDcxMWEzOTJhOGZhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCq8kS+9Zy0f7Y2co3UxRJTl0A5E0stIWALKjmk9ld8jh3U
oq9op84yN+I/uKPSyteBGeN7ExIvf7/4HUd6JbwUmN4bcHyQ5D0YX2yON4PTk5+h
CGTZ6vUH2YdCjrIiu95hu03MzHkNmRMz727wtpsmZV3wGSn9D85tyIRqEIMPRMM4
Gz+wEPGCUzTKVQEUpQqKu/dCDUbV4EU25QCZ14GuBsVt/tTk1ttDMiLb2VdXAHQz
1UjyzoJq+H2fNaIY5xXiyGnauqIsbMCX1rlPoL61Uw3rbMg6zPnjbcsOlI5tdlCs
3XJJOxnSLtZz2Q3tLg22VK05jF52Sg1saqKi6dpzAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUaH6Iuzi/u67R9ZFjWoxb52CSJMQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ3Zjc2ZWM5LTE0MTAtNGY1Zi05MzBkLWIxNjYzNDcyZGNjNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAo1jANBgkqhkiG9w0BAQsFAAOCAQEAMKcQOVcTGFw8AByTyxxf9L5/JyZj
uV08z5x3VuS89qOLK/k1/sZS0qOEcTe0KYjHZnH2wX/A7eSQjdslwVWWRt5DWUDs
0vHKy8h5EH0aM5u2N2Z4JmNkjldUAzVKaBnKrpR1lStFHfM4SRuBKV932eFQD1fo
wkZn5dg1B/ApMZH3XyDlx7A+cku14Ifes2v8fg8mjXwW1ZIOePyE4frhoruUCcXA
n626VXWALZQgpuxicqt5bDsDBam/dA+9jfOU2FcvFrDSPu3672nw2NBdextF0sLG
1P2xkLrihZmm54YHqxU0GoHPIEf8nMCliBEyLdJB7qy/9zVDnLukvmS6/w==
-----END CERTIFICATE-----