Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98cc72ea-914b-406d-a713-eb0cb9240ff9.roa
File:                     98cc72ea-914b-406d-a713-eb0cb9240ff9.roa (raw, json)
Hash identifier:          T02t8i0cDNAcBBrPwl8geUAsELnjsC48TEbZcoW/l9I=
Subject key identifier:   A6:28:69:45:AA:84:99:9B:77:79:97:DC:08:A9:48:F5:AF:80:D9:C3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       10552F34B17507C5B6E05014F48440B0F17C8B73
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98cc72ea-914b-406d-a713-eb0cb9240ff9.roa
Signing time:             Sat 04 Oct 2025 00:51:45 +0000
ROA not before:           Sat 04 Oct 2025 00:51:45 +0000
ROA not after:            Sat 08 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.187.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:55:2f:34:b1:75:07:c5:b6:e0:50:14:f4:84:40:b0:f1:7c:8b:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  4 00:51:45 2025 GMT
            Not After : Nov  8 23:59:59 2025 GMT
        Subject: serialNumber=8c707117fd2d0cb3cf3c48a0122dce816cb2cbff79b59fab2e048b098aa422c1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:71:86:87:db:36:19:0a:38:20:e6:f8:38:d8:
                    bf:e7:2e:86:52:13:7a:eb:aa:4a:cd:5d:4f:ed:39:
                    f7:b1:22:73:5f:9a:ea:b1:9f:6c:89:0f:d2:bb:28:
                    ea:df:2a:09:85:5f:2b:8d:ad:5e:dd:85:8a:df:d4:
                    1b:b6:a5:b1:27:2a:91:f0:9b:9a:1c:40:f1:07:35:
                    c2:c9:1c:71:82:d7:1d:49:4c:e5:24:e4:f4:ae:41:
                    ea:cb:90:cd:94:b6:42:08:6b:65:6a:e3:49:8f:35:
                    48:c9:51:06:49:a1:96:ac:be:8b:ab:d1:ea:1f:50:
                    ce:47:1f:70:08:1b:41:ca:fd:aa:65:ec:51:2d:65:
                    18:57:39:1a:f3:0f:fd:78:d6:8e:62:03:15:74:84:
                    ab:ee:24:a1:d5:78:51:f0:7b:24:e8:f9:16:3e:c5:
                    de:b8:e1:9b:fc:e8:df:06:6e:a3:af:af:99:19:96:
                    ae:2f:c3:ae:4c:ad:a8:68:ef:b3:f4:46:51:50:d0:
                    f4:5e:00:af:44:e3:5e:64:7f:28:1d:2e:3d:04:95:
                    99:d6:ca:3f:c4:a0:89:f3:a4:03:ca:3a:cf:16:31:
                    b7:3b:27:85:5c:c8:10:3a:2b:1d:f1:15:8e:d9:9b:
                    50:44:73:a8:ba:37:a6:c1:6d:ce:ae:80:37:b9:72:
                    61:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:28:69:45:AA:84:99:9B:77:79:97:DC:08:A9:48:F5:AF:80:D9:C3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98cc72ea-914b-406d-a713-eb0cb9240ff9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.187.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         88:03:25:41:87:93:0d:08:d3:7f:a4:f4:01:94:2a:56:1f:5a:
         85:67:10:e2:57:2d:1d:e9:21:97:5f:4e:a3:ab:11:c6:9d:fb:
         ff:28:89:4a:06:dc:1f:7b:00:e2:1f:21:01:f5:04:13:24:9b:
         db:79:04:4c:cf:6f:60:a1:8b:61:cb:63:02:45:44:b5:b2:10:
         ed:70:79:81:da:a8:33:40:d6:4e:ef:79:be:7e:cc:d5:cf:a7:
         2a:69:58:5c:34:9d:2b:74:b5:19:f2:25:c3:85:2c:aa:6a:b1:
         e5:c0:3a:a7:fd:1b:ac:c2:e4:cd:c9:f7:6f:18:de:2b:f3:d6:
         76:83:79:86:32:8c:56:fa:65:ff:b3:93:79:94:a3:0f:80:6e:
         ad:9d:11:bb:31:f7:a3:43:f8:39:ca:02:58:23:da:7f:eb:24:
         b6:50:0e:22:f2:c3:47:92:6b:5d:81:86:19:f8:5b:c1:2e:bf:
         dc:dc:f0:59:41:2c:78:f9:c0:38:eb:5a:51:e7:5e:c9:6f:eb:
         5f:56:3b:20:29:98:81:fd:dd:95:b2:44:19:25:dc:b8:9e:eb:
         b6:da:9c:3c:d0:36:5d:18:6a:39:85:0d:bd:07:29:a2:c5:3d:
         80:08:80:ac:48:1a:6d:5e:fa:af:84:b6:b1:e9:53:fc:83:2f:
         37:2d:84:2a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUEFUvNLF1B8W24FAU9IRAsPF8i3MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA0MDA1MTQ1WhcNMjUxMTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YzcwNzExN2ZkMmQwY2IzY2YzYzQ4YTAxMjJkY2U4MTZj
YjJjYmZmNzliNTlmYWIyZTA0OGIwOThhYTQyMmMxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCPcYaH2zYZCjgg5vg42L/nLoZSE3rrqkrNXU/tOfexInNf
muqxn2yJD9K7KOrfKgmFXyuNrV7dhYrf1Bu2pbEnKpHwm5ocQPEHNcLJHHGC1x1J
TOUk5PSuQerLkM2UtkIIa2Vq40mPNUjJUQZJoZasvour0eofUM5HH3AIG0HK/apl
7FEtZRhXORrzD/141o5iAxV0hKvuJKHVeFHweyTo+RY+xd644Zv86N8GbqOvr5kZ
lq4vw65Mraho77P0RlFQ0PReAK9E415kfygdLj0ElZnWyj/EoInzpAPKOs8WMbc7
J4VcyBA6Kx3xFY7Zm1BEc6i6N6bBbc6ugDe5cmErAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUpihpRaqEmZt3eZfcCKlI9a+A2cMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk4Y2M3MmVhLTkxNGItNDA2ZC1hNzEzLWViMGNiOTI0MGZmOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAouzANBgkqhkiG9w0BAQsFAAOCAQEAiAMlQYeTDQjTf6T0AZQqVh9ahWcQ
4lctHekhl19Oo6sRxp37/yiJSgbcH3sA4h8hAfUEEySb23kETM9vYKGLYctjAkVE
tbIQ7XB5gdqoM0DWTu95vn7M1c+nKmlYXDSdK3S1GfIlw4Usqmqx5cA6p/0brMLk
zcn3bxjeK/PWdoN5hjKMVvpl/7OTeZSjD4BurZ0RuzH3o0P4OcoCWCPaf+sktlAO
IvLDR5JrXYGGGfhbwS6/3NzwWUEsePnAOOtaUedeyW/rX1Y7ICmYgf3dlbJEGSXc
uJ7rttqcPNA2XRhqOYUNvQcposU9gAiArEgabV76r4S2selT/IMvNy2EKg==
-----END CERTIFICATE-----