Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9d4ea817-9a30-46eb-adae-ea1411984c84.roa
File:                     9d4ea817-9a30-46eb-adae-ea1411984c84.roa (raw, json)
Hash identifier:          f+PrKnNCU8BCo3LpMr3p+icLNEsPF8RLFTkjSOF00Nc=
Subject key identifier:   85:6A:F5:72:D5:E2:6D:48:0F:D6:B5:16:9A:B1:A1:D7:4A:B9:E7:CC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4591EE23DF302977C7C32A2FFEEF7654519CAA66
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9d4ea817-9a30-46eb-adae-ea1411984c84.roa
Signing time:             Sat 04 Oct 2025 00:51:48 +0000
ROA not before:           Sat 04 Oct 2025 00:51:48 +0000
ROA not after:            Sat 08 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.45.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:91:ee:23:df:30:29:77:c7:c3:2a:2f:fe:ef:76:54:51:9c:aa:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  4 00:51:48 2025 GMT
            Not After : Nov  8 23:59:59 2025 GMT
        Subject: serialNumber=3d55fb81f547bf3843196f79a1c63d857f63269d98ca2de65f05922fce88b404, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:9d:87:4c:c9:24:1a:a7:a9:4e:97:85:53:60:
                    53:22:bc:7a:57:da:27:b5:9a:60:fe:49:e5:ed:0e:
                    83:cd:72:88:85:8a:c2:8e:72:68:54:6c:85:85:2f:
                    56:eb:ec:aa:31:c4:43:0d:9b:a8:97:b4:a6:5f:46:
                    04:1a:2e:12:08:41:5d:f8:90:58:64:ca:04:8f:f7:
                    d4:31:70:3e:8a:ab:aa:f7:f0:64:3d:6c:aa:bf:20:
                    c5:28:5d:04:3c:86:04:a3:41:8d:9d:e5:f5:fd:9e:
                    36:51:d7:6b:cd:3f:70:58:8f:0e:65:0f:be:1a:c3:
                    74:cc:88:52:49:4d:6a:61:43:47:24:8a:9d:28:0c:
                    2e:c7:90:88:a3:0e:20:f4:f0:8c:44:d9:ca:ff:b5:
                    99:eb:9d:67:5d:56:db:9c:59:ea:16:ca:59:87:2b:
                    6c:e7:5f:e7:14:88:40:f4:28:14:a1:98:4b:96:9b:
                    26:83:d8:b8:e5:1a:af:e8:5a:51:88:94:86:f2:3b:
                    76:38:4a:0f:dc:b7:9f:74:d7:2f:c6:24:bb:e1:ed:
                    de:17:93:fa:24:bb:2a:2a:4c:02:a8:a1:8c:2e:7b:
                    1a:c3:8f:38:cf:db:fb:df:d8:ee:0b:fd:d9:fa:50:
                    89:fb:85:91:2b:59:14:7a:e5:bf:be:7c:2f:1e:33:
                    6a:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:6A:F5:72:D5:E2:6D:48:0F:D6:B5:16:9A:B1:A1:D7:4A:B9:E7:CC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9d4ea817-9a30-46eb-adae-ea1411984c84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.45.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2b:e8:0a:97:46:4a:b2:51:c2:56:ac:72:a6:34:c4:01:52:e7:
         9d:d4:80:f3:6a:0f:1d:9e:1c:52:d1:c4:9c:f8:fb:db:5d:3c:
         60:47:ee:b1:ed:67:71:cf:67:0f:dc:20:c4:6a:65:1f:84:46:
         af:45:f6:71:ec:61:5c:9d:22:57:d4:f0:d6:95:02:a1:77:4e:
         c7:2e:8d:fa:ba:0b:aa:da:b8:c6:7f:39:d9:e4:6e:15:23:71:
         8c:03:36:ab:52:cb:09:08:b2:22:ad:5a:bf:15:8c:02:82:11:
         d2:e9:f7:92:ba:cb:eb:df:bd:ed:ae:17:59:f0:a4:68:0f:38:
         f3:58:d9:ac:02:48:ba:ce:5f:a3:de:1f:01:4b:a3:fd:a8:00:
         1e:bd:c6:6e:44:12:12:dc:3b:e3:b1:09:f2:71:75:5c:a0:f7:
         1e:ad:ca:bf:b6:1b:be:48:a5:83:0c:c5:ca:46:f0:60:87:c5:
         10:00:ae:a9:81:f1:5e:a2:b8:bc:58:61:27:99:c5:eb:5a:d8:
         1d:5c:93:31:9f:e8:87:c2:1d:64:93:14:09:93:9e:ce:9d:57:
         a4:c7:fa:3b:00:ef:75:c1:cb:ed:9a:4d:26:1f:10:a4:83:12:
         5c:6b:17:3d:38:0f:85:bf:d3:52:17:ed:92:f3:47:06:ee:14:
         72:15:31:52
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIURZHuI98wKXfHwyov/u92VFGcqmYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA0MDA1MTQ4WhcNMjUxMTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZDU1ZmI4MWY1NDdiZjM4NDMxOTZmNzlhMWM2M2Q4NTdm
NjMyNjlkOThjYTJkZTY1ZjA1OTIyZmNlODhiNDA0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCDnYdMySQap6lOl4VTYFMivHpX2ie1mmD+SeXtDoPNcoiF
isKOcmhUbIWFL1br7KoxxEMNm6iXtKZfRgQaLhIIQV34kFhkygSP99QxcD6Kq6r3
8GQ9bKq/IMUoXQQ8hgSjQY2d5fX9njZR12vNP3BYjw5lD74aw3TMiFJJTWphQ0ck
ip0oDC7HkIijDiD08IxE2cr/tZnrnWddVtucWeoWylmHK2znX+cUiED0KBShmEuW
myaD2LjlGq/oWlGIlIbyO3Y4Sg/ct5901y/GJLvh7d4Xk/okuyoqTAKooYwuexrD
jzjP2/vf2O4L/dn6UIn7hZErWRR65b++fC8eM2o3AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUhWr1ctXibUgP1rUWmrGh10q558wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlkNGVhODE3LTlhMzAtNDZlYi1hZGFlLWVhMTQxMTk4NGM4NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAoLTANBgkqhkiG9w0BAQsFAAOCAQEAK+gKl0ZKslHCVqxypjTEAVLnndSA
82oPHZ4cUtHEnPj72108YEfuse1ncc9nD9wgxGplH4RGr0X2cexhXJ0iV9Tw1pUC
oXdOxy6N+roLqtq4xn852eRuFSNxjAM2q1LLCQiyIq1avxWMAoIR0un3krrL69+9
7a4XWfCkaA8481jZrAJIus5fo94fAUuj/agAHr3GbkQSEtw747EJ8nF1XKD3Hq3K
v7YbvkilgwzFykbwYIfFEACuqYHxXqK4vFhhJ5nF61rYHVyTMZ/oh8IdZJMUCZOe
zp1XpMf6OwDvdcHL7ZpNJh8QpIMSXGsXPTgPhb/TUhftkvNHBu4UchUxUg==
-----END CERTIFICATE-----