Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b74755a0-b799-4c77-b4b7-9eedf26a56df.roa
File:                     b74755a0-b799-4c77-b4b7-9eedf26a56df.roa (raw, json)
Hash identifier:          6eSqXrvDk42Kkq2tEwdUNITqGhWl+BRhxnyOiv3emaY=
Subject key identifier:   39:61:0B:4D:E8:5A:4A:36:4F:E1:30:6A:7F:5C:8E:A7:D5:4A:F9:53
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       78E44738E95F08575A8792776063A29B1B5F2E28
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b74755a0-b799-4c77-b4b7-9eedf26a56df.roa
Signing time:             Fri 17 Oct 2025 21:30:21 +0000
ROA not before:           Fri 17 Oct 2025 21:30:21 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        167.234.40.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:e4:47:38:e9:5f:08:57:5a:87:92:77:60:63:a2:9b:1b:5f:2e:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 17 21:30:21 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=25f5ef90e96f2c7b4683bb882ba5c96a3c6a62376c41091867668a5c97c8eab9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:da:29:9d:e9:8d:bd:b9:62:d4:05:02:97:d3:
                    4f:ad:25:14:0b:59:f9:78:8b:4d:6d:57:2c:4b:87:
                    04:1e:7e:90:9a:e1:4d:25:6e:60:37:85:0a:6f:04:
                    33:a3:f9:37:bc:25:55:32:e5:cb:cb:ef:b6:63:ba:
                    db:b3:b7:80:26:d1:54:74:0e:33:0a:3d:61:6d:da:
                    b1:a1:4e:1e:2a:80:d7:c1:8d:b4:2b:8e:15:76:9b:
                    b9:52:9f:f4:8e:c5:c4:f5:54:c7:36:8f:ba:7f:1f:
                    45:14:2d:42:67:e6:de:4b:67:78:4c:35:3b:4d:20:
                    dd:55:84:cb:6e:2e:81:92:a4:6b:b0:b2:bf:1b:bc:
                    a0:a7:62:e6:3d:d1:33:74:ed:d6:2f:ce:dd:cd:e6:
                    57:74:3a:eb:07:9b:23:9b:0c:5e:2f:d7:3b:cf:5c:
                    0b:97:77:79:7f:80:12:98:03:48:35:87:7d:bf:b5:
                    e6:b4:08:35:b4:bb:a5:1b:2b:69:26:8c:d6:61:3c:
                    17:d4:ee:51:1a:b2:b8:6f:5c:22:ec:ed:89:6f:f5:
                    57:47:24:f3:02:79:32:21:2d:07:d3:18:ec:31:b3:
                    e7:3c:a5:6b:a1:ba:c5:4a:7f:d1:27:56:0a:8b:7b:
                    8f:7f:44:3b:e2:c9:cd:4b:e2:b1:d4:1d:92:9c:05:
                    f9:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:61:0B:4D:E8:5A:4A:36:4F:E1:30:6A:7F:5C:8E:A7:D5:4A:F9:53
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b74755a0-b799-4c77-b4b7-9eedf26a56df.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.234.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         70:67:d9:18:db:56:45:d4:28:00:be:f1:a9:31:86:90:49:69:
         b7:9b:cb:dd:7c:87:f3:52:9e:09:22:6b:00:21:8d:08:66:c6:
         28:34:da:37:41:b2:43:19:66:21:e0:88:af:c7:fd:9d:64:e1:
         b0:85:62:eb:34:3d:77:15:19:53:66:bf:f3:54:ed:be:f6:cd:
         be:04:48:4e:ed:ee:af:36:9c:d8:eb:04:c6:89:80:87:d2:9d:
         55:45:a3:ac:01:62:cb:05:b8:9c:1b:6a:26:3a:73:d2:dc:fa:
         7c:9d:90:bc:22:26:31:7f:32:77:28:35:07:ea:01:06:46:dc:
         f4:7a:91:44:cb:d8:52:ca:12:07:23:c5:f9:fc:86:51:eb:27:
         77:d3:6a:fc:ff:9a:4e:74:76:46:1f:a0:c0:e9:6a:74:3e:8a:
         0a:19:3d:bc:9f:d4:cd:28:92:94:9b:56:53:51:a7:ae:bd:27:
         9a:2f:c1:57:3b:9d:73:cc:c0:9a:c9:1b:38:d2:90:5a:e6:20:
         33:a7:32:da:8c:77:c5:80:83:00:44:4e:19:53:3f:bb:1d:f3:
         4b:fc:fe:d6:6f:f2:a7:e3:74:55:88:c0:16:26:68:03:33:37:
         ad:36:37:cb:bd:df:d7:94:3b:89:f5:2f:f4:e6:6e:3b:3b:d1:
         12:84:31:9b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeORHOOlfCFdah5J3YGOimxtfLigwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE3MjEzMDIxWhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNWY1ZWY5MGU5NmYyYzdiNDY4M2JiODgyYmE1Yzk2YTNj
NmE2MjM3NmM0MTA5MTg2NzY2OGE1Yzk3YzhlYWI5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJ2imd6Y29uWLUBQKX00+tJRQLWfl4i01tVyxLhwQefpCa
4U0lbmA3hQpvBDOj+Te8JVUy5cvL77Zjutuzt4Am0VR0DjMKPWFt2rGhTh4qgNfB
jbQrjhV2m7lSn/SOxcT1VMc2j7p/H0UULUJn5t5LZ3hMNTtNIN1VhMtuLoGSpGuw
sr8bvKCnYuY90TN07dYvzt3N5ld0OusHmyObDF4v1zvPXAuXd3l/gBKYA0g1h32/
tea0CDW0u6UbK2kmjNZhPBfU7lEasrhvXCLs7Ylv9VdHJPMCeTIhLQfTGOwxs+c8
pWuhusVKf9EnVgqLe49/RDviyc1L4rHUHZKcBfmRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOWELTehaSjZP4TBqf1yOp9VK+VMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I3NDc1NWEwLWI3OTktNGM3Ny1iNGI3LTllZWRmMjZhNTZkZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAOn6igwDQYJKoZIhvcNAQELBQADggEBAHBn2RjbVkXUKAC+8akxhpBJabeb
y918h/NSngkiawAhjQhmxig02jdBskMZZiHgiK/H/Z1k4bCFYus0PXcVGVNmv/NU
7b72zb4ESE7t7q82nNjrBMaJgIfSnVVFo6wBYssFuJwbaiY6c9Lc+nydkLwiJjF/
MncoNQfqAQZG3PR6kUTL2FLKEgcjxfn8hlHrJ3fTavz/mk50dkYfoMDpanQ+igoZ
Pbyf1M0okpSbVlNRp669J5ovwVc7nXPMwJrJGzjSkFrmIDOnMtqMd8WAgwBEThlT
P7sd80v8/tZv8qfjdFWIwBYmaAMzN602N8u939eUO4n1L/Tmbjs70RKEMZs=
-----END CERTIFICATE-----