Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba694444-566a-4643-ab64-491712a1b999.roa
File:                     ba694444-566a-4643-ab64-491712a1b999.roa (raw, json)
Hash identifier:          9iInjNFw9dFZMzIGPVoN8GhNT+VRUF/o0yUltEOqYsM=
Subject key identifier:   7F:55:18:7F:BC:FA:A3:AE:CA:37:7A:04:33:E0:0B:AF:0A:CB:E9:F1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       564BAB37F09173AE919EC72873361C81850BC0AE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba694444-566a-4643-ab64-491712a1b999.roa
Signing time:             Sat 18 Oct 2025 01:01:24 +0000
ROA not before:           Sat 18 Oct 2025 01:01:24 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.39.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:4b:ab:37:f0:91:73:ae:91:9e:c7:28:73:36:1c:81:85:0b:c0:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 01:01:24 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=932f6a6a3df2aa691692c515969f34d0ef0e8efa9e4f970fe3f986eebcefa0c1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e7:6d:82:67:cc:f9:29:ad:f6:06:e2:10:8b:
                    c7:be:9a:05:62:fd:2d:e6:06:00:a2:22:be:fe:97:
                    20:0e:0d:b3:44:19:9e:75:15:73:a8:a2:3b:5a:de:
                    46:9c:a9:da:7d:05:bb:91:36:8a:57:e9:f2:3e:e8:
                    2b:1d:ff:ed:75:e1:c2:48:ec:06:e9:d0:fb:59:99:
                    76:7a:3d:e7:86:fd:3a:79:26:99:30:8d:26:71:f2:
                    f4:1a:9f:6a:49:9d:f1:59:91:3b:ff:0f:91:a4:74:
                    f8:1c:98:f4:4a:11:51:0b:16:9f:f4:8e:e6:c7:b8:
                    13:b0:1c:ae:bf:b7:f5:db:bf:21:8a:08:91:fe:dd:
                    49:e3:bb:c9:1c:71:b8:df:df:1d:63:f5:49:06:cd:
                    ca:32:e2:4e:4f:32:f8:f4:75:32:68:15:76:59:8e:
                    fa:a7:fb:d3:41:9f:75:b0:57:6e:16:30:4c:c8:1a:
                    eb:5b:db:e9:d5:d4:1c:f5:43:51:b8:78:74:a8:e9:
                    29:e4:9e:84:2c:e4:52:c8:19:aa:47:b3:98:1c:54:
                    72:6c:19:1e:c6:9d:21:6f:80:d9:51:e2:25:ff:5f:
                    c4:b3:a7:5b:b7:e7:d2:07:27:0c:3c:36:00:9b:f1:
                    7c:7d:81:08:f5:5d:76:17:78:80:c3:49:09:56:81:
                    07:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:55:18:7F:BC:FA:A3:AE:CA:37:7A:04:33:E0:0B:AF:0A:CB:E9:F1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba694444-566a-4643-ab64-491712a1b999.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.39.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         00:e9:7e:63:25:71:12:77:8a:33:fa:cb:62:0c:59:a4:82:0d:
         91:59:bf:a5:65:53:09:4e:6b:47:a7:fd:4f:80:cb:4f:44:88:
         fc:1d:19:b4:bb:02:cb:88:3b:30:31:b6:f9:41:e5:ec:8d:0d:
         a5:0f:90:51:05:98:df:16:2d:26:c2:58:eb:45:fa:c2:97:63:
         f0:8e:f1:1b:cb:a0:08:b0:77:0f:57:9b:32:58:c8:c5:bb:2d:
         c2:1c:eb:fb:9b:be:14:7a:20:74:1c:73:ee:f0:48:f8:e4:6d:
         5d:2f:14:bb:60:27:0f:49:f8:20:c6:cd:18:ce:22:5c:74:ca:
         f8:2c:b0:b2:b7:18:b3:03:a7:91:7b:ef:e4:09:13:d4:bf:5e:
         ac:0d:26:cd:67:bf:c3:50:e5:73:01:a6:b7:09:d0:af:a3:1a:
         73:00:ed:f2:4f:23:87:04:d4:5f:73:1a:5a:20:4d:ad:43:30:
         d4:bc:d7:3e:ab:cd:35:6a:ce:d1:6a:d0:05:5a:4c:8a:53:80:
         97:3e:4d:ca:64:f5:c0:e1:d0:4a:08:11:24:d3:ac:07:cb:8a:
         1d:27:3f:81:38:7a:13:87:d4:42:47:22:48:d7:61:2d:f6:ec:
         70:ec:d3:65:33:c4:50:dd:b6:f4:e0:81:ac:2e:dd:eb:93:3b:
         29:d0:e4:5f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUVkurN/CRc66RnscoczYcgYULwK4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDEwMTI0WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MzJmNmE2YTNkZjJhYTY5MTY5MmM1MTU5NjlmMzRkMGVm
MGU4ZWZhOWU0Zjk3MGZlM2Y5ODZlZWJjZWZhMGMxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCi522CZ8z5Ka32BuIQi8e+mgVi/S3mBgCiIr7+lyAODbNE
GZ51FXOoojta3kacqdp9BbuRNopX6fI+6Csd/+114cJI7Abp0PtZmXZ6PeeG/Tp5
JpkwjSZx8vQan2pJnfFZkTv/D5GkdPgcmPRKEVELFp/0jubHuBOwHK6/t/XbvyGK
CJH+3Unju8kccbjf3x1j9UkGzcoy4k5PMvj0dTJoFXZZjvqn+9NBn3WwV24WMEzI
Gutb2+nV1Bz1Q1G4eHSo6SnknoQs5FLIGapHs5gcVHJsGR7GnSFvgNlR4iX/X8Sz
p1u359IHJww8NgCb8Xx9gQj1XXYXeIDDSQlWgQflAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUf1UYf7z6o67KN3oEM+ALrwrL6fEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JhNjk0NDQ0LTU2NmEtNDY0My1hYjY0LTQ5MTcxMmExYjk5OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAoJzANBgkqhkiG9w0BAQsFAAOCAQEAAOl+YyVxEneKM/rLYgxZpIINkVm/
pWVTCU5rR6f9T4DLT0SI/B0ZtLsCy4g7MDG2+UHl7I0NpQ+QUQWY3xYtJsJY60X6
wpdj8I7xG8ugCLB3D1ebMljIxbstwhzr+5u+FHogdBxz7vBI+ORtXS8Uu2AnD0n4
IMbNGM4iXHTK+CywsrcYswOnkXvv5AkT1L9erA0mzWe/w1DlcwGmtwnQr6MacwDt
8k8jhwTUX3MaWiBNrUMw1LzXPqvNNWrO0WrQBVpMilOAlz5NymT1wOHQSggRJNOs
B8uKHSc/gTh6E4fUQkciSNdhLfbscOzTZTPEUN229OCBrC7d65M7KdDkXw==
-----END CERTIFICATE-----