Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f0dc6def-824b-44e4-953e-03bc03efa024.roa
File:                     f0dc6def-824b-44e4-953e-03bc03efa024.roa (raw, json)
Hash identifier:          v/PKPGrzKikMw1oVxTzQDxDcLSo/DGFUQ+LyKof3z/M=
Subject key identifier:   C4:5F:6A:A9:0F:44:57:D0:26:0C:A0:88:4C:73:D3:54:74:3B:13:8E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       66ABD2658233869B757D84D0933629DF1A206B3B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f0dc6def-824b-44e4-953e-03bc03efa024.roa
Signing time:             Wed 01 Oct 2025 00:22:07 +0000
ROA not before:           Wed 01 Oct 2025 00:22:07 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.229.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:ab:d2:65:82:33:86:9b:75:7d:84:d0:93:36:29:df:1a:20:6b:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:22:07 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=5f5dfdb51cdb009dcc1226a2b921cda2df0eba6a2f87a78d6e02bdb3369b4be8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ce:c1:e9:a0:7a:68:17:1b:01:a5:13:df:78:
                    3a:69:b4:25:40:09:31:02:33:46:9a:16:37:f1:cc:
                    10:35:e9:60:27:6f:6f:5c:a8:ff:5f:57:9a:46:54:
                    a8:79:5e:4f:ca:34:41:8c:08:e3:0a:dc:bb:f6:9e:
                    5a:9f:05:2d:d8:3b:4d:24:4c:5e:a7:ec:c0:c2:4e:
                    8c:e4:25:14:3e:f3:c9:bb:85:e1:b4:27:0d:85:20:
                    7d:3d:ee:36:02:5d:27:ad:d8:dc:20:d5:4b:37:12:
                    da:e6:c0:9d:7d:3b:b3:04:ff:47:ef:92:9a:a1:fb:
                    47:4f:38:bc:53:54:cd:a5:29:cc:42:34:1f:7d:40:
                    d4:d8:6b:bb:cf:4b:41:2a:45:85:cb:43:fa:61:14:
                    e1:7f:ab:2a:89:ee:c2:e7:03:13:9c:58:c3:ac:64:
                    ae:8a:2b:69:8c:33:a2:18:f3:e9:64:90:34:da:47:
                    7a:7f:f7:83:6e:e9:1d:98:74:e1:7d:ba:ce:32:4e:
                    e3:33:26:2b:a3:c2:c7:8c:77:b6:6a:ff:94:66:1f:
                    1e:c5:6e:cf:4e:b6:ae:73:27:29:e9:1b:2c:ae:ca:
                    b0:05:c0:5a:f7:72:b0:6b:f8:80:90:f7:6e:f5:58:
                    35:51:92:8e:0d:43:be:66:e4:02:a2:f1:70:e1:d2:
                    74:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:5F:6A:A9:0F:44:57:D0:26:0C:A0:88:4C:73:D3:54:74:3B:13:8E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f0dc6def-824b-44e4-953e-03bc03efa024.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.229.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         29:5c:f6:86:96:34:7f:a1:56:80:1b:c8:fc:ea:d6:68:af:fa:
         f1:4e:59:a7:db:a1:0e:dd:fb:6d:19:b8:2f:c6:89:95:d7:26:
         ac:16:54:c6:75:b6:7c:b2:81:0d:58:d7:f2:42:76:ae:16:74:
         00:04:eb:ef:d4:2f:b4:0b:18:a1:de:29:38:30:21:ee:a6:28:
         d4:89:7f:92:dc:ca:9f:18:75:ad:01:27:01:bc:d6:85:b0:cb:
         84:6d:32:fc:46:1c:c9:5d:98:89:a4:f3:93:99:8e:d7:81:ce:
         38:0f:d1:25:23:d3:20:97:6f:ca:55:a3:f1:6a:9e:8c:17:55:
         1e:72:ad:94:7f:14:ad:8d:1b:d1:19:d9:83:f3:5a:b2:0e:e1:
         e0:38:3d:3d:bd:82:c1:b8:42:29:a5:e1:76:de:a2:e6:c0:ea:
         90:17:17:38:26:34:1f:87:5a:0a:c9:40:66:3b:7f:6b:21:8e:
         5e:a0:89:7c:54:82:40:38:e1:a2:74:c2:f9:d1:4b:ae:6e:cc:
         92:b5:fb:f1:a4:12:f5:d2:e2:61:d6:5a:88:54:bc:3f:ad:17:
         5e:19:e3:16:ff:56:74:c8:9c:74:1d:d3:51:28:fa:d7:59:d2:
         18:17:da:fb:ac:6f:0a:c4:4e:f0:c1:25:db:99:9e:97:29:e7:
         6a:4e:12:e6
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUZqvSZYIzhpt1fYTQkzYp3xogazswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDAyMjA3WhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZjVkZmRiNTFjZGIwMDlkY2MxMjI2YTJiOTIxY2RhMmRm
MGViYTZhMmY4N2E3OGQ2ZTAyYmRiMzM2OWI0YmU4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNzsHpoHpoFxsBpRPfeDpptCVACTECM0aaFjfxzBA16WAn
b29cqP9fV5pGVKh5Xk/KNEGMCOMK3Lv2nlqfBS3YO00kTF6n7MDCTozkJRQ+88m7
heG0Jw2FIH097jYCXSet2Nwg1Us3EtrmwJ19O7ME/0fvkpqh+0dPOLxTVM2lKcxC
NB99QNTYa7vPS0EqRYXLQ/phFOF/qyqJ7sLnAxOcWMOsZK6KK2mMM6IY8+lkkDTa
R3p/94Nu6R2YdOF9us4yTuMzJiujwseMd7Zq/5RmHx7Fbs9Otq5zJynpGyyuyrAF
wFr3crBr+ICQ9271WDVRko4NQ75m5AKi8XDh0nQBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUxF9qqQ9EV9AmDKCITHPTVHQ7E44wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YwZGM2ZGVmLTgyNGItNDRlNC05NTNlLTAzYmMwM2VmYTAyNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAo5TANBgkqhkiG9w0BAQsFAAOCAQEAKVz2hpY0f6FWgBvI/OrWaK/68U5Z
p9uhDt37bRm4L8aJldcmrBZUxnW2fLKBDVjX8kJ2rhZ0AATr79QvtAsYod4pODAh
7qYo1Il/ktzKnxh1rQEnAbzWhbDLhG0y/EYcyV2YiaTzk5mO14HOOA/RJSPTIJdv
ylWj8WqejBdVHnKtlH8UrY0b0RnZg/Nasg7h4Dg9Pb2CwbhCKaXhdt6i5sDqkBcX
OCY0H4daCslAZjt/ayGOXqCJfFSCQDjhonTC+dFLrm7MkrX78aQS9dLiYdZaiFS8
P60XXhnjFv9WdMicdB3TUSj611nSGBfa+6xvCsRO8MEl25melynnak4S5g==
-----END CERTIFICATE-----