Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/04306634-1dbc-4569-a40a-6081987ab549.roa
File:                     04306634-1dbc-4569-a40a-6081987ab549.roa (raw, json)
Hash identifier:          CvMg5tsYIkbiK3/AOGAG1SgubOLJPJIJQfGnz8ud9iM=
Subject key identifier:   F2:C2:8E:00:9D:92:4E:8D:7C:75:91:B2:32:5F:B6:D3:08:43:CF:82
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4DD89180DA6FAFB8AE2F8035D29A67B31AEBE607
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/04306634-1dbc-4569-a40a-6081987ab549.roa
Signing time:             Wed 05 Nov 2025 00:20:10 +0000
ROA not before:           Wed 05 Nov 2025 00:20:10 +0000
ROA not after:            Wed 10 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        72.40.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:d8:91:80:da:6f:af:b8:ae:2f:80:35:d2:9a:67:b3:1a:eb:e6:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  5 00:20:10 2025 GMT
            Not After : Dec 10 23:59:59 2025 GMT
        Subject: serialNumber=5c1478d4d55c20afcd00496f7b474e9c0e7086c58e2c27112ff44a29156ea75e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:33:af:93:a1:13:e0:39:cf:27:1c:5e:04:67:
                    4c:d2:ef:f6:fe:11:71:e5:3e:1e:fc:61:e5:76:e2:
                    fd:ec:54:6e:80:b6:79:7f:40:ff:d1:6d:59:e0:43:
                    6d:25:b6:55:7a:ec:62:4d:d1:c0:d6:52:0c:07:db:
                    da:d2:06:21:00:50:38:7a:08:91:50:29:49:02:f5:
                    d0:4a:7f:1b:e7:74:70:90:2d:5a:cb:59:26:a7:8b:
                    73:0c:18:1f:60:b2:f9:65:9c:bc:3e:87:c0:f8:14:
                    8b:ba:d4:7e:72:71:b8:d2:36:4f:1e:75:e7:78:0c:
                    70:b1:0e:81:3e:96:41:48:c3:33:ba:a0:e0:5e:eb:
                    16:25:d1:76:91:0d:33:e3:a0:92:0d:2d:22:49:82:
                    ca:54:8c:b5:a3:18:20:37:b3:c4:ac:72:07:26:0f:
                    c0:55:4f:17:31:58:89:66:6e:11:00:0a:39:5e:95:
                    f4:3e:55:d7:47:de:73:b8:0b:8e:79:a1:78:f3:6a:
                    4f:06:b2:d5:1f:dc:c8:a1:52:c0:6d:b3:2a:19:4e:
                    3f:1b:48:1a:c1:5d:7f:0c:d2:a9:8e:dd:43:63:6c:
                    3e:8f:40:cb:91:71:6c:ab:4e:bd:42:59:a2:cf:55:
                    38:43:66:db:3e:a0:0f:14:64:dc:0e:be:c7:07:44:
                    90:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:C2:8E:00:9D:92:4E:8D:7C:75:91:B2:32:5F:B6:D3:08:43:CF:82
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/04306634-1dbc-4569-a40a-6081987ab549.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.40.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         86:2e:52:a7:d6:8e:06:d5:bd:0e:b0:b6:5f:dc:90:9c:5a:fd:
         53:42:14:4d:3b:6c:d3:8c:d7:c9:6b:50:cf:5c:90:c1:c6:a5:
         e6:54:73:4a:f3:a9:c8:38:31:62:75:9f:85:98:fb:ad:bb:4d:
         9c:b9:71:7e:a6:ab:ff:51:cb:e8:5a:03:23:dc:e0:a9:69:ad:
         27:b2:6d:59:54:30:f9:62:56:f8:a3:16:bb:cf:64:02:d5:7f:
         bd:b4:3b:e0:79:3b:d0:4f:96:a8:28:b7:0a:d6:f5:b7:f3:ce:
         63:3a:28:8d:d5:8a:44:89:f5:94:07:94:ce:bc:41:79:d4:69:
         ea:c6:f5:92:90:2d:c1:72:73:01:3b:6c:a0:d0:b8:ab:8a:0e:
         71:e2:44:1f:06:5c:4c:92:bc:15:0c:50:98:20:dc:4a:26:ce:
         e3:23:2a:a4:d0:ad:a1:ff:0a:7f:60:86:28:f1:08:45:a4:f6:
         8d:0e:82:62:44:69:ac:15:72:08:b4:83:70:06:62:56:a5:b1:
         e8:c3:f2:b6:ca:49:0c:5c:c7:ce:68:0c:7a:47:70:bc:d7:18:
         ad:b2:28:ba:7e:1f:75:11:f8:d0:20:d8:f9:82:25:4e:c2:ba:
         44:98:dd:67:4b:37:a7:6a:06:50:3b:09:1f:af:be:22:f0:70:
         97:8d:b7:6f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTdiRgNpvr7iuL4A10ppnsxrr5gcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA1MDAyMDEwWhcNMjUxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A1YzE0NzhkNGQ1NWMyMGFmY2QwMDQ5NmY3YjQ3NGU5YzBl
NzA4NmM1OGUyYzI3MTEyZmY0NGEyOTE1NmVhNzVlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/M6+ToRPgOc8nHF4EZ0zS7/b+EXHlPh78YeV24v3sVG6A
tnl/QP/RbVngQ20ltlV67GJN0cDWUgwH29rSBiEAUDh6CJFQKUkC9dBKfxvndHCQ
LVrLWSani3MMGB9gsvllnLw+h8D4FIu61H5ycbjSNk8eded4DHCxDoE+lkFIwzO6
oOBe6xYl0XaRDTPjoJINLSJJgspUjLWjGCA3s8SscgcmD8BVTxcxWIlmbhEACjle
lfQ+VddH3nO4C455oXjzak8GstUf3MihUsBtsyoZTj8bSBrBXX8M0qmO3UNjbD6P
QMuRcWyrTr1CWaLPVThDZts+oA8UZNwOvscHRJBVAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU8sKOAJ2STo18dZGyMl+20whDz4IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA0MzA2NjM0LTFkYmMtNDU2OS1hNDBhLTYwODE5ODdhYjU0OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBIKDANBgkqhkiG9w0BAQsFAAOCAQEAhi5Sp9aOBtW9DrC2X9yQnFr9U0IU
TTts04zXyWtQz1yQwcal5lRzSvOpyDgxYnWfhZj7rbtNnLlxfqar/1HL6FoDI9zg
qWmtJ7JtWVQw+WJW+KMWu89kAtV/vbQ74Hk70E+WqCi3Ctb1t/POYzoojdWKRIn1
lAeUzrxBedRp6sb1kpAtwXJzATtsoNC4q4oOceJEHwZcTJK8FQxQmCDcSibO4yMq
pNCtof8Kf2CGKPEIRaT2jQ6CYkRprBVyCLSDcAZiVqWx6MPytspJDFzHzmgMekdw
vNcYrbIoun4fdRH40CDY+YIlTsK6RJjdZ0s3p2oGUDsJH6++IvBwl423bw==
-----END CERTIFICATE-----