Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/44d98916-94ab-49fc-a073-76f25fab61e9.roa
File:                     44d98916-94ab-49fc-a073-76f25fab61e9.roa (raw, json)
Hash identifier:          R66wgDPUX0nHcpI0MyeRXYlPjgtcyxEUPu/HB+Eny9M=
Subject key identifier:   56:23:0C:C5:52:1C:C7:B5:20:8A:E3:93:64:6C:E2:CE:E2:27:E1:3D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       05862F2B10ACD59642FB70B9F48B8EB4EB66C8B5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/44d98916-94ab-49fc-a073-76f25fab61e9.roa
Signing time:             Sun 26 Oct 2025 00:10:04 +0000
ROA not before:           Sun 26 Oct 2025 00:10:04 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.220.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:86:2f:2b:10:ac:d5:96:42:fb:70:b9:f4:8b:8e:b4:eb:66:c8:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 00:10:04 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=064f6f2540c2b5ebac9d80bd22cabfba5f4eb1fe14d53f270a7dd8eb7b5f1d50, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:19:f3:c3:d4:56:65:84:81:c0:dd:26:c8:3b:
                    41:7f:1e:1f:5b:2c:73:08:50:ea:61:d6:0b:c5:90:
                    a0:d9:21:d6:80:19:9a:38:7f:6e:a6:66:96:eb:05:
                    3a:b7:6d:35:ed:09:01:cf:6b:ca:87:cb:78:5c:dc:
                    1f:9e:cb:68:d0:18:c2:3b:d5:87:5b:20:5c:43:6f:
                    d3:d2:13:86:c0:61:a1:9e:91:fb:68:8e:0b:a6:43:
                    6c:3c:75:76:50:ac:88:80:f1:68:c0:b7:1f:95:f4:
                    16:8f:05:f7:5b:a8:a1:12:e1:85:4b:b7:ac:9f:63:
                    d9:59:da:18:8f:1e:3c:09:3a:8c:63:82:bf:ac:c8:
                    c5:36:15:1a:af:b8:34:0c:dc:22:ac:2f:de:2a:6e:
                    61:e5:6a:32:11:73:7b:32:d3:c3:1a:dc:47:59:7c:
                    48:68:ac:e9:ea:42:f7:e7:8a:22:dc:a5:d6:50:3c:
                    3f:26:94:67:ca:bf:5e:ac:29:36:5e:2e:9e:44:fe:
                    e0:03:c9:8f:97:bb:ef:96:d2:68:8f:ec:ad:f7:1e:
                    e5:ee:d3:a3:98:2f:c5:d7:5e:c9:ed:06:e5:f1:b0:
                    03:40:13:60:0b:c1:c8:1f:5d:d7:f4:27:09:4c:c9:
                    db:80:1c:78:07:09:c1:df:03:43:d6:85:b1:c7:66:
                    22:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:23:0C:C5:52:1C:C7:B5:20:8A:E3:93:64:6C:E2:CE:E2:27:E1:3D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/44d98916-94ab-49fc-a073-76f25fab61e9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.220.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         50:1a:03:c5:3a:86:4e:93:9f:ec:0b:b1:4c:e3:99:41:f4:17:
         01:70:f9:d2:52:05:38:8d:88:a1:72:5e:e7:7f:45:ec:26:ca:
         0d:a7:d5:19:80:13:f0:1c:84:a7:e6:1e:66:73:5c:b7:46:28:
         82:aa:53:db:7c:9a:d4:14:52:f9:7c:a2:03:b7:eb:ea:62:59:
         63:6e:68:53:2b:e7:24:d5:3b:04:c5:fa:c5:f9:88:1e:fc:aa:
         1b:98:bd:12:11:ba:80:15:0c:e9:87:9e:73:96:05:55:79:16:
         fc:63:26:e7:80:93:d5:e5:4b:c2:33:c9:24:1e:9b:e8:2a:65:
         de:a2:ad:95:64:6d:59:17:cd:9d:24:a9:e0:ef:84:a5:5e:c0:
         20:df:34:48:25:ac:ac:29:8d:2e:fd:60:ae:80:2a:53:78:cd:
         4e:58:d2:49:34:16:39:8e:b1:04:ca:13:1a:74:ee:39:45:bc:
         26:a3:6f:70:48:5a:cd:c5:2a:6a:df:db:37:13:bf:6f:7c:2e:
         ed:fa:79:a8:a0:f7:d6:da:fe:06:ff:fa:33:62:08:b3:66:07:
         6f:47:ee:56:4a:88:45:ee:5e:9e:ad:7d:41:b0:4d:54:16:1d:
         78:d1:f1:fc:2d:2e:ff:ee:83:45:97:e8:1b:82:a6:6a:ff:35:
         a1:b7:6f:ca
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBYYvKxCs1ZZC+3C59IuOtOtmyLUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDAxMDA0WhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNjRmNmYyNTQwYzJiNWViYWM5ZDgwYmQyMmNhYmZiYTVm
NGViMWZlMTRkNTNmMjcwYTdkZDhlYjdiNWYxZDUwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2GfPD1FZlhIHA3SbIO0F/Hh9bLHMIUOph1gvFkKDZIdaA
GZo4f26mZpbrBTq3bTXtCQHPa8qHy3hc3B+ey2jQGMI71YdbIFxDb9PSE4bAYaGe
kftojgumQ2w8dXZQrIiA8WjAtx+V9BaPBfdbqKES4YVLt6yfY9lZ2hiPHjwJOoxj
gr+syMU2FRqvuDQM3CKsL94qbmHlajIRc3sy08Ma3EdZfEhorOnqQvfniiLcpdZQ
PD8mlGfKv16sKTZeLp5E/uADyY+Xu++W0miP7K33HuXu06OYL8XXXsntBuXxsANA
E2ALwcgfXdf0JwlMyduAHHgHCcHfA0PWhbHHZiJJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUViMMxVIcx7UgiuOTZGzizuIn4T0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ0ZDk4OTE2LTk0YWItNDlmYy1hMDczLTc2ZjI1ZmFiNjFlOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAo3DANBgkqhkiG9w0BAQsFAAOCAQEAUBoDxTqGTpOf7AuxTOOZQfQXAXD5
0lIFOI2IoXJe539F7CbKDafVGYAT8ByEp+YeZnNct0YogqpT23ya1BRS+XyiA7fr
6mJZY25oUyvnJNU7BMX6xfmIHvyqG5i9EhG6gBUM6Yeec5YFVXkW/GMm54CT1eVL
wjPJJB6b6Cpl3qKtlWRtWRfNnSSp4O+EpV7AIN80SCWsrCmNLv1groAqU3jNTljS
STQWOY6xBMoTGnTuOUW8JqNvcEhazcUqat/bNxO/b3wu7fp5qKD31tr+Bv/6M2II
s2YHb0fuVkqIRe5enq19QbBNVBYdeNHx/C0u/+6DRZfoG4Kmav81obdvyg==
-----END CERTIFICATE-----