Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e55c985-9370-45ae-94ef-029873555580.roa
File:                     6e55c985-9370-45ae-94ef-029873555580.roa (raw, json)
Hash identifier:          HIlUs+gURlAEEJHddLEGR+pGcvnRt4tcQB5K2KHTN6Y=
Subject key identifier:   6B:F1:D8:8F:20:84:4B:92:A0:F1:8F:A1:8B:CD:B2:26:D5:5A:B9:FA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1A440B20EE71458DBF9542352158164B90A9AD66
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e55c985-9370-45ae-94ef-029873555580.roa
Signing time:             Wed 29 Oct 2025 00:30:16 +0000
ROA not before:           Wed 29 Oct 2025 00:30:16 +0000
ROA not after:            Wed 03 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        40.238.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:44:0b:20:ee:71:45:8d:bf:95:42:35:21:58:16:4b:90:a9:ad:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 29 00:30:16 2025 GMT
            Not After : Dec  3 23:59:59 2025 GMT
        Subject: serialNumber=f3d3a9ffce6f7c002bc3b5b34356e59d34050989c57a6073df3d8a1fe15339d7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:71:90:67:71:b5:4d:93:66:65:29:9b:fa:4e:
                    f9:5e:1b:3a:d9:94:25:b7:eb:16:7c:d1:62:5c:de:
                    c0:e1:c1:76:ac:a4:9e:5a:2c:b7:d1:6c:75:3b:96:
                    97:4e:88:0d:90:3d:e2:78:42:6f:86:19:3b:15:5d:
                    16:48:1d:e5:78:4e:c8:0c:4d:db:d1:14:f6:bc:50:
                    5d:26:89:d8:b2:4b:75:9a:d7:a4:4a:ed:45:98:27:
                    95:75:95:e6:4f:74:06:26:88:ec:f6:92:f9:80:0b:
                    38:13:79:f5:8c:f8:0d:71:13:11:2f:34:62:fe:4c:
                    47:06:d9:85:fb:fe:58:90:40:fd:34:08:11:4e:00:
                    f9:95:34:0a:c7:8b:fb:98:5e:38:41:c8:72:ec:9e:
                    8e:a3:32:9d:00:72:db:67:6d:92:b0:00:cc:8a:7b:
                    bf:51:56:75:d4:0d:2f:ae:48:5e:f0:a0:da:79:75:
                    2b:62:ba:1a:7c:4c:a9:d3:84:ab:b3:06:59:ba:a1:
                    1b:ab:08:f8:de:cd:0e:3c:cd:42:4a:61:ca:60:87:
                    9d:16:be:59:fe:e5:e1:e7:e5:c0:0b:18:fd:c5:d5:
                    e2:92:bd:81:b0:49:a0:90:49:e9:6d:3e:d5:0b:c9:
                    4a:fa:31:67:81:89:a7:eb:a1:bf:91:26:2e:5b:11:
                    64:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:F1:D8:8F:20:84:4B:92:A0:F1:8F:A1:8B:CD:B2:26:D5:5A:B9:FA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e55c985-9370-45ae-94ef-029873555580.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.238.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         48:d6:6c:db:c0:e7:bc:fb:bf:79:44:cf:1a:b2:d4:24:8c:54:
         6d:63:01:0f:46:e6:6a:b3:e7:20:7f:35:41:ae:70:1d:ce:f6:
         c5:45:f2:fa:ba:2e:ec:ac:25:ab:f1:e9:61:62:dc:0c:a6:44:
         2f:8b:90:11:57:0b:7d:d3:ce:78:af:33:94:6b:19:33:af:b5:
         75:7b:0b:5f:f0:26:f0:71:f2:21:e0:b8:95:c3:09:d7:a8:d1:
         4a:49:25:ea:00:b0:5b:57:8c:63:40:d0:8c:93:75:90:ef:7d:
         e0:11:ad:b4:8d:13:86:75:bb:9b:75:08:cb:d4:fc:7b:34:a9:
         0e:b4:68:ee:76:c0:ca:e5:2e:ea:69:bc:63:eb:d0:8e:b5:25:
         72:af:8e:c2:5e:96:4b:63:36:21:d4:7b:4f:2a:0b:1f:e8:7d:
         e3:c8:97:b2:62:c5:1e:c8:a5:d0:ca:32:6e:0d:48:7c:65:42:
         b4:72:31:dd:3a:f9:74:d4:a4:7e:57:13:2b:97:ab:bb:88:a8:
         18:74:d8:3d:98:f5:37:a7:ae:23:db:04:5d:de:43:aa:21:9e:
         65:62:04:7a:45:3a:0b:06:6f:9a:51:ed:57:87:70:cb:3e:d5:
         b4:b9:8b:cc:0f:12:0f:10:92:23:fb:f2:14:8c:8d:de:c4:5b:
         42:82:bb:aa
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUGkQLIO5xRY2/lUI1IVgWS5CprWYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI5MDAzMDE2WhcNMjUxMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmM2QzYTlmZmNlNmY3YzAwMmJjM2I1YjM0MzU2ZTU5ZDM0
MDUwOTg5YzU3YTYwNzNkZjNkOGExZmUxNTMzOWQ3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfcZBncbVNk2ZlKZv6TvleGzrZlCW36xZ80WJc3sDhwXas
pJ5aLLfRbHU7lpdOiA2QPeJ4Qm+GGTsVXRZIHeV4TsgMTdvRFPa8UF0midiyS3Wa
16RK7UWYJ5V1leZPdAYmiOz2kvmACzgTefWM+A1xExEvNGL+TEcG2YX7/liQQP00
CBFOAPmVNArHi/uYXjhByHLsno6jMp0ActtnbZKwAMyKe79RVnXUDS+uSF7woNp5
dStiuhp8TKnThKuzBlm6oRurCPjezQ48zUJKYcpgh50Wvln+5eHn5cALGP3F1eKS
vYGwSaCQSeltPtULyUr6MWeBiafrob+RJi5bEWQJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUa/HYjyCES5Kg8Y+hi82yJtVaufowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZlNTVjOTg1LTkzNzAtNDVhZS05NGVmLTAyOTg3MzU1NTU4MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAo7jANBgkqhkiG9w0BAQsFAAOCAQEASNZs28DnvPu/eUTPGrLUJIxUbWMB
D0bmarPnIH81Qa5wHc72xUXy+rou7Kwlq/HpYWLcDKZEL4uQEVcLfdPOeK8zlGsZ
M6+1dXsLX/Am8HHyIeC4lcMJ16jRSkkl6gCwW1eMY0DQjJN1kO994BGttI0ThnW7
m3UIy9T8ezSpDrRo7nbAyuUu6mm8Y+vQjrUlcq+Owl6WS2M2IdR7TyoLH+h948iX
smLFHsil0Moybg1IfGVCtHIx3Tr5dNSkflcTK5eru4ioGHTYPZj1N6euI9sEXd5D
qiGeZWIEekU6CwZvmlHtV4dwyz7VtLmLzA8SDxCSI/vyFIyN3sRbQoK7qg==
-----END CERTIFICATE-----