Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/74a67a16-ec65-4294-84bf-ad2edc5d1909.roa
File:                     74a67a16-ec65-4294-84bf-ad2edc5d1909.roa (raw, json)
Hash identifier:          fp5Se+Euoe83VgzjqOhOijJDamy3+g/0js07Xbd8uXQ=
Subject key identifier:   71:92:0B:EE:EA:18:EF:E9:82:7F:81:DA:3B:DA:D1:16:DF:A1:0B:00
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2A3AB403CE7AC39F32420CD819DBA80147CD2D2F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/74a67a16-ec65-4294-84bf-ad2edc5d1909.roa
Signing time:             Tue 21 Oct 2025 00:10:58 +0000
ROA not before:           Tue 21 Oct 2025 00:10:58 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        43.243.40.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:3a:b4:03:ce:7a:c3:9f:32:42:0c:d8:19:db:a8:01:47:cd:2d:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 21 00:10:58 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=7cf241d04d5f9feaac07f6d09052c4e2bc37b90a5264fec5e0fa2491d93bc68d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:cb:4b:82:7a:49:7e:8b:06:c4:b7:30:f1:17:
                    30:bc:8c:46:c9:39:c3:2e:55:fc:1e:47:fc:e0:5f:
                    e3:08:29:ff:e3:aa:fd:c5:ee:ce:68:09:0b:d8:58:
                    ee:a0:17:71:93:ac:8b:8c:1b:53:fe:08:24:7e:99:
                    b9:c0:ac:9b:fb:62:3c:45:16:d7:8c:4d:58:b5:fc:
                    d1:6f:98:2c:d4:3f:e0:78:e8:97:22:fb:6d:6a:75:
                    c5:d1:12:fe:72:65:7e:29:e8:cb:31:85:22:71:75:
                    0d:3f:4c:f4:e6:fc:b2:96:ad:cd:d9:60:f5:5a:0f:
                    56:0e:59:6e:ed:ae:a6:22:20:50:02:29:03:38:bb:
                    c9:ca:0f:46:50:3d:76:cf:9b:c0:e0:63:ef:3e:17:
                    ac:30:cc:73:72:a1:e3:37:8d:94:97:b4:70:9d:56:
                    34:df:4b:1b:41:83:48:41:a5:98:88:78:11:ed:76:
                    75:6f:fc:17:57:ed:07:a9:c6:63:14:83:1f:82:46:
                    bc:cd:39:b0:f9:8c:ed:8e:c1:9a:99:15:49:55:9e:
                    82:fa:79:47:8e:b9:f3:5b:3c:10:c1:4f:5b:ba:e4:
                    f0:21:59:80:f5:83:47:1b:13:82:49:0f:53:cc:f2:
                    d5:c9:34:02:fc:cd:f7:00:73:27:9a:4a:77:e8:21:
                    9c:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:92:0B:EE:EA:18:EF:E9:82:7F:81:DA:3B:DA:D1:16:DF:A1:0B:00
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/74a67a16-ec65-4294-84bf-ad2edc5d1909.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.243.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         98:4a:45:45:06:4f:3b:ec:32:1d:93:0c:80:9a:f2:56:cf:97:
         00:0c:eb:72:c2:b1:b1:87:4a:35:0e:66:8e:83:44:a2:e6:37:
         32:63:4c:f6:6c:cc:14:1d:21:98:c3:d4:ba:9d:cb:9c:1a:12:
         63:e7:81:5b:56:e5:53:ec:ea:a0:84:18:1b:7b:52:f6:c8:6f:
         88:a7:99:7c:29:45:f5:48:a8:68:50:5b:3b:a7:d7:d0:1e:3c:
         99:4d:e4:2e:67:de:f4:fd:ae:d4:2c:b5:ff:ff:2e:a2:78:91:
         7b:7b:e3:ce:63:74:de:62:3e:1c:50:2f:65:e0:78:03:34:63:
         4e:67:8a:96:bf:01:8c:54:8a:94:3b:18:9e:da:36:14:01:2a:
         cf:bf:56:1d:78:64:cd:21:77:bc:5e:17:a1:5b:38:e1:ce:c7:
         8e:92:bd:de:f9:bf:50:b8:5a:27:c2:e6:35:ec:7b:8e:7d:d1:
         df:47:65:6e:08:46:b7:3e:75:25:26:99:9c:36:8a:63:85:13:
         a1:b5:59:d1:a2:da:ba:29:41:25:fe:e6:cb:f4:2b:82:3e:de:
         99:07:fc:27:5b:ed:37:b9:27:29:04:f5:dd:1d:dc:f9:60:16:
         2e:81:83:60:f2:a0:f1:11:b5:2a:13:1c:8b:ad:24:33:41:b1:
         c9:2c:5c:47
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKjq0A856w58yQgzYGduoAUfNLS8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIxMDAxMDU4WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3Y2YyNDFkMDRkNWY5ZmVhYWMwN2Y2ZDA5MDUyYzRlMmJj
MzdiOTBhNTI2NGZlYzVlMGZhMjQ5MWQ5M2JjNjhkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDYy0uCekl+iwbEtzDxFzC8jEbJOcMuVfweR/zgX+MIKf/j
qv3F7s5oCQvYWO6gF3GTrIuMG1P+CCR+mbnArJv7YjxFFteMTVi1/NFvmCzUP+B4
6Jci+21qdcXREv5yZX4p6MsxhSJxdQ0/TPTm/LKWrc3ZYPVaD1YOWW7trqYiIFAC
KQM4u8nKD0ZQPXbPm8DgY+8+F6wwzHNyoeM3jZSXtHCdVjTfSxtBg0hBpZiIeBHt
dnVv/BdX7QepxmMUgx+CRrzNObD5jO2OwZqZFUlVnoL6eUeOufNbPBDBT1u65PAh
WYD1g0cbE4JJD1PM8tXJNAL8zfcAcyeaSnfoIZyBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcZIL7uoY7+mCf4HaO9rRFt+hCwAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc0YTY3YTE2LWVjNjUtNDI5NC04NGJmLWFkMmVkYzVkMTkwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIr8ygwDQYJKoZIhvcNAQELBQADggEBAJhKRUUGTzvsMh2TDICa8lbPlwAM
63LCsbGHSjUOZo6DRKLmNzJjTPZszBQdIZjD1Lqdy5waEmPngVtW5VPs6qCEGBt7
UvbIb4inmXwpRfVIqGhQWzun19AePJlN5C5n3vT9rtQstf//LqJ4kXt7485jdN5i
PhxQL2XgeAM0Y05nipa/AYxUipQ7GJ7aNhQBKs+/Vh14ZM0hd7xeF6FbOOHOx46S
vd75v1C4WifC5jXse4590d9HZW4IRrc+dSUmmZw2imOFE6G1WdGi2ropQSX+5sv0
K4I+3pkH/Cdb7Te5JykE9d0d3PlgFi6Bg2DyoPERtSoTHIutJDNBscksXEc=
-----END CERTIFICATE-----