Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9e4c0c1e-a4b0-46fc-b3b7-324622602ccd.roa
File:                     9e4c0c1e-a4b0-46fc-b3b7-324622602ccd.roa (raw, json)
Hash identifier:          Lp8nO6/BB6se7Ravp5YexjChbaZhJva6p5KWnS9hcQI=
Subject key identifier:   E9:A7:29:00:35:C5:5E:2B:12:24:A2:26:51:50:B1:49:BF:2D:B3:BA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2AD5708F62A59D70C863A6A39F921E7A1E2E3291
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9e4c0c1e-a4b0-46fc-b3b7-324622602ccd.roa
Signing time:             Fri 31 Oct 2025 00:20:43 +0000
ROA not before:           Fri 31 Oct 2025 00:20:43 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.146.40.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:d5:70:8f:62:a5:9d:70:c8:63:a6:a3:9f:92:1e:7a:1e:2e:32:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 00:20:43 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=07b77e1875ca8420002fcd811cad168438719f6b7c95ee4b352fc35a0223d614, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f1:50:20:35:ab:29:5b:cd:80:2c:b4:f8:a3:
                    98:8c:18:a3:d5:74:d7:de:63:6c:9a:18:74:80:fa:
                    54:d9:b9:42:ca:aa:a8:cc:0f:9d:f5:98:b3:85:7d:
                    9b:82:54:4d:ea:f6:08:2c:0b:e0:ac:5b:33:31:96:
                    09:a7:b7:1c:92:55:a0:76:db:58:d7:a1:33:0a:6e:
                    e1:2c:36:ca:7f:39:f4:08:ce:9e:e9:5d:00:7a:dd:
                    36:fc:f2:7d:15:6d:09:58:97:f1:08:05:97:02:8d:
                    35:a7:b0:2a:d0:55:cc:b7:d4:59:34:07:a3:7a:5f:
                    89:6a:e4:b0:c5:cf:7f:b5:95:2a:0e:4b:2d:51:c2:
                    0a:40:d2:7b:c3:73:39:b4:31:f2:7b:93:81:c3:43:
                    1b:5c:c6:bf:e7:e0:73:46:d1:83:6e:5d:c7:01:3c:
                    00:d1:92:f5:b0:4a:0c:f3:40:8d:40:dd:91:1f:c2:
                    85:c4:d8:2f:ce:0d:45:4b:32:c5:86:28:51:62:9f:
                    2e:33:3d:6e:f6:50:7b:ae:b0:6b:db:b6:78:ef:1d:
                    3c:0a:97:07:c6:50:26:c5:48:44:d9:5a:4c:fa:b4:
                    1a:ba:9a:11:b7:dc:56:26:7c:78:dd:dc:3b:0f:b9:
                    01:a8:18:24:bd:c0:eb:b6:bd:60:5e:66:20:87:c9:
                    c3:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:A7:29:00:35:C5:5E:2B:12:24:A2:26:51:50:B1:49:BF:2D:B3:BA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9e4c0c1e-a4b0-46fc-b3b7-324622602ccd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.146.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2f:5a:80:b1:0f:bf:27:c6:dd:95:18:c6:58:1b:ed:4a:e6:d9:
         5e:d3:a2:10:bb:98:4a:17:4e:d2:52:d3:3b:ae:da:04:41:78:
         a3:e3:fd:01:b0:d5:b7:11:04:7e:37:ee:15:97:fb:64:45:5f:
         b3:56:d6:3c:18:7f:2f:80:3f:bc:db:84:4f:8a:3c:d2:2d:16:
         20:29:7e:b1:17:87:9d:6c:5b:48:68:1a:ac:56:a6:66:8c:bd:
         a5:bc:22:c0:64:03:8d:25:a7:56:84:1d:62:bd:70:66:c0:7b:
         3c:e9:7c:4d:f5:fd:68:62:e3:a5:2f:92:df:2e:0a:da:8a:b9:
         96:68:35:f4:ba:0c:94:55:44:73:75:c2:22:ab:9c:5f:28:44:
         b6:ea:b3:13:d0:19:22:8a:67:3b:16:85:67:85:56:97:61:3c:
         d5:d7:29:f7:ab:f6:7e:5d:ff:3b:e3:36:18:93:ef:e3:e3:06:
         33:88:d0:dd:fc:eb:d4:60:21:ba:7e:ec:e5:55:53:eb:a1:b1:
         50:d6:4f:f1:fa:b5:6d:4c:c7:9d:12:67:44:ff:29:a5:32:44:
         12:04:4a:63:f4:99:b8:b1:1f:a2:4f:09:59:5f:be:6c:7b:1d:
         35:18:2b:cb:84:47:e2:23:d1:51:82:20:7f:81:01:bf:34:60:
         22:61:c9:b9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKtVwj2KlnXDIY6ajn5Ieeh4uMpEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMDAyMDQzWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AwN2I3N2UxODc1Y2E4NDIwMDAyZmNkODExY2FkMTY4NDM4
NzE5ZjZiN2M5NWVlNGIzNTJmYzM1YTAyMjNkNjE0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCc8VAgNaspW82ALLT4o5iMGKPVdNfeY2yaGHSA+lTZuULK
qqjMD531mLOFfZuCVE3q9ggsC+CsWzMxlgmntxySVaB221jXoTMKbuEsNsp/OfQI
zp7pXQB63Tb88n0VbQlYl/EIBZcCjTWnsCrQVcy31Fk0B6N6X4lq5LDFz3+1lSoO
Sy1RwgpA0nvDczm0MfJ7k4HDQxtcxr/n4HNG0YNuXccBPADRkvWwSgzzQI1A3ZEf
woXE2C/ODUVLMsWGKFFiny4zPW72UHuusGvbtnjvHTwKlwfGUCbFSETZWkz6tBq6
mhG33FYmfHjd3DsPuQGoGCS9wOu2vWBeZiCHycONAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6acpADXFXisSJKImUVCxSb8ts7owHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzllNGMwYzFlLWE0YjAtNDZmYy1iM2I3LTMyNDYyMjYwMmNjZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMNkigwDQYJKoZIhvcNAQELBQADggEBAC9agLEPvyfG3ZUYxlgb7Urm2V7T
ohC7mEoXTtJS0zuu2gRBeKPj/QGw1bcRBH437hWX+2RFX7NW1jwYfy+AP7zbhE+K
PNItFiApfrEXh51sW0hoGqxWpmaMvaW8IsBkA40lp1aEHWK9cGbAezzpfE31/Whi
46Uvkt8uCtqKuZZoNfS6DJRVRHN1wiKrnF8oRLbqsxPQGSKKZzsWhWeFVpdhPNXX
Kfer9n5d/zvjNhiT7+PjBjOI0N3869RgIbp+7OVVU+uhsVDWT/H6tW1Mx50SZ0T/
KaUyRBIESmP0mbixH6JPCVlfvmx7HTUYK8uER+Ij0VGCIH+BAb80YCJhybk=
-----END CERTIFICATE-----