Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e4ba4487-895e-4189-99e6-4440d5b19295.roa
File:                     e4ba4487-895e-4189-99e6-4440d5b19295.roa (raw, json)
Hash identifier:          +GnrVdt4Q1qIpQyt3RO5pk9wyfsmB0/8Pt6dVqpD2MM=
Subject key identifier:   C8:46:C0:38:20:5E:BA:76:32:C2:66:D8:C3:5B:9C:7D:AD:3A:2F:6C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5799BE497484C3516909E2C306AD98EED1AD7F53
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e4ba4487-895e-4189-99e6-4440d5b19295.roa
Signing time:             Fri 31 Oct 2025 01:00:42 +0000
ROA not before:           Fri 31 Oct 2025 01:00:42 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.143.64.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:99:be:49:74:84:c3:51:69:09:e2:c3:06:ad:98:ee:d1:ad:7f:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 01:00:42 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=cd2170f0dd0ead402663971f5b71e3a7f0f84ce23ef67185bcd7d9d59de1660c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:14:f8:fc:be:d6:c3:91:5e:47:d5:97:30:0c:
                    1f:58:e6:0f:90:52:7b:2b:6b:f2:fa:b6:c8:f2:90:
                    bd:7b:e1:39:ff:d6:b1:27:13:83:c2:7d:2b:66:65:
                    11:97:b0:e2:25:c0:12:ed:14:36:51:45:20:0f:3c:
                    a1:b5:fd:50:60:3b:c1:58:d8:bb:90:87:23:91:2a:
                    b9:29:e7:28:b7:de:22:0a:4b:b4:9a:7a:6e:71:0c:
                    e0:23:b8:44:57:91:01:c1:a4:e3:20:a4:74:73:58:
                    82:29:f7:6d:56:eb:20:29:2b:be:78:db:95:72:01:
                    42:f7:44:3b:c5:f7:e4:07:8e:d3:93:36:71:3b:60:
                    46:35:91:fd:0a:98:b5:28:0d:9e:cf:cd:0b:07:74:
                    83:34:c1:ce:d4:11:64:e3:6f:b3:fc:35:fb:17:75:
                    bd:af:8b:3d:ac:a6:59:88:1d:93:fd:7b:51:26:f0:
                    85:f4:46:32:0f:45:ab:66:29:24:ca:46:68:11:f0:
                    35:3a:70:f7:f3:2b:1f:13:78:1b:f4:57:4d:30:44:
                    11:26:14:e6:ee:95:48:2a:3a:79:9d:32:1e:a6:e7:
                    28:fc:30:04:ce:4c:d6:b7:7e:31:a9:58:e3:8b:d2:
                    19:2b:10:66:b3:d0:bd:fd:8b:1b:51:5f:09:a7:ad:
                    0c:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:46:C0:38:20:5E:BA:76:32:C2:66:D8:C3:5B:9C:7D:AD:3A:2F:6C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e4ba4487-895e-4189-99e6-4440d5b19295.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.143.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         c9:dd:63:9a:58:c6:f8:22:ba:6b:68:1a:d9:ad:a6:75:aa:db:
         37:76:40:06:33:a3:f1:13:30:2a:88:64:95:5d:3d:19:31:e5:
         50:e9:ba:08:47:4d:9f:d8:a0:16:f7:ad:9e:b3:84:9a:38:f8:
         c0:5f:08:fb:8e:24:ef:5f:c9:d4:71:8c:b2:8d:39:f5:4d:9f:
         f3:5d:9e:72:a7:e8:37:8e:5e:e2:07:e9:1e:ba:c8:3e:ec:ea:
         b3:dc:5a:4a:f0:74:36:52:fb:f4:1f:e2:21:62:35:88:e8:65:
         9a:79:be:58:c8:14:5b:8b:aa:de:76:56:fb:20:2b:9c:b3:36:
         93:15:f3:b4:35:bd:0e:5f:5e:9e:a1:d7:ad:f8:da:43:b9:67:
         81:a2:82:09:16:9e:c2:6a:15:be:d4:aa:06:74:87:34:e1:52:
         ff:f8:73:79:59:c4:ea:86:cc:8c:29:37:1a:48:cf:36:61:16:
         cd:99:56:91:a8:e8:79:6e:fa:48:8e:6e:ce:12:98:97:06:f1:
         4d:a1:07:95:be:2f:e1:b0:38:53:b5:e7:0a:c2:90:06:52:4f:
         5b:a1:20:29:24:52:15:71:eb:ce:b0:9b:db:04:e9:db:c5:a4:
         ee:04:02:5c:49:32:11:b6:8e:1e:85:9d:e8:b6:ee:0d:ac:40:
         d9:54:e1:5a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUV5m+SXSEw1FpCeLDBq2Y7tGtf1MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMDEwMDQyWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BjZDIxNzBmMGRkMGVhZDQwMjY2Mzk3MWY1YjcxZTNhN2Yw
Zjg0Y2UyM2VmNjcxODViY2Q3ZDlkNTlkZTE2NjBjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGFPj8vtbDkV5H1ZcwDB9Y5g+QUnsra/L6tsjykL174Tn/
1rEnE4PCfStmZRGXsOIlwBLtFDZRRSAPPKG1/VBgO8FY2LuQhyORKrkp5yi33iIK
S7Saem5xDOAjuERXkQHBpOMgpHRzWIIp921W6yApK75425VyAUL3RDvF9+QHjtOT
NnE7YEY1kf0KmLUoDZ7PzQsHdIM0wc7UEWTjb7P8NfsXdb2viz2splmIHZP9e1Em
8IX0RjIPRatmKSTKRmgR8DU6cPfzKx8TeBv0V00wRBEmFObulUgqOnmdMh6m5yj8
MATOTNa3fjGpWOOL0hkrEGaz0L39ixtRXwmnrQyhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUyEbAOCBeunYywmbYw1ucfa06L2wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U0YmE0NDg3LTg5NWUtNDE4OS05OWU2LTQ0NDBkNWIxOTI5NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMoj0AwDQYJKoZIhvcNAQELBQADggEBAMndY5pYxvgiumtoGtmtpnWq2zd2
QAYzo/ETMCqIZJVdPRkx5VDpughHTZ/YoBb3rZ6zhJo4+MBfCPuOJO9fydRxjLKN
OfVNn/NdnnKn6DeOXuIH6R66yD7s6rPcWkrwdDZS+/Qf4iFiNYjoZZp5vljIFFuL
qt52VvsgK5yzNpMV87Q1vQ5fXp6h16342kO5Z4GiggkWnsJqFb7UqgZ0hzThUv/4
c3lZxOqGzIwpNxpIzzZhFs2ZVpGo6Hlu+kiObs4SmJcG8U2hB5W+L+GwOFO15wrC
kAZST1uhICkkUhVx686wm9sE6dvFpO4EAlxJMhG2jh6Fnei27g2sQNlU4Vo=
-----END CERTIFICATE-----