Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f1a1447c-63be-441c-867b-64a338ff41ca.roa
File:                     f1a1447c-63be-441c-867b-64a338ff41ca.roa (raw, json)
Hash identifier:          NTFxKRy2HtSV5QBpbI5Mx1wE/OB1TdBKRJ7yUJcnVO0=
Subject key identifier:   DF:F1:2B:C4:E9:59:CB:C6:4F:73:49:96:F7:09:09:B6:5E:34:60:27
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       49036A9F8254D363D96F6580CA7422DBCF164784
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f1a1447c-63be-441c-867b-64a338ff41ca.roa
Signing time:             Tue 28 Oct 2025 00:50:08 +0000
ROA not before:           Tue 28 Oct 2025 00:50:08 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.201.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:03:6a:9f:82:54:d3:63:d9:6f:65:80:ca:74:22:db:cf:16:47:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:50:08 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=db237992699ce1273145f95bfc14917946300d9d9107a3f4ddfb2e6e6eb6f21d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a9:8d:24:e7:4e:93:ba:1c:89:ed:db:29:80:
                    0b:e6:8a:67:0a:6d:19:5b:4d:2d:0a:e2:d2:92:b0:
                    63:37:89:47:0e:63:ba:4e:58:31:56:2a:54:4a:1f:
                    b4:35:40:09:34:e0:7c:50:0e:95:ad:7b:fb:88:50:
                    5a:17:88:90:1a:78:c4:8d:e6:55:74:a1:9e:89:ca:
                    35:e8:1c:85:72:98:64:46:ab:d8:d5:51:93:13:b6:
                    48:88:0a:3e:fb:c1:f2:c9:1f:1f:81:36:dc:b6:40:
                    cd:88:97:bb:f4:f6:58:58:f5:e5:bf:fc:4d:bc:95:
                    3f:83:4e:1b:43:39:94:bb:8d:e0:d2:b0:d1:7a:4f:
                    97:d6:52:1d:0a:70:7e:a7:05:2a:17:ba:db:c9:cb:
                    21:35:47:a8:a6:f4:c6:13:4a:a6:4c:15:0a:dc:9d:
                    30:51:9c:e4:c5:61:04:5a:ad:7b:be:80:b0:5c:db:
                    3c:2e:94:f9:02:11:4a:3e:78:4b:25:4c:6d:4e:b8:
                    1b:c1:e9:ab:30:33:a4:19:4c:de:8d:b5:a9:0f:08:
                    dc:4f:97:9f:36:a2:02:cb:08:01:52:f9:77:93:65:
                    44:aa:fd:97:5f:da:4c:96:f1:29:17:cb:b9:b3:cf:
                    37:00:fd:e1:6e:6c:ee:b8:f6:0f:5f:6f:77:19:a4:
                    de:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:F1:2B:C4:E9:59:CB:C6:4F:73:49:96:F7:09:09:B6:5E:34:60:27
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f1a1447c-63be-441c-867b-64a338ff41ca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.201.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         85:d2:04:a0:1a:33:c4:96:a4:9d:eb:7b:34:02:0e:01:5d:75:
         df:b9:49:76:1b:6e:b2:b9:b1:a5:7f:cf:9a:32:fe:37:19:cf:
         22:1d:41:ae:bb:25:76:16:14:ea:6d:4d:fb:90:37:0d:9c:9c:
         d4:da:2f:3d:85:b8:d2:83:eb:33:df:ae:25:be:7c:15:fc:d4:
         2f:76:b1:2b:24:af:0e:0a:41:36:f4:e3:5b:8b:fb:ad:56:3b:
         13:d8:fa:f6:0f:4c:e4:95:58:3a:0c:89:34:78:1c:5a:6b:65:
         21:57:0c:71:7e:7a:ee:02:e5:9f:cf:21:e3:bf:a5:cb:1c:34:
         57:0c:7b:7d:ca:fa:ee:77:a5:17:e2:cc:98:88:88:b4:98:43:
         a9:1b:1e:3e:ce:cd:8a:a4:6a:ba:cd:50:64:8f:9f:37:d7:b7:
         e1:85:cb:33:cc:f0:54:9f:81:60:d5:ab:4a:24:a6:af:00:ca:
         b4:a2:a9:26:62:78:30:36:09:42:5d:3e:58:11:63:9b:89:3d:
         db:04:b9:e1:0b:4b:99:3e:94:46:22:54:10:e6:b3:c0:a8:99:
         b7:30:25:e9:8d:f5:f0:1b:58:cf:71:91:ea:2c:01:81:2d:b0:
         75:7e:b4:f3:fe:62:77:ad:eb:8b:b8:85:22:33:18:36:68:62:
         0f:16:71:4e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUSQNqn4JU02PZb2WAynQi288WR4QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDA1MDA4WhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BkYjIzNzk5MjY5OWNlMTI3MzE0NWY5NWJmYzE0OTE3OTQ2
MzAwZDlkOTEwN2EzZjRkZGZiMmU2ZTZlYjZmMjFkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCPqY0k506TuhyJ7dspgAvmimcKbRlbTS0K4tKSsGM3iUcO
Y7pOWDFWKlRKH7Q1QAk04HxQDpWte/uIUFoXiJAaeMSN5lV0oZ6JyjXoHIVymGRG
q9jVUZMTtkiICj77wfLJHx+BNty2QM2Il7v09lhY9eW//E28lT+DThtDOZS7jeDS
sNF6T5fWUh0KcH6nBSoXutvJyyE1R6im9MYTSqZMFQrcnTBRnOTFYQRarXu+gLBc
2zwulPkCEUo+eEslTG1OuBvB6aswM6QZTN6NtakPCNxPl582ogLLCAFS+XeTZUSq
/Zdf2kyW8SkXy7mzzzcA/eFubO649g9fb3cZpN71AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU3/ErxOlZy8ZPc0mW9wkJtl40YCcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YxYTE0NDdjLTYzYmUtNDQxYy04NjdiLTY0YTMzOGZmNDFjYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAoyTANBgkqhkiG9w0BAQsFAAOCAQEAhdIEoBozxJaknet7NAIOAV1137lJ
dhtusrmxpX/PmjL+NxnPIh1BrrsldhYU6m1N+5A3DZyc1NovPYW40oPrM9+uJb58
FfzUL3axKySvDgpBNvTjW4v7rVY7E9j69g9M5JVYOgyJNHgcWmtlIVcMcX567gLl
n88h47+lyxw0Vwx7fcr67nelF+LMmIiItJhDqRsePs7NiqRqus1QZI+fN9e34YXL
M8zwVJ+BYNWrSiSmrwDKtKKpJmJ4MDYJQl0+WBFjm4k92wS54QtLmT6URiJUEOaz
wKiZtzAl6Y318BtYz3GR6iwBgS2wdX608/5id63ri7iFIjMYNmhiDxZxTg==
-----END CERTIFICATE-----