Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fcd50c67-cb1f-44d8-a1a6-1b3382433420.roa
File:                     fcd50c67-cb1f-44d8-a1a6-1b3382433420.roa (raw, json)
Hash identifier:          dXxu7vK56zMZMsFUCoT7c/uhJ/dhU8zPakp3OQ/IKng=
Subject key identifier:   29:70:36:48:3D:5D:0A:B7:5E:52:C3:0C:0A:FE:67:38:F7:E2:00:CC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       79284DF2033E1882648B8EC146B4DE417413059C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fcd50c67-cb1f-44d8-a1a6-1b3382433420.roa
Signing time:             Wed 29 Oct 2025 00:31:00 +0000
ROA not before:           Wed 29 Oct 2025 00:31:00 +0000
ROA not after:            Wed 03 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        40.187.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:28:4d:f2:03:3e:18:82:64:8b:8e:c1:46:b4:de:41:74:13:05:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 29 00:31:00 2025 GMT
            Not After : Dec  3 23:59:59 2025 GMT
        Subject: serialNumber=773a1258f83c95857d58ea7d747c088dbe38aadf31b55071bbc7d72c3bf8cd45, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:d2:37:16:53:c5:2c:ad:3b:e0:00:63:ad:cd:
                    8a:10:32:84:85:1d:a3:58:ac:56:58:94:47:a5:a8:
                    70:c5:03:67:72:74:4a:7d:5d:e9:ac:78:62:03:00:
                    c8:7f:ac:5c:0f:8e:56:b2:3e:99:a8:a9:99:c0:99:
                    0d:ac:b1:34:45:0a:d6:c7:8b:c4:9a:1c:6d:6b:ab:
                    21:d8:cc:1d:43:c7:6a:51:67:22:cd:46:b1:ee:ad:
                    96:78:b9:4d:8a:f0:e0:71:8c:78:c7:8c:77:36:0f:
                    4f:96:41:e2:0c:3f:13:bd:99:20:32:ee:29:c4:23:
                    5b:e8:cf:d5:9f:9c:34:73:2d:5a:8d:59:76:a7:4d:
                    91:d0:96:c9:fc:c1:88:c4:63:c6:25:d4:f2:a4:46:
                    ad:60:6f:2a:77:91:21:ff:16:a9:57:54:dd:ce:cd:
                    61:bd:e6:41:15:a0:30:9d:5d:82:bc:d2:4b:b5:93:
                    f4:5b:93:06:bb:d3:cd:e4:fb:7e:e2:38:71:be:f7:
                    bc:13:f2:69:b8:45:5d:df:9c:b8:ff:1e:ec:a5:c8:
                    07:d7:37:da:b2:a6:ac:f0:bc:4f:c3:be:c8:03:08:
                    cc:e4:b8:1b:9a:8f:e3:b7:8c:ea:b4:36:0c:35:65:
                    6a:5e:5e:5c:c5:09:78:12:d6:71:53:ee:d7:85:42:
                    5b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:70:36:48:3D:5D:0A:B7:5E:52:C3:0C:0A:FE:67:38:F7:E2:00:CC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fcd50c67-cb1f-44d8-a1a6-1b3382433420.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.187.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         61:76:5d:8b:d2:fc:cc:47:21:c8:23:62:97:08:3b:f6:bc:9b:
         6a:39:55:fa:af:68:4e:20:8d:9a:91:45:79:cc:b1:74:b5:bd:
         aa:66:ec:9b:5f:05:3e:d9:98:86:36:49:8a:8d:26:01:45:31:
         2f:02:53:d9:67:fb:0d:69:23:b8:41:59:a2:2d:cb:8f:4b:75:
         82:f0:44:e5:b1:e3:52:af:05:a0:20:7a:61:ab:1d:5e:f1:b5:
         6b:04:57:d0:74:75:22:84:f8:83:cb:3d:a9:73:ed:00:92:c2:
         97:3b:fe:34:43:fb:ba:60:b6:8b:31:e5:2a:3a:f8:a6:83:c3:
         d4:f2:48:ce:be:c6:cb:2c:41:b8:ed:02:d4:82:cc:b3:b8:19:
         2e:59:9f:df:24:08:67:f0:06:42:75:98:66:d9:a2:9e:5b:1e:
         79:0d:53:bc:8d:62:2c:8a:d9:d8:dc:e0:d8:92:96:93:ab:a7:
         f8:9a:86:e7:b1:3d:44:a1:3a:2f:13:31:8d:7a:73:e0:b6:ea:
         1a:96:ef:ba:0f:69:eb:ff:0c:22:cb:11:00:0c:80:fa:dd:36:
         96:30:61:5a:af:23:ca:f0:c3:ec:99:d3:d3:8f:36:00:45:1d:
         f1:7f:2c:2a:b4:c3:89:be:7a:13:4b:7c:e9:0d:b1:b9:e7:67:
         13:57:0e:86
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUeShN8gM+GIJki47BRrTeQXQTBZwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI5MDAzMTAwWhcNMjUxMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NzNhMTI1OGY4M2M5NTg1N2Q1OGVhN2Q3NDdjMDg4ZGJl
MzhhYWRmMzFiNTUwNzFiYmM3ZDcyYzNiZjhjZDQ1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDj0jcWU8UsrTvgAGOtzYoQMoSFHaNYrFZYlEelqHDFA2dy
dEp9XemseGIDAMh/rFwPjlayPpmoqZnAmQ2ssTRFCtbHi8SaHG1rqyHYzB1Dx2pR
ZyLNRrHurZZ4uU2K8OBxjHjHjHc2D0+WQeIMPxO9mSAy7inEI1voz9WfnDRzLVqN
WXanTZHQlsn8wYjEY8Yl1PKkRq1gbyp3kSH/FqlXVN3OzWG95kEVoDCdXYK80ku1
k/Rbkwa7083k+37iOHG+97wT8mm4RV3fnLj/HuylyAfXN9qypqzwvE/DvsgDCMzk
uBuaj+O3jOq0Ngw1ZWpeXlzFCXgS1nFT7teFQlsRAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUKXA2SD1dCrdeUsMMCv5nOPfiAMwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZjZDUwYzY3LWNiMWYtNDRkOC1hMWE2LTFiMzM4MjQzMzQyMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAouzANBgkqhkiG9w0BAQsFAAOCAQEAYXZdi9L8zEchyCNilwg79rybajlV
+q9oTiCNmpFFecyxdLW9qmbsm18FPtmYhjZJio0mAUUxLwJT2Wf7DWkjuEFZoi3L
j0t1gvBE5bHjUq8FoCB6YasdXvG1awRX0HR1IoT4g8s9qXPtAJLClzv+NEP7umC2
izHlKjr4poPD1PJIzr7GyyxBuO0C1ILMs7gZLlmf3yQIZ/AGQnWYZtminlseeQ1T
vI1iLIrZ2Nzg2JKWk6un+JqG57E9RKE6LxMxjXpz4LbqGpbvug9p6/8MIssRAAyA
+t02ljBhWq8jyvDD7JnT0482AEUd8X8sKrTDib56E0t86Q2xuednE1cOhg==
-----END CERTIFICATE-----