Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1b654936-9b93-400d-977e-c56018dd57d6.roa
File:                     1b654936-9b93-400d-977e-c56018dd57d6.roa (raw, json)
Hash identifier:          vyYgUVZpRRRX6vuIFhMUjydfaZb28KZtaU+KK7Mw5oU=
Subject key identifier:   3E:66:DD:5E:B1:C1:63:83:B0:AD:FC:C7:EB:06:34:19:E3:F5:52:C3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       668EEFA27D20324AB2D65F086C9C55177A64E96E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1b654936-9b93-400d-977e-c56018dd57d6.roa
Signing time:             Wed 12 Nov 2025 02:40:10 +0000
ROA not before:           Wed 12 Nov 2025 02:40:10 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.176.83.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:8e:ef:a2:7d:20:32:4a:b2:d6:5f:08:6c:9c:55:17:7a:64:e9:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 02:40:10 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=f1d60abd10cf0c1c4b9d7cf198b1df988b94ff2a7f7f4337d4d3614a5a6ce24a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:fa:db:af:d1:85:ed:53:87:ae:62:33:89:1e:
                    88:b8:7a:9f:e5:21:ef:68:86:06:86:a5:a2:b8:90:
                    e9:2f:b5:8f:4d:47:ef:f6:7b:b5:5c:00:28:1f:33:
                    20:d3:ae:a4:07:c0:03:91:d1:53:62:47:d5:7a:02:
                    1e:6b:5d:f2:c0:32:a6:89:2d:0b:24:ff:80:48:31:
                    f4:74:fa:6d:25:96:24:eb:e8:81:16:95:09:86:59:
                    de:09:f7:5f:fa:58:f6:7f:85:c0:bf:38:14:77:58:
                    44:84:31:e3:f0:7e:7d:2f:fe:fe:8c:a5:75:09:3f:
                    9f:c0:5b:53:4a:8e:24:7a:31:dd:8d:19:93:f3:81:
                    30:25:42:38:86:9a:af:fa:96:8a:97:af:2b:4d:f4:
                    5f:40:45:da:c5:22:ea:5d:82:4d:fc:f7:ca:9f:3e:
                    17:ec:2f:89:eb:a9:b5:4c:6b:b9:d0:18:48:25:4d:
                    17:3e:bc:13:a6:4b:3c:fd:16:cb:95:49:37:c4:55:
                    14:67:bc:d7:82:f1:69:af:f5:e8:cd:f7:ee:cf:42:
                    18:59:2c:e3:35:4b:f7:22:66:3a:ab:cf:3c:3b:e3:
                    c0:64:64:43:2d:ef:bd:9a:1b:73:f8:d4:4f:f0:03:
                    c3:f5:03:85:a4:56:7b:f6:9b:55:cc:c7:3d:f7:d6:
                    61:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:66:DD:5E:B1:C1:63:83:B0:AD:FC:C7:EB:06:34:19:E3:F5:52:C3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1b654936-9b93-400d-977e-c56018dd57d6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.176.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:59:36:3b:6d:17:7a:cf:6c:23:2e:2d:6d:60:1d:9d:2d:7c:
         2d:e0:f1:af:40:9b:81:3e:11:44:9a:da:4a:d7:73:7a:8e:8d:
         f5:9a:33:c3:2b:57:6d:da:7f:64:b9:e1:c4:75:34:07:90:dc:
         ea:fa:85:eb:2a:06:95:5e:e0:26:2b:6b:91:79:a6:75:28:05:
         62:34:5a:d4:b6:f6:6e:16:52:a8:11:cc:08:4f:d0:ea:7c:14:
         b0:92:cb:ed:26:f5:50:55:22:72:9d:dc:2b:a0:21:02:cb:15:
         70:fa:ae:15:0d:6d:50:11:0c:80:76:b3:b7:68:fc:f6:c1:bb:
         e4:e6:3c:6f:94:24:ab:72:ce:cb:2a:11:16:b3:6f:a2:e9:fd:
         02:54:33:e4:f4:f8:71:44:0f:5c:9e:22:dd:20:e6:ba:6b:bf:
         ce:f2:3e:03:40:b3:1e:fd:e6:13:a5:2d:90:d4:f0:f3:8b:94:
         5e:2d:e0:51:eb:61:01:16:01:bd:fc:5f:bd:db:66:82:1c:a0:
         25:c0:a5:34:ac:51:3e:93:af:27:68:9f:c2:a8:64:7b:b9:2f:
         c6:38:55:52:60:e9:c1:4c:5d:5f:97:ab:23:ff:c0:81:2c:58:
         68:11:ad:0e:9f:4b:49:9a:d9:95:e9:9c:0d:a7:e1:01:fd:9e:
         8b:d2:97:92
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZo7von0gMkqy1l8IbJxVF3pk6W4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDI0MDEwWhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMWQ2MGFiZDEwY2YwYzFjNGI5ZDdjZjE5OGIxZGY5ODhi
OTRmZjJhN2Y3ZjQzMzdkNGQzNjE0YTVhNmNlMjRhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCs+tuv0YXtU4euYjOJHoi4ep/lIe9ohgaGpaK4kOkvtY9N
R+/2e7VcACgfMyDTrqQHwAOR0VNiR9V6Ah5rXfLAMqaJLQsk/4BIMfR0+m0lliTr
6IEWlQmGWd4J91/6WPZ/hcC/OBR3WESEMePwfn0v/v6MpXUJP5/AW1NKjiR6Md2N
GZPzgTAlQjiGmq/6loqXrytN9F9ARdrFIupdgk3898qfPhfsL4nrqbVMa7nQGEgl
TRc+vBOmSzz9FsuVSTfEVRRnvNeC8Wmv9ejN9+7PQhhZLOM1S/ciZjqrzzw748Bk
ZEMt772aG3P41E/wA8P1A4WkVnv2m1XMxz331mEbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPmbdXrHBY4OwrfzH6wY0GeP1UsMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFiNjU0OTM2LTliOTMtNDAwZC05NzdlLWM1NjAxOGRkNTdkNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAosFMwDQYJKoZIhvcNAQELBQADggEBAIxZNjttF3rPbCMuLW1gHZ0tfC3g
8a9Am4E+EUSa2krXc3qOjfWaM8MrV23af2S54cR1NAeQ3Or6hesqBpVe4CYra5F5
pnUoBWI0WtS29m4WUqgRzAhP0Op8FLCSy+0m9VBVInKd3CugIQLLFXD6rhUNbVAR
DIB2s7do/PbBu+TmPG+UJKtyzssqERazb6Lp/QJUM+T0+HFED1yeIt0g5rprv87y
PgNAsx795hOlLZDU8POLlF4t4FHrYQEWAb38X73bZoIcoCXApTSsUT6Trydon8Ko
ZHu5L8Y4VVJg6cFMXV+XqyP/wIEsWGgRrQ6fS0ma2ZXpnA2n4QH9novSl5I=
-----END CERTIFICATE-----