Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a908559-3835-4924-b5fe-d49c9ed9c2f0.roa
File:                     6a908559-3835-4924-b5fe-d49c9ed9c2f0.roa (raw, json)
Hash identifier:          jFWz4TPNvUP8S+6YFL7bA8HhteJ2q6S2g2g9I5fpcSw=
Subject key identifier:   6C:8D:26:1B:F2:C7:25:A8:08:F4:5A:0D:4E:02:01:54:E8:B6:32:FD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0D9146289F9E731C578EF12F2B47F7C46391AF61
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a908559-3835-4924-b5fe-d49c9ed9c2f0.roa
Signing time:             Wed 12 Nov 2025 00:21:45 +0000
ROA not before:           Wed 12 Nov 2025 00:21:45 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.178.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:91:46:28:9f:9e:73:1c:57:8e:f1:2f:2b:47:f7:c4:63:91:af:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 00:21:45 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=ec355a9f950f8d258bf7100173b7ba2cb2c04d07141fe8fa12c9d8f6e97fb7a3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e1:04:9c:fc:01:eb:75:77:c4:75:fa:2e:eb:
                    7c:a2:2c:a4:88:5c:0c:ee:f7:5b:4e:e1:ae:fe:5f:
                    1d:66:5e:7a:b1:dc:56:c4:40:f0:7b:df:7b:db:01:
                    bb:f5:8c:dc:19:be:0b:d5:17:1c:eb:57:b1:6a:be:
                    bf:48:83:80:f8:b0:57:9a:7a:4d:fe:e9:4b:0f:df:
                    ec:44:50:7d:fa:89:e8:00:be:91:6f:97:d9:95:76:
                    11:dc:d5:0d:56:fe:17:a8:21:ce:52:3b:f3:39:0a:
                    82:54:fc:54:16:7d:d3:c0:ad:48:fd:09:ed:4f:16:
                    c9:7b:0c:35:78:9e:5d:88:ec:d7:af:4e:99:82:37:
                    c6:a4:c2:bd:61:87:b9:20:2a:de:bd:c3:18:1b:30:
                    89:57:1b:e7:c9:0c:1d:ea:3c:ca:36:1d:62:3a:ba:
                    0f:e8:82:d5:ff:a8:28:66:f1:ba:05:23:5c:8a:55:
                    2f:f4:e6:ef:ae:92:c8:26:c5:44:52:71:40:4c:16:
                    36:cc:39:51:43:9b:d9:b4:f5:b1:4a:34:23:44:31:
                    97:f5:dd:4e:21:94:23:44:1d:88:31:87:a0:25:78:
                    68:ea:3d:72:39:7f:1b:45:10:c6:c0:a9:fc:83:5c:
                    59:fa:5d:c7:dc:65:4c:8f:98:e4:ae:f8:cb:8d:08:
                    62:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:8D:26:1B:F2:C7:25:A8:08:F4:5A:0D:4E:02:01:54:E8:B6:32:FD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a908559-3835-4924-b5fe-d49c9ed9c2f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.178.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         01:b6:06:ae:9a:d6:74:ec:73:20:9e:6b:14:75:79:94:4f:83:
         a4:86:53:59:ca:6a:b5:a2:94:31:be:68:31:3b:58:99:83:17:
         89:a0:20:09:63:5f:6f:bd:7a:b6:06:d8:c2:ce:92:b7:e8:ff:
         34:22:cf:94:5f:d3:79:5c:b1:0b:4e:c0:4b:55:3c:eb:15:67:
         f4:a2:d1:26:f2:3d:80:95:e4:09:85:e4:e9:a2:44:f1:c0:74:
         c0:dc:a3:c0:da:bd:8c:f9:2a:95:e2:ff:b8:25:02:7d:c8:f9:
         21:8a:66:43:45:c1:be:dc:f4:bc:af:9e:a7:6c:3e:6d:db:4f:
         5f:06:11:42:95:d5:60:3d:2f:82:0e:3e:12:2e:3e:e8:4a:c5:
         09:d7:23:d5:08:00:6e:fc:ef:d6:c4:f4:da:2e:9c:03:d4:75:
         32:b6:46:cd:85:f6:d6:4f:28:26:bb:ea:c3:78:a0:fd:09:08:
         6d:bc:3b:1c:d0:75:f7:71:c9:94:2b:10:05:ba:92:0c:24:36:
         90:76:0d:8e:5d:cd:2b:ee:8c:09:e2:2d:bc:ff:ab:e0:3e:39:
         35:7f:06:e9:3f:e1:91:0f:a3:03:66:5c:40:0d:46:89:0e:26:
         2e:85:85:7c:33:3a:b1:76:ed:4a:66:0b:72:2e:06:fa:2a:fe:
         7f:10:ba:0f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUDZFGKJ+ecxxXjvEvK0f3xGORr2EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDAyMTQ1WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYzM1NWE5Zjk1MGY4ZDI1OGJmNzEwMDE3M2I3YmEyY2Iy
YzA0ZDA3MTQxZmU4ZmExMmM5ZDhmNmU5N2ZiN2EzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/4QSc/AHrdXfEdfou63yiLKSIXAzu91tO4a7+Xx1mXnqx
3FbEQPB733vbAbv1jNwZvgvVFxzrV7Fqvr9Ig4D4sFeaek3+6UsP3+xEUH36iegA
vpFvl9mVdhHc1Q1W/heoIc5SO/M5CoJU/FQWfdPArUj9Ce1PFsl7DDV4nl2I7Nev
TpmCN8akwr1hh7kgKt69wxgbMIlXG+fJDB3qPMo2HWI6ug/ogtX/qChm8boFI1yK
VS/05u+uksgmxURScUBMFjbMOVFDm9m09bFKNCNEMZf13U4hlCNEHYgxh6AleGjq
PXI5fxtFEMbAqfyDXFn6XcfcZUyPmOSu+MuNCGLJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUbI0mG/LHJagI9FoNTgIBVOi2Mv0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZhOTA4NTU5LTM4MzUtNDkyNC1iNWZlLWQ0OWM5ZWQ5YzJmMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEosjANBgkqhkiG9w0BAQsFAAOCAQEAAbYGrprWdOxzIJ5rFHV5lE+DpIZT
WcpqtaKUMb5oMTtYmYMXiaAgCWNfb716tgbYws6St+j/NCLPlF/TeVyxC07AS1U8
6xVn9KLRJvI9gJXkCYXk6aJE8cB0wNyjwNq9jPkqleL/uCUCfcj5IYpmQ0XBvtz0
vK+ep2w+bdtPXwYRQpXVYD0vgg4+Ei4+6ErFCdcj1QgAbvzv1sT02i6cA9R1MrZG
zYX21k8oJrvqw3ig/QkIbbw7HNB193HJlCsQBbqSDCQ2kHYNjl3NK+6MCeItvP+r
4D45NX8G6T/hkQ+jA2ZcQA1GiQ4mLoWFfDM6sXbtSmYLci4G+ir+fxC6Dw==
-----END CERTIFICATE-----