Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a2655b25-fc0c-4c70-8348-1ffb9d933128.roa
File:                     a2655b25-fc0c-4c70-8348-1ffb9d933128.roa (raw, json)
Hash identifier:          //WNjoH062BlwGQbRYJXWF5RQqjQgouLW4G1ft3diiw=
Subject key identifier:   AA:9B:3B:55:FC:4E:59:7E:BF:EE:7E:DD:2B:E9:62:58:D7:AE:60:49
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7A62894A40E21CADA9D2E51A8E3B66C8A815F058
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a2655b25-fc0c-4c70-8348-1ffb9d933128.roa
Signing time:             Wed 12 Nov 2025 02:20:09 +0000
ROA not before:           Wed 12 Nov 2025 02:20:09 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.235.128.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:62:89:4a:40:e2:1c:ad:a9:d2:e5:1a:8e:3b:66:c8:a8:15:f0:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 02:20:09 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=7d2a3d4ffcdc634d61051e680655611cbcbab1932ca1a5bac8e8c64a5c496446, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:0b:ea:a5:26:68:06:d3:9e:ff:60:32:ed:1f:
                    aa:e8:b6:36:73:57:6f:fc:71:28:dc:91:3b:42:ce:
                    88:39:8e:05:ef:a2:c7:70:11:8f:9f:93:ad:75:0b:
                    8d:3e:90:11:d7:75:d9:f9:4f:13:5b:9e:2d:ad:2d:
                    19:a1:9b:47:b8:7a:2e:c7:ca:bc:c6:40:be:f9:85:
                    88:de:4b:19:e6:5d:d4:c8:78:ce:74:23:ec:d3:da:
                    5b:cb:d2:d7:16:99:f3:2a:c1:3e:ae:3c:f3:2d:98:
                    0a:c3:74:70:54:2b:81:b3:9e:d2:7c:07:e3:67:b0:
                    24:3e:cf:a6:87:84:17:f6:e8:c7:53:64:d8:62:c9:
                    36:fe:69:ad:b4:c2:f0:4a:e4:07:d1:52:8f:b3:17:
                    5e:9f:7f:56:5d:c5:16:08:eb:74:6a:9b:07:b7:79:
                    50:19:c0:e2:e5:8a:c8:3c:29:cb:5d:f7:d6:2e:b0:
                    4c:f0:ad:d9:c7:c1:e4:59:5c:d9:a6:8f:e4:30:01:
                    54:5a:6d:3c:62:60:07:9a:98:06:d7:a5:23:e0:99:
                    af:36:94:4d:fb:82:d4:87:11:01:dc:d6:70:0e:f1:
                    90:a9:a3:9c:de:66:90:75:35:5b:39:01:97:a9:78:
                    8b:4e:e9:51:12:d9:a8:d6:1f:c8:22:b8:1b:22:73:
                    59:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:9B:3B:55:FC:4E:59:7E:BF:EE:7E:DD:2B:E9:62:58:D7:AE:60:49
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a2655b25-fc0c-4c70-8348-1ffb9d933128.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.235.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         69:8e:20:12:ed:8d:37:b0:9e:f2:02:e3:60:e4:05:e5:b5:31:
         75:f8:e9:29:52:07:40:1d:23:05:d2:1f:2b:34:f4:9f:12:39:
         00:83:17:06:af:12:5c:14:4d:55:a7:e6:b2:f9:84:6f:15:23:
         71:e4:73:a8:d9:8e:e7:4a:6f:a9:c7:37:5c:53:da:92:b5:b6:
         95:7c:2a:37:5d:be:52:81:8b:c1:de:7d:7a:dc:29:e9:2f:7e:
         4f:21:51:43:2b:49:bc:74:09:4a:d3:16:c7:b6:22:95:74:61:
         08:1a:c3:61:b1:80:d1:ef:30:4e:02:fd:8f:69:73:ff:f9:a3:
         9e:e6:35:fd:6d:62:47:f3:5b:68:4f:f3:81:14:ed:3c:ab:25:
         0e:21:13:50:2f:db:90:ac:e8:33:85:d0:1b:4b:57:59:f7:a4:
         72:2d:b3:ae:15:77:91:35:f2:94:b8:f8:c1:7e:82:26:bb:25:
         08:36:1a:74:5a:3f:41:ef:72:5a:7a:17:22:26:32:32:dd:a1:
         29:37:8f:0b:b6:e7:a1:df:ba:73:f7:98:24:6a:4a:c9:5f:18:
         84:50:51:71:17:6c:04:e0:9d:4a:07:3e:68:44:9c:bf:8e:c8:
         8d:67:f7:cf:c5:40:0f:e1:11:55:e7:23:35:a8:74:d5:55:b8:
         a5:c1:35:87
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUemKJSkDiHK2p0uUajjtmyKgV8FgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDIyMDA5WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZDJhM2Q0ZmZjZGM2MzRkNjEwNTFlNjgwNjU1NjExY2Jj
YmFiMTkzMmNhMWE1YmFjOGU4YzY0YTVjNDk2NDQ2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfC+qlJmgG057/YDLtH6rotjZzV2/8cSjckTtCzog5jgXv
osdwEY+fk611C40+kBHXddn5TxNbni2tLRmhm0e4ei7HyrzGQL75hYjeSxnmXdTI
eM50I+zT2lvL0tcWmfMqwT6uPPMtmArDdHBUK4GzntJ8B+NnsCQ+z6aHhBf26MdT
ZNhiyTb+aa20wvBK5AfRUo+zF16ff1ZdxRYI63Rqmwe3eVAZwOLlisg8Kctd99Yu
sEzwrdnHweRZXNmmj+QwAVRabTxiYAeamAbXpSPgma82lE37gtSHEQHc1nAO8ZCp
o5zeZpB1NVs5AZepeItO6VES2ajWH8giuBsic1kNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqps7VfxOWX6/7n7dK+liWNeuYEkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EyNjU1YjI1LWZjMGMtNGM3MC04MzQ4LTFmZmI5ZDkzMzEyOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYo64AwDQYJKoZIhvcNAQELBQADggEBAGmOIBLtjTewnvIC42DkBeW1MXX4
6SlSB0AdIwXSHys09J8SOQCDFwavElwUTVWn5rL5hG8VI3Hkc6jZjudKb6nHN1xT
2pK1tpV8KjddvlKBi8HefXrcKekvfk8hUUMrSbx0CUrTFse2IpV0YQgaw2GxgNHv
ME4C/Y9pc//5o57mNf1tYkfzW2hP84EU7TyrJQ4hE1Av25Cs6DOF0BtLV1n3pHIt
s64Vd5E18pS4+MF+gia7JQg2GnRaP0Hvclp6FyImMjLdoSk3jwu256HfunP3mCRq
SslfGIRQUXEXbATgnUoHPmhEnL+OyI1n98/FQA/hEVXnIzWodNVVuKXBNYc=
-----END CERTIFICATE-----