Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a4c031f9-6d40-4ba7-bd96-b1eb485d6adb.roa
File:                     a4c031f9-6d40-4ba7-bd96-b1eb485d6adb.roa (raw, json)
Hash identifier:          NzrxR0o9TuRg1LjaSQUHuguTImzyS0wFpzrCKQMA3V0=
Subject key identifier:   46:3F:01:9E:2C:4B:3D:17:E9:0D:39:C9:66:D9:15:F2:C1:8D:AF:36
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7932CA10B147DFD55B5258C0A8C672F05107CC13
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a4c031f9-6d40-4ba7-bd96-b1eb485d6adb.roa
Signing time:             Sat 15 Nov 2025 00:30:58 +0000
ROA not before:           Sat 15 Nov 2025 00:30:58 +0000
ROA not after:            Sat 20 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.43.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:32:ca:10:b1:47:df:d5:5b:52:58:c0:a8:c6:72:f0:51:07:cc:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 15 00:30:58 2025 GMT
            Not After : Dec 20 23:59:59 2025 GMT
        Subject: serialNumber=4cd29c59cf6007c42d1f1e0ecc289c5c24084f2b1f080d58721594e749cbeaf2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d5:38:12:b9:dc:3f:d8:8a:2d:ba:29:93:3e:
                    00:96:c2:b4:c5:9c:d5:19:dc:6d:37:b1:36:e4:73:
                    f1:ab:a5:b6:57:96:bf:f9:9f:40:df:63:ad:03:59:
                    ba:c5:d5:22:d4:99:cc:ff:33:7d:5f:a9:17:5e:e2:
                    bc:45:5f:08:24:dd:de:2f:1c:ac:9a:32:fd:d2:41:
                    4e:5f:f5:b5:9a:52:3b:b4:5a:1e:c9:d9:ca:50:cc:
                    d3:e9:13:47:a5:4e:af:ef:74:d8:fe:b7:af:18:0a:
                    c5:ac:d5:53:48:4a:cd:dc:1f:4a:38:7a:3c:79:1a:
                    30:e9:e8:2b:0c:92:77:94:7e:38:5a:c4:f9:b3:66:
                    1e:b3:5b:47:e0:7e:ee:ed:de:17:9e:4b:75:ee:d8:
                    3b:14:57:50:d9:81:2c:d2:c5:e8:ad:7d:70:95:62:
                    f8:f0:9f:03:71:c1:84:21:3c:95:3c:a3:89:61:03:
                    58:14:7d:0d:e5:45:92:75:2c:3f:e5:70:27:86:34:
                    85:c4:3c:5b:b8:b0:3a:1a:1b:e1:52:31:88:cf:07:
                    4c:fe:f0:8d:86:02:67:28:8a:7d:05:1f:45:78:d8:
                    c1:85:f3:34:2b:b5:fa:2a:7e:35:1f:c4:3f:05:c5:
                    99:30:9d:d2:45:6b:22:2a:ca:4b:60:70:07:d8:9f:
                    ba:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:3F:01:9E:2C:4B:3D:17:E9:0D:39:C9:66:D9:15:F2:C1:8D:AF:36
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a4c031f9-6d40-4ba7-bd96-b1eb485d6adb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.43.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9d:cc:e6:ab:3a:d4:fb:b5:da:fc:7a:5f:2a:37:9c:e6:04:b3:
         ce:bd:36:3a:d3:41:03:c5:c2:de:71:31:ed:4e:1a:4e:48:ef:
         1a:ee:1f:85:62:fa:07:d6:75:65:98:89:61:00:1d:00:7f:02:
         7a:f2:9c:90:33:52:1a:10:ed:49:89:3f:ab:bb:3a:eb:23:bb:
         01:cd:9a:41:6e:05:cd:77:38:93:11:5c:8a:af:6a:dc:9f:7a:
         b9:de:ae:9e:d0:63:11:1c:9f:15:16:91:25:d0:c7:96:11:ca:
         b6:08:1c:eb:d1:f0:11:0b:eb:64:e5:7c:0f:dc:39:cd:10:bd:
         03:51:6d:82:82:67:d3:c6:5a:be:63:f0:3b:1c:51:61:cc:8c:
         dd:fa:4c:9d:d3:7c:64:42:77:28:8b:9f:33:ef:a8:49:2e:52:
         03:42:57:e5:29:2c:51:fd:8d:2e:30:86:fe:09:3a:be:4a:03:
         2c:57:af:46:3b:2d:d6:fc:70:97:46:c3:d8:4c:a7:4b:4b:0b:
         b7:27:90:2b:a8:c9:e0:81:6b:77:7a:d0:70:42:ba:ee:c4:ed:
         74:e9:2d:e7:bf:5f:45:d7:e6:56:39:a8:08:28:7f:95:85:83:
         ce:3e:cf:4c:bd:b2:70:f0:e9:ac:05:6b:d0:8b:d6:a0:1d:21:
         1d:da:3a:b7
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUeTLKELFH39VbUljAqMZy8FEHzBMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE1MDAzMDU4WhcNMjUxMjIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0Y2QyOWM1OWNmNjAwN2M0MmQxZjFlMGVjYzI4OWM1YzI0
MDg0ZjJiMWYwODBkNTg3MjE1OTRlNzQ5Y2JlYWYyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCr1TgSudw/2IotuimTPgCWwrTFnNUZ3G03sTbkc/GrpbZX
lr/5n0DfY60DWbrF1SLUmcz/M31fqRde4rxFXwgk3d4vHKyaMv3SQU5f9bWaUju0
Wh7J2cpQzNPpE0elTq/vdNj+t68YCsWs1VNISs3cH0o4ejx5GjDp6CsMkneUfjha
xPmzZh6zW0fgfu7t3heeS3Xu2DsUV1DZgSzSxeitfXCVYvjwnwNxwYQhPJU8o4lh
A1gUfQ3lRZJ1LD/lcCeGNIXEPFu4sDoaG+FSMYjPB0z+8I2GAmcoin0FH0V42MGF
8zQrtfoqfjUfxD8FxZkwndJFayIqyktgcAfYn7q5AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQURj8BnixLPRfpDTnJZtkV8sGNrzYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E0YzAzMWY5LTZkNDAtNGJhNy1iZDk2LWIxZWI0ODVkNmFkYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAjKzANBgkqhkiG9w0BAQsFAAOCAQEAnczmqzrU+7Xa/HpfKjec5gSzzr02
OtNBA8XC3nEx7U4aTkjvGu4fhWL6B9Z1ZZiJYQAdAH8CevKckDNSGhDtSYk/q7s6
6yO7Ac2aQW4FzXc4kxFciq9q3J96ud6untBjERyfFRaRJdDHlhHKtggc69HwEQvr
ZOV8D9w5zRC9A1FtgoJn08ZavmPwOxxRYcyM3fpMndN8ZEJ3KIufM++oSS5SA0JX
5SksUf2NLjCG/gk6vkoDLFevRjst1vxwl0bD2EynS0sLtyeQK6jJ4IFrd3rQcEK6
7sTtdOkt579fRdfmVjmoCCh/lYWDzj7PTL2ycPDprAVr0IvWoB0hHdo6tw==
-----END CERTIFICATE-----