Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/40f26a4b-62f1-40da-8ebc-27801bd5f757.roa
File:                     40f26a4b-62f1-40da-8ebc-27801bd5f757.roa (raw, json)
Hash identifier:          SJh+0BHrbXLUSgrVRds+fj790TooOFRA4jeRJegDQcs=
Subject key identifier:   09:DA:DE:08:46:F7:D9:58:1A:BD:95:3A:2B:4C:04:39:98:49:AE:96
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       175C7A67DFF31B876A6CF445E0E12214ABB25F9E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/40f26a4b-62f1-40da-8ebc-27801bd5f757.roa
Signing time:             Wed 01 Oct 2025 00:01:23 +0000
ROA not before:           Wed 01 Oct 2025 00:01:23 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.95.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:5c:7a:67:df:f3:1b:87:6a:6c:f4:45:e0:e1:22:14:ab:b2:5f:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:01:23 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=afac5bc16678f182c927f304160de4a05dcecfea8d179321ec2ea2c35eaef48d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0d:c1:a1:57:bf:5d:bd:aa:1a:75:2c:56:c1:
                    7f:30:91:5c:eb:48:96:1e:a1:1f:31:7a:2c:28:ef:
                    bc:a1:92:15:ca:dd:0b:cc:e9:17:56:f2:5d:5b:58:
                    9c:46:58:7b:b9:ad:87:55:6f:d5:6e:b8:51:e7:61:
                    dd:a1:44:20:fb:8d:6f:2d:46:9b:5a:1e:49:e7:a4:
                    ba:bb:d0:49:37:e1:cf:d9:7d:8c:0e:fd:d0:88:77:
                    2c:df:93:83:62:1a:7e:f2:09:54:d1:f6:6b:dc:e7:
                    e6:73:ad:78:00:c3:e6:0a:92:65:90:69:a6:e7:7a:
                    c6:5c:af:b3:12:07:2e:25:8a:cc:f5:39:6f:7f:67:
                    c7:55:a0:49:bf:2c:cf:7c:74:98:a5:2c:82:6c:2d:
                    53:57:a6:85:6d:f4:26:6b:e5:9e:b5:41:f3:68:7a:
                    0c:28:f1:8b:c4:64:c7:c5:13:4b:84:a9:fa:64:5f:
                    1a:a5:48:0d:f8:b3:24:3b:75:4c:28:83:03:ce:94:
                    4d:aa:82:13:64:a4:7d:8d:5f:25:12:e8:1c:94:55:
                    6f:9a:19:8e:49:92:30:03:92:d9:50:d6:bd:d3:b2:
                    5e:34:f9:38:c4:36:ae:68:b6:ec:db:fb:d2:17:fe:
                    db:cd:68:44:26:a3:44:b7:9c:17:bb:7c:79:a2:85:
                    65:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:DA:DE:08:46:F7:D9:58:1A:BD:95:3A:2B:4C:04:39:98:49:AE:96
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/40f26a4b-62f1-40da-8ebc-27801bd5f757.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.95.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3a:ee:84:ea:2d:e8:b1:5d:aa:e5:07:89:28:7b:72:c4:a7:43:
         4f:87:0a:eb:18:59:1f:bb:29:3c:88:4b:20:f9:79:02:e5:d7:
         9a:86:bd:bd:c3:9e:d7:5f:41:4b:4e:fd:ef:b3:15:d5:34:f2:
         05:b4:ae:42:a3:f7:1e:f0:21:64:da:c0:62:b5:ac:c0:e4:40:
         34:81:64:b2:7b:98:8d:bc:5e:de:d5:44:b1:35:88:ca:ba:21:
         4e:80:49:2a:69:60:3c:72:3c:6e:3e:ba:37:8b:aa:44:42:1e:
         37:12:47:c8:9c:bc:97:14:c8:9f:ab:de:4b:a5:28:98:9d:b4:
         bc:36:9f:6a:25:80:93:75:53:af:22:77:dc:5d:33:09:28:68:
         86:90:a5:8e:78:78:74:f1:35:c6:ef:13:b6:fe:45:6e:72:1f:
         e2:1e:dd:5a:66:e6:98:f3:4a:2b:d7:85:74:46:90:4d:9b:48:
         29:79:00:a2:0c:78:fd:76:56:b5:38:25:1c:83:07:6f:15:80:
         2b:c8:74:b1:d9:33:dd:56:2f:b1:d3:f4:bc:6a:98:c6:82:57:
         0a:c5:b5:d3:06:4c:e3:1b:9e:91:21:38:5c:32:3f:15:e2:c4:
         29:3e:fc:f7:db:26:62:05:6d:c3:71:0c:8e:33:99:e6:7c:2c:
         34:1a:cc:3f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUF1x6Z9/zG4dqbPRF4OEiFKuyX54wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDAwMTIzWhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZmFjNWJjMTY2NzhmMTgyYzkyN2YzMDQxNjBkZTRhMDVk
Y2VjZmVhOGQxNzkzMjFlYzJlYTJjMzVlYWVmNDhkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsDcGhV79dvaoadSxWwX8wkVzrSJYeoR8xeiwo77yhkhXK
3QvM6RdW8l1bWJxGWHu5rYdVb9VuuFHnYd2hRCD7jW8tRptaHknnpLq70Ek34c/Z
fYwO/dCIdyzfk4NiGn7yCVTR9mvc5+ZzrXgAw+YKkmWQaabnesZcr7MSBy4lisz1
OW9/Z8dVoEm/LM98dJilLIJsLVNXpoVt9CZr5Z61QfNoegwo8YvEZMfFE0uEqfpk
XxqlSA34syQ7dUwogwPOlE2qghNkpH2NXyUS6ByUVW+aGY5JkjADktlQ1r3Tsl40
+TjENq5otuzb+9IX/tvNaEQmo0S3nBe7fHmihWUbAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUCdreCEb32VgavZU6K0wEOZhJrpYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQwZjI2YTRiLTYyZjEtNDBkYS04ZWJjLTI3ODAxYmQ1Zjc1Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQXzANBgkqhkiG9w0BAQsFAAOCAQEAOu6E6i3osV2q5QeJKHtyxKdDT4cK
6xhZH7spPIhLIPl5AuXXmoa9vcOe119BS07977MV1TTyBbSuQqP3HvAhZNrAYrWs
wORANIFksnuYjbxe3tVEsTWIyrohToBJKmlgPHI8bj66N4uqREIeNxJHyJy8lxTI
n6veS6UomJ20vDafaiWAk3VTryJ33F0zCShohpCljnh4dPE1xu8Ttv5FbnIf4h7d
WmbmmPNKK9eFdEaQTZtIKXkAogx4/XZWtTglHIMHbxWAK8h0sdkz3VYvsdP0vGqY
xoJXCsW10wZM4xuekSE4XDI/FeLEKT7899smYgVtw3EMjjOZ5nwsNBrMPw==
-----END CERTIFICATE-----