Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4cbf798e-d927-4aad-b9d0-7145e6341534.roa
File:                     4cbf798e-d927-4aad-b9d0-7145e6341534.roa (raw, json)
Hash identifier:          /WVMVc0QT38vds7ijuPOnmsil/2rJqsy0Prkw1YZvtI=
Subject key identifier:   FF:F3:BB:64:D6:60:C2:FB:BA:C3:F6:82:18:40:3C:B1:5D:B0:50:01
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       77C1A78A5A82708BFFECA410DD09DD8217BB18D8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4cbf798e-d927-4aad-b9d0-7145e6341534.roa
Signing time:             Wed 01 Oct 2025 00:22:06 +0000
ROA not before:           Wed 01 Oct 2025 00:22:06 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.163.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:c1:a7:8a:5a:82:70:8b:ff:ec:a4:10:dd:09:dd:82:17:bb:18:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:22:06 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=f96eb36c40708641c588e84350dd53f8d56541b6796adfe8809ade2584bfb656, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:78:aa:07:63:56:45:a0:c6:3d:8d:24:c8:1c:
                    11:05:58:49:a0:a6:53:f1:83:30:62:26:5d:cd:f7:
                    6f:39:f1:8c:5a:a2:2d:77:bd:c7:49:60:45:f2:5e:
                    1e:78:31:7a:dd:9c:e6:45:a5:94:a4:1d:f2:25:89:
                    13:20:c7:25:24:11:09:65:4e:14:88:9d:6d:33:4b:
                    e9:cd:f0:e9:58:30:55:47:05:5f:76:97:b8:bf:75:
                    e5:9a:94:80:69:19:ce:f9:2c:dc:ba:5d:3b:c7:8a:
                    60:c3:dc:4b:83:84:cd:9b:12:f2:2d:8b:6f:1b:be:
                    c7:92:f1:44:dd:13:45:17:ea:9e:59:65:2f:dd:a1:
                    f0:01:9d:73:c2:4b:1b:6e:60:09:6e:d1:e7:ec:3d:
                    bd:f7:c0:48:8d:66:78:b1:77:cf:38:82:f1:0c:d7:
                    de:0d:fa:fc:be:56:06:07:bb:b9:67:b4:5c:26:34:
                    bd:ed:fd:fc:8f:6a:fe:22:02:b5:ff:97:86:0a:ed:
                    13:51:89:e0:ee:f6:61:1d:1a:b9:db:b7:78:b6:63:
                    49:bf:dd:ee:4c:65:ee:58:dc:dd:49:0b:26:50:94:
                    a9:bf:4f:12:dd:21:a4:63:1d:c8:56:87:7f:47:61:
                    77:4f:ac:11:1b:b5:89:98:7e:85:10:1c:df:b3:c4:
                    3b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:F3:BB:64:D6:60:C2:FB:BA:C3:F6:82:18:40:3C:B1:5D:B0:50:01
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4cbf798e-d927-4aad-b9d0-7145e6341534.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.163.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9b:70:b0:51:10:4d:b5:34:35:c4:18:57:49:d1:13:50:9a:b0:
         eb:bd:f5:d4:31:17:6f:21:1d:c3:3c:65:f7:0b:bb:2d:e5:b0:
         d9:92:42:8e:3f:84:ff:67:2b:f0:6b:f0:bd:db:98:a1:e1:b4:
         fe:6d:ba:f4:85:82:39:bb:b1:9c:b5:19:6d:49:a6:9f:60:d0:
         94:19:81:23:aa:1d:b6:ab:fd:8d:54:46:0b:cc:34:30:19:eb:
         4b:50:c4:8b:08:eb:96:29:16:76:ca:e2:b1:cb:1f:87:3c:08:
         0e:72:37:1c:62:7f:95:6b:0d:f7:c5:56:75:be:2a:f7:59:ad:
         fa:88:13:db:d7:f5:56:ea:1b:32:eb:99:a5:82:fb:1f:9f:3b:
         da:a7:04:c3:2a:d5:63:07:ef:ed:2f:3b:da:27:78:ef:c0:29:
         28:cb:b0:5c:4f:4d:69:14:05:a7:3c:85:06:70:f2:7d:96:78:
         5b:78:8f:c4:3f:b0:4c:8c:5a:38:be:21:82:72:0a:72:18:ed:
         71:ab:e6:f7:f5:e0:ce:77:79:99:3b:d6:9f:08:d6:72:9f:09:
         5d:8e:a8:e7:73:72:34:20:b3:60:a1:43:da:39:30:0f:16:11:
         45:aa:50:8e:aa:c1:53:1a:1d:fd:a2:2c:d1:ca:06:04:c1:bf:
         9f:f4:af:5e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUd8GnilqCcIv/7KQQ3Qndghe7GNgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDAyMjA2WhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmOTZlYjM2YzQwNzA4NjQxYzU4OGU4NDM1MGRkNTNmOGQ1
NjU0MWI2Nzk2YWRmZTg4MDlhZGUyNTg0YmZiNjU2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDheKoHY1ZFoMY9jSTIHBEFWEmgplPxgzBiJl3N92858Yxa
oi13vcdJYEXyXh54MXrdnOZFpZSkHfIliRMgxyUkEQllThSInW0zS+nN8OlYMFVH
BV92l7i/deWalIBpGc75LNy6XTvHimDD3EuDhM2bEvIti28bvseS8UTdE0UX6p5Z
ZS/dofABnXPCSxtuYAlu0efsPb33wEiNZnixd884gvEM194N+vy+VgYHu7lntFwm
NL3t/fyPav4iArX/l4YK7RNRieDu9mEdGrnbt3i2Y0m/3e5MZe5Y3N1JCyZQlKm/
TxLdIaRjHchWh39HYXdPrBEbtYmYfoUQHN+zxDtpAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU//O7ZNZgwvu6w/aCGEA8sV2wUAEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRjYmY3OThlLWQ5MjctNGFhZC1iOWQwLTcxNDVlNjM0MTUzNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAoozANBgkqhkiG9w0BAQsFAAOCAQEAm3CwURBNtTQ1xBhXSdETUJqw6731
1DEXbyEdwzxl9wu7LeWw2ZJCjj+E/2cr8GvwvduYoeG0/m269IWCObuxnLUZbUmm
n2DQlBmBI6odtqv9jVRGC8w0MBnrS1DEiwjrlikWdsriscsfhzwIDnI3HGJ/lWsN
98VWdb4q91mt+ogT29f1VuobMuuZpYL7H5872qcEwyrVYwfv7S872id478ApKMuw
XE9NaRQFpzyFBnDyfZZ4W3iPxD+wTIxaOL4hgnIKchjtcavm9/Xgznd5mTvWnwjW
cp8JXY6o53NyNCCzYKFD2jkwDxYRRapQjqrBUxod/aIs0coGBMG/n/SvXg==
-----END CERTIFICATE-----