Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/972b83eb-d496-42ce-9c01-8ffb21ac19d1.roa
File:                     972b83eb-d496-42ce-9c01-8ffb21ac19d1.roa (raw, json)
Hash identifier:          HKfa4clLvpTLS5SVHA8Hre5+dymr1IMgsz2GCFLZl1s=
Subject key identifier:   AB:84:91:82:9F:AB:7C:7C:0C:5B:4B:F7:C2:D7:F3:14:AC:B7:CF:E2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0CE3E9FC76C520BD70A95AF66F2A408A3FE51DAA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/972b83eb-d496-42ce-9c01-8ffb21ac19d1.roa
Signing time:             Sat 15 Nov 2025 00:21:11 +0000
ROA not before:           Sat 15 Nov 2025 00:21:11 +0000
ROA not after:            Sat 20 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.239.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:e3:e9:fc:76:c5:20:bd:70:a9:5a:f6:6f:2a:40:8a:3f:e5:1d:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 15 00:21:11 2025 GMT
            Not After : Dec 20 23:59:59 2025 GMT
        Subject: serialNumber=904f9a8405c2a1f7ccf53777d1d8ed3dd5c961a08215f07631bbe6a34959447b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:5c:ae:0d:e1:db:94:f7:f6:6d:4c:20:dc:36:
                    67:39:fa:54:fd:19:50:71:ca:06:d8:11:a7:b2:4c:
                    92:2b:0f:26:aa:d7:05:0e:17:f7:e0:0f:59:3c:d2:
                    37:08:c9:d4:12:25:49:35:d4:84:2c:6b:a2:05:49:
                    49:2e:c5:7b:83:e2:51:35:14:88:9e:61:0a:2a:88:
                    d6:3e:4c:0f:24:a1:5b:1f:b1:9d:62:79:9f:0c:e7:
                    54:dd:ed:97:c0:5e:21:59:2d:10:9b:be:fa:71:c1:
                    1e:20:1e:5c:86:6d:00:85:b5:c8:a4:42:d5:94:ac:
                    22:3e:c0:c5:20:af:46:a4:8f:28:e3:d8:16:f4:96:
                    f1:67:37:42:c7:49:fd:4c:5f:3f:5d:70:a4:49:77:
                    0e:6a:84:40:8b:82:f0:04:46:e9:e4:0a:26:cc:c3:
                    37:e7:56:7a:83:9e:d8:f0:e4:75:ca:6c:60:34:0c:
                    05:5b:d3:59:5d:0a:6c:75:61:cc:83:87:8d:cc:ee:
                    48:f7:d1:e5:0a:c8:a5:81:01:10:de:e8:fd:e2:be:
                    e4:ae:bb:34:8e:72:35:b2:c8:e4:35:09:2e:e2:62:
                    ef:df:bf:90:81:23:bf:bf:44:98:03:d0:b3:5f:74:
                    63:ee:ce:cd:44:e2:1b:b5:4c:c3:da:63:72:a4:9b:
                    83:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:84:91:82:9F:AB:7C:7C:0C:5B:4B:F7:C2:D7:F3:14:AC:B7:CF:E2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/972b83eb-d496-42ce-9c01-8ffb21ac19d1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.239.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7d:50:7c:44:d9:87:1e:e2:25:91:5d:23:7c:b1:f4:22:e6:b8:
         f9:39:40:09:27:9c:82:4b:21:fa:07:87:4d:d6:06:b1:d1:0c:
         2b:00:d9:88:a2:87:82:c4:97:15:5d:2b:8d:54:9a:1e:d0:3c:
         3c:06:09:c9:1d:9c:8c:38:64:9a:95:59:6a:6b:4c:0b:25:6c:
         be:8b:38:40:cf:bf:60:a0:ba:36:48:3d:5b:08:ee:e1:fd:1c:
         4c:c0:21:5e:b2:01:6b:f6:f3:b5:bc:26:9a:b6:87:ab:88:2c:
         d4:ee:60:99:e8:0a:ab:fc:48:50:28:62:fd:44:1a:b6:45:ae:
         a9:50:4d:11:18:62:87:99:5c:03:c8:35:a6:37:7d:fd:d5:4b:
         60:b1:8d:2f:26:c2:c9:97:12:56:16:5e:cb:8f:93:87:41:af:
         94:70:64:9f:af:83:a2:e8:cb:c0:28:e1:4d:35:6a:34:85:23:
         92:50:1d:f8:80:a2:bb:4b:91:eb:02:6c:a7:09:2f:58:36:6f:
         79:03:43:b3:fe:84:c7:47:c4:4c:90:6c:49:39:5e:22:c1:4f:
         ed:fa:b1:7e:bc:6a:3c:0b:25:59:07:3d:8f:ad:f9:e2:2b:e7:
         7b:61:18:03:b5:7c:b2:c4:43:a9:00:f0:6a:1a:d1:44:2b:c8:
         65:69:f9:a4
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUDOPp/HbFIL1wqVr2bypAij/lHaowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE1MDAyMTExWhcNMjUxMjIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MDRmOWE4NDA1YzJhMWY3Y2NmNTM3NzdkMWQ4ZWQzZGQ1
Yzk2MWEwODIxNWYwNzYzMWJiZTZhMzQ5NTk0NDdiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpXK4N4duU9/ZtTCDcNmc5+lT9GVBxygbYEaeyTJIrDyaq
1wUOF/fgD1k80jcIydQSJUk11IQsa6IFSUkuxXuD4lE1FIieYQoqiNY+TA8koVsf
sZ1ieZ8M51Td7ZfAXiFZLRCbvvpxwR4gHlyGbQCFtcikQtWUrCI+wMUgr0akjyjj
2Bb0lvFnN0LHSf1MXz9dcKRJdw5qhECLgvAERunkCibMwzfnVnqDntjw5HXKbGA0
DAVb01ldCmx1YcyDh43M7kj30eUKyKWBARDe6P3ivuSuuzSOcjWyyOQ1CS7iYu/f
v5CBI7+/RJgD0LNfdGPuzs1E4hu1TMPaY3Kkm4NbAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUq4SRgp+rfHwMW0v3wtfzFKy3z+IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk3MmI4M2ViLWQ0OTYtNDJjZS05YzAxLThmZmIyMWFjMTlkMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAo7zANBgkqhkiG9w0BAQsFAAOCAQEAfVB8RNmHHuIlkV0jfLH0Iua4+TlA
CSecgksh+geHTdYGsdEMKwDZiKKHgsSXFV0rjVSaHtA8PAYJyR2cjDhkmpVZamtM
CyVsvos4QM+/YKC6Nkg9Wwju4f0cTMAhXrIBa/bztbwmmraHq4gs1O5gmegKq/xI
UChi/UQatkWuqVBNERhih5lcA8g1pjd9/dVLYLGNLybCyZcSVhZey4+Th0GvlHBk
n6+DoujLwCjhTTVqNIUjklAd+ICiu0uR6wJspwkvWDZveQNDs/6Ex0fETJBsSTle
IsFP7fqxfrxqPAslWQc9j6354ivne2EYA7V8ssRDqQDwahrRRCvIZWn5pA==
-----END CERTIFICATE-----