Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/972b83eb-d496-42ce-9c01-8ffb21ac19d1.roa
File:                     972b83eb-d496-42ce-9c01-8ffb21ac19d1.roa (raw, json)
Hash identifier:          hvcrwh9u1dIX+ExfQcEe3B0tKvCW/7F0D3vJINERxlA=
Subject key identifier:   42:A1:C8:75:37:AC:EE:06:D1:98:E0:BF:B6:BD:14:B7:84:2F:69:D7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       72574D0D9BE247407AF57A0EE30121761A96D5C0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/972b83eb-d496-42ce-9c01-8ffb21ac19d1.roa
Signing time:             Tue 21 Oct 2025 00:20:57 +0000
ROA not before:           Tue 21 Oct 2025 00:20:57 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.239.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:57:4d:0d:9b:e2:47:40:7a:f5:7a:0e:e3:01:21:76:1a:96:d5:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 21 00:20:57 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=de19d58866c3df110e1745473b4b084f9f2e95cf6b292c50d03382b2256d91ce, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:86:04:0a:17:cc:5c:5a:3f:59:09:56:af:9d:
                    2f:ec:ff:ec:ec:f3:5b:b7:18:35:eb:dc:94:56:92:
                    c2:16:f2:de:54:2a:68:06:d4:7d:d3:e3:7b:d6:32:
                    e8:27:af:5b:57:ff:40:c3:79:87:6f:06:b3:26:e3:
                    2d:01:64:9b:14:da:51:ea:a7:c9:67:14:3a:cd:7b:
                    73:ef:2e:e1:7c:db:14:81:30:cd:82:e2:07:e0:d7:
                    fa:09:ab:8d:de:78:fc:24:e8:94:f5:70:f6:ea:75:
                    27:14:81:65:be:c9:3d:3d:cc:bd:47:f9:df:f0:64:
                    f3:f3:20:e1:6e:8d:d2:6c:c6:b0:a7:2b:da:91:39:
                    79:c1:e8:f6:7d:69:92:54:16:9b:b4:8e:d7:bf:6b:
                    f7:ac:68:86:69:58:97:09:43:81:16:39:24:f9:bd:
                    2d:b4:07:e3:76:ff:a5:46:9c:90:7f:ce:85:0c:97:
                    a5:ea:b6:e6:10:1e:6e:38:3f:00:a8:94:f1:51:b7:
                    d7:de:1e:06:6f:14:39:6b:84:29:31:3b:64:6d:47:
                    b0:44:51:bd:cf:49:d7:3b:b2:37:f0:6b:bc:7a:0e:
                    91:71:f8:50:40:1c:fb:de:d4:e0:4c:32:ff:ed:7a:
                    1f:76:f7:15:13:29:5e:a7:7e:29:41:1d:e2:08:17:
                    f3:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:A1:C8:75:37:AC:EE:06:D1:98:E0:BF:B6:BD:14:B7:84:2F:69:D7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/972b83eb-d496-42ce-9c01-8ffb21ac19d1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.239.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         53:95:a4:29:6e:c8:07:bb:0c:01:da:26:e7:4d:70:fd:fa:71:
         4b:a3:23:ea:75:18:e9:d2:04:3b:95:ac:45:0d:6c:8e:30:ff:
         85:65:52:bc:2a:f1:0d:ea:03:8b:22:1b:c2:7c:0b:de:7d:d7:
         58:84:b1:2f:ca:5c:94:ea:1f:b3:fc:64:bf:14:c8:f0:70:a3:
         5f:16:32:c3:52:08:9c:62:32:6e:59:2c:47:5c:36:98:9d:49:
         69:89:d7:7f:e8:f6:6d:02:ab:72:1c:33:9a:09:64:3d:f5:bc:
         10:e2:a5:46:2f:d8:ec:24:c5:36:ac:cd:d3:54:5c:71:ba:b5:
         b9:ae:66:e5:7e:fc:52:fc:5a:03:22:32:01:8d:ea:e2:bc:86:
         11:1a:7a:25:dc:28:fe:b4:a6:c5:70:b1:50:ec:fc:56:ff:ed:
         05:37:41:ed:22:96:82:07:0e:9b:82:54:9a:35:72:24:16:a9:
         96:20:00:a5:ae:ba:2d:db:69:0c:f6:58:a5:a9:13:b1:c1:a3:
         96:cb:43:29:ba:ea:3a:05:60:c4:78:10:b5:52:9f:dc:e3:41:
         c0:07:36:e6:9e:df:21:85:37:c3:8a:75:a2:d9:12:5c:30:e2:
         f7:49:b2:14:4e:71:cd:96:98:ef:89:ee:64:c2:ad:29:9b:53:
         cc:7f:ca:3f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUcldNDZviR0B69XoO4wEhdhqW1cAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIxMDAyMDU3WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZTE5ZDU4ODY2YzNkZjExMGUxNzQ1NDczYjRiMDg0Zjlm
MmU5NWNmNmIyOTJjNTBkMDMzODJiMjI1NmQ5MWNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDahgQKF8xcWj9ZCVavnS/s/+zs81u3GDXr3JRWksIW8t5U
KmgG1H3T43vWMugnr1tX/0DDeYdvBrMm4y0BZJsU2lHqp8lnFDrNe3PvLuF82xSB
MM2C4gfg1/oJq43eePwk6JT1cPbqdScUgWW+yT09zL1H+d/wZPPzIOFujdJsxrCn
K9qROXnB6PZ9aZJUFpu0jte/a/esaIZpWJcJQ4EWOST5vS20B+N2/6VGnJB/zoUM
l6XqtuYQHm44PwColPFRt9feHgZvFDlrhCkxO2RtR7BEUb3PSdc7sjfwa7x6DpFx
+FBAHPve1OBMMv/teh929xUTKV6nfilBHeIIF/P1AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUQqHIdTes7gbRmOC/tr0Ut4QvadcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk3MmI4M2ViLWQ0OTYtNDJjZS05YzAxLThmZmIyMWFjMTlkMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAo7zANBgkqhkiG9w0BAQsFAAOCAQEAU5WkKW7IB7sMAdom501w/fpxS6Mj
6nUY6dIEO5WsRQ1sjjD/hWVSvCrxDeoDiyIbwnwL3n3XWISxL8pclOofs/xkvxTI
8HCjXxYyw1IInGIyblksR1w2mJ1JaYnXf+j2bQKrchwzmglkPfW8EOKlRi/Y7CTF
NqzN01Rccbq1ua5m5X78UvxaAyIyAY3q4ryGERp6Jdwo/rSmxXCxUOz8Vv/tBTdB
7SKWggcOm4JUmjVyJBapliAApa66LdtpDPZYpakTscGjlstDKbrqOgVgxHgQtVKf
3ONBwAc25p7fIYU3w4p1otkSXDDi90myFE5xzZaY74nuZMKtKZtTzH/KPw==
-----END CERTIFICATE-----