Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b321cf91-4773-42bb-b05a-a6eee24370ac.roa
File:                     b321cf91-4773-42bb-b05a-a6eee24370ac.roa (raw, json)
Hash identifier:          EgdiT2TFnjt51Bmwd0EW4A7gG8Ovy9+SowO5Le+bJiw=
Subject key identifier:   84:3C:6F:04:56:E3:3B:F9:F4:BA:14:05:7E:07:B3:E8:CB:C5:9A:D3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0298D6C39A0FB0462C70A19A7E2D937E6156457D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b321cf91-4773-42bb-b05a-a6eee24370ac.roa
Signing time:             Mon 29 Sep 2025 15:13:26 +0000
ROA not before:           Mon 29 Sep 2025 15:13:26 +0000
ROA not after:            Mon 03 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        135.140.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:98:d6:c3:9a:0f:b0:46:2c:70:a1:9a:7e:2d:93:7e:61:56:45:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 29 15:13:26 2025 GMT
            Not After : Nov  3 23:59:59 2025 GMT
        Subject: serialNumber=4c9639556413612cd3e5916740eba4145cc4ed0513806d277ff3720a5ddec9f4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:df:6c:f4:d3:c2:a1:4e:af:2a:8d:d1:f2:51:
                    ab:6c:0f:aa:09:51:0d:e2:95:4f:9b:fd:cb:77:ad:
                    af:bb:9a:8b:9a:38:67:ce:40:6c:6e:8c:e0:5f:0e:
                    53:f7:ec:b0:c1:f3:90:53:09:20:37:68:85:c3:02:
                    01:30:e2:30:95:bc:69:53:b6:6f:e1:f5:da:a8:63:
                    d4:83:b8:b6:bb:00:88:89:e8:fa:af:3a:2f:82:37:
                    fb:fc:75:a0:c7:73:33:b1:27:d7:12:0b:41:2b:97:
                    80:ab:c8:d7:5b:e7:8f:70:d0:f5:b8:46:e3:cd:9f:
                    53:03:2e:ff:6a:75:1a:95:47:4a:3c:e2:c0:ce:fe:
                    eb:23:73:f6:f0:d4:f5:0f:da:6a:6e:43:35:64:0a:
                    fc:89:f6:9f:f4:a2:14:44:d9:98:87:4a:7f:5e:0f:
                    72:ed:76:37:a9:74:c8:3d:8c:b3:1d:ee:9e:56:22:
                    78:39:8d:59:37:c2:fb:e0:65:44:42:84:d9:dd:0d:
                    e8:18:58:ce:ed:72:1c:4e:9a:74:5c:6f:dd:a0:b5:
                    f7:17:68:17:f9:c3:27:30:6c:60:c5:06:f0:bf:37:
                    f5:75:3a:b5:d6:77:33:74:a8:89:12:be:91:06:9a:
                    9a:2a:e4:94:c6:da:12:5e:1d:85:48:20:a5:d1:17:
                    d9:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:3C:6F:04:56:E3:3B:F9:F4:BA:14:05:7E:07:B3:E8:CB:C5:9A:D3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b321cf91-4773-42bb-b05a-a6eee24370ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  135.140.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0a:e1:ae:17:1d:f9:7e:18:0b:07:e9:07:dc:cf:5e:8e:11:15:
         e7:77:9b:1c:84:37:86:f4:8a:98:18:40:2d:78:00:9b:b0:3b:
         aa:80:b0:d5:92:3c:3f:ae:f8:4e:18:e4:44:0b:47:8e:1a:74:
         e6:1e:ee:c3:31:81:8b:b8:36:eb:92:74:88:4c:c4:99:ec:f1:
         e1:a1:df:e1:65:6e:d4:ac:47:9f:05:da:70:fa:77:26:c5:90:
         3f:51:a7:ad:e7:84:c1:5c:85:86:17:f3:35:b2:19:25:85:60:
         19:25:ef:ff:09:b5:e0:5a:92:c6:8b:51:af:42:b0:4c:41:d0:
         f0:49:f9:d2:b0:c8:9d:a9:64:0a:2f:7c:b7:f2:5b:be:eb:26:
         77:fc:02:8c:cf:ab:f7:97:09:0b:b8:75:ce:01:2c:a7:c9:3f:
         5e:eb:6e:fe:32:3d:ed:ab:99:59:51:d7:11:46:8d:6f:8c:93:
         40:ea:55:2a:fb:7b:96:54:2b:29:41:08:81:01:f9:a3:3a:71:
         88:79:2c:f2:9f:b5:df:9c:50:10:01:48:ab:cb:b2:40:f2:e1:
         06:fe:81:f2:94:df:83:9e:38:e5:af:0f:95:dc:eb:d2:9d:ec:
         61:54:b0:b0:25:70:be:fd:a8:00:b9:1d:2a:1a:e5:c1:f2:4e:
         ce:48:da:2c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUApjWw5oPsEYscKGafi2TfmFWRX0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI5MTUxMzI2WhcNMjUxMTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A0Yzk2Mzk1NTY0MTM2MTJjZDNlNTkxNjc0MGViYTQxNDVj
YzRlZDA1MTM4MDZkMjc3ZmYzNzIwYTVkZGVjOWY0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCd32z008KhTq8qjdHyUatsD6oJUQ3ilU+b/ct3ra+7moua
OGfOQGxujOBfDlP37LDB85BTCSA3aIXDAgEw4jCVvGlTtm/h9dqoY9SDuLa7AIiJ
6PqvOi+CN/v8daDHczOxJ9cSC0Erl4CryNdb549w0PW4RuPNn1MDLv9qdRqVR0o8
4sDO/usjc/bw1PUP2mpuQzVkCvyJ9p/0ohRE2ZiHSn9eD3LtdjepdMg9jLMd7p5W
Ing5jVk3wvvgZURChNndDegYWM7tchxOmnRcb92gtfcXaBf5wycwbGDFBvC/N/V1
OrXWdzN0qIkSvpEGmpoq5JTG2hJeHYVIIKXRF9kjAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUhDxvBFbjO/n0uhQFfgez6MvFmtMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IzMjFjZjkxLTQ3NzMtNDJiYi1iMDVhLWE2ZWVlMjQzNzBhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCHjDANBgkqhkiG9w0BAQsFAAOCAQEACuGuFx35fhgLB+kH3M9ejhEV53eb
HIQ3hvSKmBhALXgAm7A7qoCw1ZI8P674ThjkRAtHjhp05h7uwzGBi7g265J0iEzE
mezx4aHf4WVu1KxHnwXacPp3JsWQP1GnreeEwVyFhhfzNbIZJYVgGSXv/wm14FqS
xotRr0KwTEHQ8En50rDInalkCi98t/Jbvusmd/wCjM+r95cJC7h1zgEsp8k/Xutu
/jI97auZWVHXEUaNb4yTQOpVKvt7llQrKUEIgQH5ozpxiHks8p+135xQEAFIq8uy
QPLhBv6B8pTfg5445a8Pldzr0p3sYVSwsCVwvv2oALkdKhrlwfJOzkjaLA==
-----END CERTIFICATE-----