Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fd591dd4-3bac-44a9-bd89-e1ba9ed57670.roa
File:                     fd591dd4-3bac-44a9-bd89-e1ba9ed57670.roa (raw, json)
Hash identifier:          WFdubih/9TITsrCYa8bKKS2M90bpI+yL0DJOipkR5dY=
Subject key identifier:   0B:4B:78:7E:F5:1E:91:01:55:A5:0A:18:2D:5B:BB:85:71:4F:52:0F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5A35766B6E2A331B44EC312FF8B0A3FF1448E250
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fd591dd4-3bac-44a9-bd89-e1ba9ed57670.roa
Signing time:             Sat 15 Nov 2025 00:50:08 +0000
ROA not before:           Sat 15 Nov 2025 00:50:08 +0000
ROA not after:            Sat 20 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.216.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:35:76:6b:6e:2a:33:1b:44:ec:31:2f:f8:b0:a3:ff:14:48:e2:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 15 00:50:08 2025 GMT
            Not After : Dec 20 23:59:59 2025 GMT
        Subject: serialNumber=bfa20f302b17fdf3f79a7a5cf2dfae82e73e13ccc98ed6c8cce892b57ff3f51b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c0:ca:77:28:8d:88:2c:2d:fc:dc:bc:0a:c8:
                    20:62:94:a7:8a:72:9c:ae:6e:b4:95:40:84:d6:af:
                    e5:6d:e3:b6:d7:e7:e3:1b:fe:70:94:9e:d1:ac:91:
                    6d:9f:ae:b5:bc:04:2b:87:78:b2:0f:b5:61:ce:2e:
                    3d:c1:1d:3a:88:56:3a:6e:65:10:f0:03:ec:eb:b0:
                    d0:b2:e4:ca:8e:db:99:a3:20:ae:22:3f:01:67:25:
                    7f:ce:42:68:55:9a:22:02:dc:65:84:f0:08:3f:30:
                    ef:22:7e:6d:b2:36:95:a1:6d:da:8d:93:65:7f:36:
                    3c:ac:39:c6:e1:16:70:65:2f:7f:5c:46:03:2c:20:
                    73:0c:3b:ea:fe:46:f1:e7:a9:95:11:2a:81:e2:16:
                    b5:ce:1b:67:fb:52:a6:ee:ee:78:f8:77:d3:5b:39:
                    3a:ad:0d:ab:be:ec:ac:3e:c4:05:3a:5b:25:f9:3f:
                    27:74:39:6a:2e:db:59:14:4d:a6:d3:cc:54:6b:75:
                    8f:45:fe:2b:8b:f9:58:6b:e3:47:b3:b3:a8:84:c1:
                    b3:6f:ff:e3:96:9a:7b:93:e3:2b:91:a6:b8:7c:68:
                    24:1a:ef:72:dc:af:81:89:cf:91:fb:9a:98:64:77:
                    3c:3a:c4:e5:77:f4:05:a7:af:8b:87:e9:7b:d8:c1:
                    a5:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:4B:78:7E:F5:1E:91:01:55:A5:0A:18:2D:5B:BB:85:71:4F:52:0F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fd591dd4-3bac-44a9-bd89-e1ba9ed57670.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.216.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         01:74:51:58:0d:5f:c9:6d:49:d0:23:e2:f5:96:40:6c:8d:7c:
         7e:34:b7:c4:7d:06:67:5c:fd:5f:eb:49:a4:d6:09:a8:17:53:
         d5:d1:eb:61:be:ee:83:9c:18:d2:e8:49:15:f2:2e:1a:5e:28:
         28:5b:16:a4:1a:0e:09:ee:27:f9:63:c2:b5:8a:a0:40:1c:ff:
         da:c6:3f:a2:f4:f9:79:07:46:3f:15:12:74:c4:ab:e3:25:64:
         4b:1d:4e:a9:7d:4f:db:69:0e:37:31:b4:25:d5:c9:c2:e8:46:
         90:e5:33:c1:c0:8a:6d:ea:5e:59:29:92:cf:4c:af:d4:cc:ce:
         37:cc:3b:1b:55:ff:3c:5a:59:b8:b1:3a:55:a5:9d:cd:78:2f:
         48:a0:5a:bf:58:9b:83:a4:d8:4d:fc:06:e0:6e:3a:12:47:9c:
         56:51:ae:0b:1e:02:7d:a5:a2:9e:85:9c:47:6c:1c:1a:e1:11:
         83:4d:14:cf:cf:c4:83:47:67:70:ab:a7:1c:3f:63:bd:eb:88:
         70:3e:5f:86:7e:83:c4:d3:13:b7:47:d3:e1:21:08:7c:92:91:
         b6:3b:88:80:89:0b:b8:d7:ab:83:91:93:41:54:70:52:94:cf:
         3a:49:41:fc:3e:3c:aa:f5:99:58:47:fd:b6:e3:34:d5:2b:9f:
         ec:9c:26:65
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUWjV2a24qMxtE7DEv+LCj/xRI4lAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE1MDA1MDA4WhcNMjUxMjIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BiZmEyMGYzMDJiMTdmZGYzZjc5YTdhNWNmMmRmYWU4MmU3
M2UxM2NjYzk4ZWQ2YzhjY2U4OTJiNTdmZjNmNTFiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0wMp3KI2ILC383LwKyCBilKeKcpyubrSVQITWr+Vt47bX
5+Mb/nCUntGskW2frrW8BCuHeLIPtWHOLj3BHTqIVjpuZRDwA+zrsNCy5MqO25mj
IK4iPwFnJX/OQmhVmiIC3GWE8Ag/MO8ifm2yNpWhbdqNk2V/NjysOcbhFnBlL39c
RgMsIHMMO+r+RvHnqZURKoHiFrXOG2f7Uqbu7nj4d9NbOTqtDau+7Kw+xAU6WyX5
Pyd0OWou21kUTabTzFRrdY9F/iuL+Vhr40ezs6iEwbNv/+OWmnuT4yuRprh8aCQa
73Lcr4GJz5H7mphkdzw6xOV39AWnr4uH6XvYwaULAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUC0t4fvUekQFVpQoYLVu7hXFPUg8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZkNTkxZGQ0LTNiYWMtNDRhOS1iZDg5LWUxYmE5ZWQ1NzY3MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAo2DANBgkqhkiG9w0BAQsFAAOCAQEAAXRRWA1fyW1J0CPi9ZZAbI18fjS3
xH0GZ1z9X+tJpNYJqBdT1dHrYb7ug5wY0uhJFfIuGl4oKFsWpBoOCe4n+WPCtYqg
QBz/2sY/ovT5eQdGPxUSdMSr4yVkSx1OqX1P22kONzG0JdXJwuhGkOUzwcCKbepe
WSmSz0yv1MzON8w7G1X/PFpZuLE6VaWdzXgvSKBav1ibg6TYTfwG4G46EkecVlGu
Cx4CfaWinoWcR2wcGuERg00Uz8/Eg0dncKunHD9jveuIcD5fhn6DxNMTt0fT4SEI
fJKRtjuIgIkLuNerg5GTQVRwUpTPOklB/D48qvWZWEf9tuM01Suf7JwmZQ==
-----END CERTIFICATE-----