Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5bba0470-96dd-404d-b988-2277e8fcd55f.roa
File:                     5bba0470-96dd-404d-b988-2277e8fcd55f.roa (raw, json)
Hash identifier:          E1d/MKeprydfj4YT8nEZIeDSPAvA6hLP13l1xKhC5u8=
Subject key identifier:   80:AB:BE:D2:B4:AC:8E:5B:82:E1:19:E1:05:D6:B4:1C:B1:B9:A1:A4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1B98EE1F9B4C1F50A4AAA1F6AD6ED1CA527D8641
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5bba0470-96dd-404d-b988-2277e8fcd55f.roa
Signing time:             Thu 13 Nov 2025 00:30:47 +0000
ROA not before:           Thu 13 Nov 2025 00:30:47 +0000
ROA not after:            Thu 18 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.200.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:98:ee:1f:9b:4c:1f:50:a4:aa:a1:f6:ad:6e:d1:ca:52:7d:86:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 13 00:30:47 2025 GMT
            Not After : Dec 18 23:59:59 2025 GMT
        Subject: serialNumber=30fee6de25d6ea2552c4952f20655ab9f6782bf68d2b268c27247586c09c630c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:30:9b:06:a3:bf:d4:c2:bb:b0:09:c6:3b:06:
                    fe:db:5d:50:f0:e2:16:86:72:86:ef:ca:c6:44:d2:
                    80:76:d8:5a:cf:7f:06:d2:e6:b2:90:c7:6b:a2:09:
                    39:2e:b8:bb:3e:fc:fb:5e:04:b0:b2:18:0b:7b:5e:
                    49:50:cf:ae:2c:19:b2:08:81:66:fe:16:86:b5:d7:
                    b9:29:b9:04:cf:39:ab:9f:93:71:50:63:13:94:d4:
                    24:4a:0c:fd:52:e2:a4:47:e9:ee:10:18:28:40:32:
                    2e:df:93:40:cd:5e:d4:75:35:bc:9f:21:7f:5e:0b:
                    3f:87:34:09:d3:91:b8:5c:19:99:a3:bd:43:b1:5f:
                    10:3e:a4:84:c2:97:3e:cf:d4:4b:de:94:75:42:8e:
                    ce:85:d4:63:8c:fd:a0:75:1c:84:4a:c0:1f:75:26:
                    09:43:4c:e6:50:c2:97:35:d7:be:1b:26:af:8d:aa:
                    a2:b3:91:66:8b:30:05:24:1e:c7:c3:41:26:c8:77:
                    81:40:c9:2d:3e:96:03:2f:66:66:9d:bb:83:3d:7b:
                    82:fb:0c:e0:73:e5:ef:04:ee:d6:a6:ec:f0:c3:ad:
                    2b:83:7c:25:43:75:8f:29:9a:96:3e:ef:9c:4a:53:
                    de:42:3b:5d:61:6e:b8:f0:ac:df:fa:34:d0:7d:6f:
                    e9:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:AB:BE:D2:B4:AC:8E:5B:82:E1:19:E1:05:D6:B4:1C:B1:B9:A1:A4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5bba0470-96dd-404d-b988-2277e8fcd55f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.200.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         49:a6:1f:b6:79:c3:80:4b:f8:ba:8c:e8:47:13:b8:62:96:62:
         b9:5a:9a:22:5b:4c:e9:71:71:ad:de:df:b1:c2:a8:e3:63:42:
         24:4a:77:0f:dc:55:d3:8c:55:54:fe:c2:9d:52:9f:bf:42:75:
         5f:46:f9:a7:6c:3e:69:dd:d8:02:7e:68:a4:90:f8:d9:b6:40:
         36:b3:db:18:42:f9:71:d7:5e:4c:00:4d:64:96:a3:79:85:6f:
         ee:96:37:8d:aa:fc:a3:5c:91:26:ac:23:0d:58:1f:11:b2:e9:
         0c:cf:a7:83:3e:07:75:26:8f:aa:c9:90:e2:8a:c5:5f:33:a4:
         8d:78:28:4d:14:f4:08:8b:2c:8f:68:4e:70:4c:50:e6:05:4e:
         e4:a4:54:88:df:3b:8e:72:92:02:d4:f8:2a:08:fe:d1:45:49:
         3a:7d:3f:37:8d:d9:6a:4b:c3:76:ba:a9:17:4c:06:26:a7:21:
         8a:4b:41:8d:56:87:18:9a:cb:a4:e2:4e:77:e8:0f:7b:d1:61:
         cb:69:f2:d1:13:ae:87:4a:04:fa:ed:49:2a:86:e7:f9:4f:0e:
         d5:7d:0d:86:96:db:32:07:2f:dc:f1:d0:65:41:7a:6f:9c:11:
         77:da:ec:79:3d:5e:81:8d:ee:6a:4e:6c:eb:b2:14:79:ab:7d:
         97:47:84:2a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUG5juH5tMH1CkqqH2rW7RylJ9hkEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEzMDAzMDQ3WhcNMjUxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMGZlZTZkZTI1ZDZlYTI1NTJjNDk1MmYyMDY1NWFiOWY2
NzgyYmY2OGQyYjI2OGMyNzI0NzU4NmMwOWM2MzBjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChMJsGo7/UwruwCcY7Bv7bXVDw4haGcobvysZE0oB22FrP
fwbS5rKQx2uiCTkuuLs+/PteBLCyGAt7XklQz64sGbIIgWb+Foa117kpuQTPOauf
k3FQYxOU1CRKDP1S4qRH6e4QGChAMi7fk0DNXtR1NbyfIX9eCz+HNAnTkbhcGZmj
vUOxXxA+pITClz7P1EvelHVCjs6F1GOM/aB1HIRKwB91JglDTOZQwpc1174bJq+N
qqKzkWaLMAUkHsfDQSbId4FAyS0+lgMvZmadu4M9e4L7DOBz5e8E7tam7PDDrSuD
fCVDdY8pmpY+75xKU95CO11hbrjwrN/6NNB9b+l5AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUgKu+0rSsjluC4RnhBda0HLG5oaQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzViYmEwNDcwLTk2ZGQtNDA0ZC1iOTg4LTIyNzdlOGZjZDU1Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4yDANBgkqhkiG9w0BAQsFAAOCAQEASaYftnnDgEv4uozoRxO4YpZiuVqa
IltM6XFxrd7fscKo42NCJEp3D9xV04xVVP7CnVKfv0J1X0b5p2w+ad3YAn5opJD4
2bZANrPbGEL5cddeTABNZJajeYVv7pY3jar8o1yRJqwjDVgfEbLpDM+ngz4HdSaP
qsmQ4orFXzOkjXgoTRT0CIssj2hOcExQ5gVO5KRUiN87jnKSAtT4Kgj+0UVJOn0/
N43ZakvDdrqpF0wGJqchiktBjVaHGJrLpOJOd+gPe9Fhy2ny0ROuh0oE+u1JKobn
+U8O1X0NhpbbMgcv3PHQZUF6b5wRd9rseT1egY3uak5s67IUeat9l0eEKg==
-----END CERTIFICATE-----