Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/71f17d70-39ce-4e36-ab82-115560d236c7.roa
File:                     71f17d70-39ce-4e36-ab82-115560d236c7.roa (raw, json)
Hash identifier:          a31n7F7w4rhgVMtk+Yba71AUy+OzJrxMRXypq8CSzpk=
Subject key identifier:   24:79:CD:68:4E:79:F0:4F:05:E8:A3:7E:C2:F9:DB:CC:53:32:23:BE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       320594B489523075B34708F6CEFDD96445E5D16B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/71f17d70-39ce-4e36-ab82-115560d236c7.roa
Signing time:             Thu 13 Nov 2025 01:00:10 +0000
ROA not before:           Thu 13 Nov 2025 01:00:10 +0000
ROA not after:            Thu 18 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.4.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:05:94:b4:89:52:30:75:b3:47:08:f6:ce:fd:d9:64:45:e5:d1:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 13 01:00:10 2025 GMT
            Not After : Dec 18 23:59:59 2025 GMT
        Subject: serialNumber=da05c789465926d294d6b7879ffd3b3693b6b63cae7e6762a7ec17317a7c8a95, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:8e:9a:5a:2c:98:00:af:12:22:07:5b:39:fc:
                    1c:8b:c4:4d:ad:c3:20:49:be:0b:c3:d8:82:6a:6e:
                    20:b8:e3:e9:4e:f1:1b:b6:87:9d:f4:01:6a:4b:4a:
                    a4:d2:51:65:c5:58:be:76:b0:30:ff:e2:05:96:6d:
                    eb:41:9b:eb:7c:c3:0c:71:6c:72:e4:04:dc:60:d5:
                    08:d9:6d:ce:5b:d7:80:3c:5c:d9:2e:cd:d3:f9:03:
                    dd:da:e5:19:b3:f7:56:a4:71:e7:cc:4d:c6:2f:bb:
                    f7:3c:64:c7:93:51:28:67:e1:9d:e2:cd:b2:13:d0:
                    7f:bd:95:40:ea:5c:59:53:9c:b1:fb:97:9c:f9:5a:
                    52:9f:75:a9:cd:77:d7:d8:1c:c7:94:fa:1a:ed:85:
                    45:a8:41:fd:cb:aa:db:24:37:b0:ce:1f:02:d1:0a:
                    9f:84:8e:c2:f1:db:13:27:7a:f9:d7:1d:db:9c:53:
                    6b:33:b6:72:5a:e9:bd:a7:33:dd:c6:6d:55:e5:58:
                    a3:6e:31:b1:34:6e:58:a4:e5:ce:10:25:f8:b7:f1:
                    58:b9:db:23:50:f2:c2:c3:fd:a9:52:73:a4:e0:54:
                    ca:51:48:be:cb:33:ce:53:51:a0:d2:30:0d:71:0e:
                    e5:7c:64:d2:dc:ef:38:0f:bf:19:33:d7:01:e8:04:
                    d1:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:79:CD:68:4E:79:F0:4F:05:E8:A3:7E:C2:F9:DB:CC:53:32:23:BE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/71f17d70-39ce-4e36-ab82-115560d236c7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.4.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         50:c8:ff:5a:8a:13:c4:a8:83:37:34:77:60:c8:89:43:82:0e:
         74:07:66:e0:4a:00:9b:d4:6d:bb:eb:53:97:06:9b:a1:fa:e0:
         17:69:96:d1:e5:e9:97:9c:5a:44:17:bf:32:ac:41:ec:9d:c0:
         28:99:2e:b5:e8:86:11:7f:34:7a:30:b3:71:65:c8:7f:26:14:
         f8:da:cc:a7:c2:83:7d:6e:fa:d9:23:c0:2f:ef:f5:1e:5c:ce:
         b6:d6:c9:8b:65:eb:19:6c:b5:d8:85:7f:9d:b8:bf:83:bd:00:
         ee:3f:5f:86:d0:1e:b3:b1:3f:6e:21:ee:b2:50:cb:68:f3:8a:
         91:94:e3:e1:b4:66:5f:14:b7:1f:ee:da:57:dd:6a:29:ba:20:
         1a:23:2e:a7:6e:f8:cc:e0:d1:91:1e:5a:0d:b2:82:85:3f:65:
         83:e4:bf:4b:e8:e2:27:06:f0:fd:66:fa:af:4a:fc:31:f2:ed:
         0e:da:eb:4a:71:b2:da:b5:57:cc:db:a7:c3:77:cf:0c:65:93:
         b9:91:a2:9d:32:1e:4b:38:3a:b4:e1:8f:99:71:a9:bc:0c:3f:
         12:21:cd:b6:03:10:23:e8:35:e4:6d:2a:9c:af:65:ae:f6:63:
         8e:aa:e8:d7:1b:2f:91:7b:58:f1:9e:3c:75:33:81:29:10:55:
         3e:aa:0e:f0
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUMgWUtIlSMHWzRwj2zv3ZZEXl0WswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEzMDEwMDEwWhcNMjUxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYTA1Yzc4OTQ2NTkyNmQyOTRkNmI3ODc5ZmZkM2IzNjkz
YjZiNjNjYWU3ZTY3NjJhN2VjMTczMTdhN2M4YTk1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTjppaLJgArxIiB1s5/ByLxE2twyBJvgvD2IJqbiC44+lO
8Ru2h530AWpLSqTSUWXFWL52sDD/4gWWbetBm+t8wwxxbHLkBNxg1QjZbc5b14A8
XNkuzdP5A93a5Rmz91akcefMTcYvu/c8ZMeTUShn4Z3izbIT0H+9lUDqXFlTnLH7
l5z5WlKfdanNd9fYHMeU+hrthUWoQf3LqtskN7DOHwLRCp+EjsLx2xMnevnXHduc
U2sztnJa6b2nM93GbVXlWKNuMbE0blik5c4QJfi38Vi52yNQ8sLD/alSc6TgVMpR
SL7LM85TUaDSMA1xDuV8ZNLc7zgPvxkz1wHoBNEzAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUJHnNaE558E8F6KN+wvnbzFMyI74wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcxZjE3ZDcwLTM5Y2UtNGUzNi1hYjgyLTExNTU2MGQyMzZjNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4BDANBgkqhkiG9w0BAQsFAAOCAQEAUMj/WooTxKiDNzR3YMiJQ4IOdAdm
4EoAm9Rtu+tTlwabofrgF2mW0eXpl5xaRBe/MqxB7J3AKJkuteiGEX80ejCzcWXI
fyYU+NrMp8KDfW762SPAL+/1HlzOttbJi2XrGWy12IV/nbi/g70A7j9fhtAes7E/
biHuslDLaPOKkZTj4bRmXxS3H+7aV91qKbogGiMup274zODRkR5aDbKChT9lg+S/
S+jiJwbw/Wb6r0r8MfLtDtrrSnGy2rVXzNunw3fPDGWTuZGinTIeSzg6tOGPmXGp
vAw/EiHNtgMQI+g15G0qnK9lrvZjjqro1xsvkXtY8Z48dTOBKRBVPqoO8A==
-----END CERTIFICATE-----