Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/825bfb63-e691-44c3-91b1-ef9cfe07ece2.roa
File:                     825bfb63-e691-44c3-91b1-ef9cfe07ece2.roa (raw, json)
Hash identifier:          mcijJTngGETia3UAZw0/ipb/rbthGxYqlX/JBuqfFVg=
Subject key identifier:   1C:04:6A:D8:C5:3B:23:7F:E2:A7:6A:C9:07:F9:97:2B:5B:EC:FC:87
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4634269A4B1FE95464BF57A13E9A95EC025B079E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/825bfb63-e691-44c3-91b1-ef9cfe07ece2.roa
Signing time:             Thu 13 Nov 2025 00:50:50 +0000
ROA not before:           Thu 13 Nov 2025 00:50:50 +0000
ROA not after:            Thu 18 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.29.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:34:26:9a:4b:1f:e9:54:64:bf:57:a1:3e:9a:95:ec:02:5b:07:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 13 00:50:50 2025 GMT
            Not After : Dec 18 23:59:59 2025 GMT
        Subject: serialNumber=fb24b04687874b1fa6fdf31807cbff8e349ddea52a0e408cb4a3b0f9d2fa3e66, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:fa:45:25:83:3f:6c:e0:64:78:92:85:01:a1:
                    2e:3f:8e:5a:fb:9b:91:66:00:07:35:f3:83:84:04:
                    3a:72:55:59:87:76:3e:00:07:5f:c5:2d:75:7b:ab:
                    0d:0c:c8:dd:53:15:71:e8:eb:da:40:f3:26:da:f1:
                    29:13:f3:c3:e5:f7:83:2f:60:4a:b5:d4:69:a9:ef:
                    f1:cc:44:da:68:13:4d:aa:3a:ea:8a:3f:68:f5:83:
                    63:04:60:14:88:d7:aa:4b:ba:c5:fc:24:7f:35:1e:
                    2f:17:d2:10:e2:3c:e4:39:29:2b:37:e8:22:23:32:
                    e4:00:07:00:8e:47:56:68:7b:c1:af:0c:65:0a:ff:
                    9e:9e:ce:bb:cb:c0:e0:c8:b4:b4:c6:28:58:c5:04:
                    51:6b:de:30:c0:d5:b7:51:ac:77:4c:12:ef:0a:36:
                    fc:f8:65:00:00:b2:73:ae:76:c0:0b:6c:b2:1d:31:
                    92:a4:16:eb:6f:f8:fd:ef:9e:d2:ec:ee:06:22:95:
                    cd:31:ba:3f:01:0f:dc:f3:62:a8:ab:da:d5:95:9d:
                    c4:63:0d:a3:60:84:ea:d4:cc:c2:e8:dc:71:b9:c7:
                    1c:13:1f:fa:3e:cf:7a:73:9c:6a:db:83:c9:1e:6f:
                    8c:ff:e0:22:f6:3d:61:3b:de:28:60:59:84:5c:3d:
                    60:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:04:6A:D8:C5:3B:23:7F:E2:A7:6A:C9:07:F9:97:2B:5B:EC:FC:87
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/825bfb63-e691-44c3-91b1-ef9cfe07ece2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.29.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d0:02:a9:1f:32:8b:5b:ca:fd:f7:1b:78:4f:43:69:e4:2e:36:
         3a:d4:8e:cc:39:24:30:28:60:ea:fb:df:6f:ce:25:cc:3f:1c:
         9a:ef:43:d0:84:ad:6b:19:cb:25:67:32:79:a3:26:83:6d:a5:
         6d:60:52:78:3a:79:c5:e2:b5:ec:cf:ac:b9:13:3b:08:71:ae:
         22:a1:5f:ec:18:6f:34:69:b9:8d:d4:d1:71:c2:ae:fd:0e:e0:
         60:b4:ea:a7:53:5c:e2:4c:fe:8c:2d:5c:70:bc:71:21:57:4c:
         79:ad:0d:ce:bf:e3:4a:8c:64:e7:52:53:8e:3d:e7:9e:1f:33:
         87:85:9f:5d:b9:b8:8e:48:ba:84:ed:bc:6b:63:d8:b4:d6:7b:
         c8:61:d7:cf:2b:a1:b1:b8:b7:b5:af:0f:e1:17:52:a0:73:33:
         8a:e4:f0:c0:5a:39:33:4f:36:20:3c:2a:d4:29:ff:9f:cb:ff:
         19:8e:e8:65:f5:45:4b:c0:30:ed:3f:ba:5d:40:c5:80:14:5f:
         c4:44:2f:d1:2a:a1:dd:e3:67:e2:7e:82:d1:c0:10:be:95:d5:
         8c:2a:ba:a8:7c:17:c8:87:4b:85:32:12:ca:97:4e:3b:9b:55:
         60:1b:af:c8:58:11:94:d8:63:40:76:36:de:f2:5e:a3:14:7f:
         db:51:3d:0d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIURjQmmksf6VRkv1ehPpqV7AJbB54wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEzMDA1MDUwWhcNMjUxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmYjI0YjA0Njg3ODc0YjFmYTZmZGYzMTgwN2NiZmY4ZTM0
OWRkZWE1MmEwZTQwOGNiNGEzYjBmOWQyZmEzZTY2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCh+kUlgz9s4GR4koUBoS4/jlr7m5FmAAc184OEBDpyVVmH
dj4AB1/FLXV7qw0MyN1TFXHo69pA8yba8SkT88Pl94MvYEq11Gmp7/HMRNpoE02q
OuqKP2j1g2MEYBSI16pLusX8JH81Hi8X0hDiPOQ5KSs36CIjMuQABwCOR1Zoe8Gv
DGUK/56ezrvLwODItLTGKFjFBFFr3jDA1bdRrHdMEu8KNvz4ZQAAsnOudsALbLId
MZKkFutv+P3vntLs7gYilc0xuj8BD9zzYqir2tWVncRjDaNghOrUzMLo3HG5xxwT
H/o+z3pznGrbg8keb4z/4CL2PWE73ihgWYRcPWDzAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUHARq2MU7I3/ip2rJB/mXK1vs/IcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgyNWJmYjYzLWU2OTEtNDRjMy05MWIxLWVmOWNmZTA3ZWNlMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4HTANBgkqhkiG9w0BAQsFAAOCAQEA0AKpHzKLW8r99xt4T0Np5C42OtSO
zDkkMChg6vvfb84lzD8cmu9D0IStaxnLJWcyeaMmg22lbWBSeDp5xeK17M+suRM7
CHGuIqFf7BhvNGm5jdTRccKu/Q7gYLTqp1Nc4kz+jC1ccLxxIVdMea0Nzr/jSoxk
51JTjj3nnh8zh4WfXbm4jki6hO28a2PYtNZ7yGHXzyuhsbi3ta8P4RdSoHMziuTw
wFo5M082IDwq1Cn/n8v/GY7oZfVFS8Aw7T+6XUDFgBRfxEQv0Sqh3eNn4n6C0cAQ
vpXVjCq6qHwXyIdLhTISypdOO5tVYBuvyFgRlNhjQHY23vJeoxR/21E9DQ==
-----END CERTIFICATE-----