Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/910b5e0f-d7de-4ca4-984f-9f46c030e4bb.roa
File:                     910b5e0f-d7de-4ca4-984f-9f46c030e4bb.roa (raw, json)
Hash identifier:          85rUnCJmnjO+ZdlWTgn0LAY0+7gNtsiIudd9R5ua2yU=
Subject key identifier:   B0:58:72:AA:64:AB:D4:EC:36:5F:5E:85:DD:27:1D:51:BD:DD:B8:A4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       108545AB6059A85DCB9EB231EDF2A771AEBE6170
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/910b5e0f-d7de-4ca4-984f-9f46c030e4bb.roa
Signing time:             Thu 13 Nov 2025 01:00:56 +0000
ROA not before:           Thu 13 Nov 2025 01:00:56 +0000
ROA not after:            Thu 18 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.202.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:85:45:ab:60:59:a8:5d:cb:9e:b2:31:ed:f2:a7:71:ae:be:61:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 13 01:00:56 2025 GMT
            Not After : Dec 18 23:59:59 2025 GMT
        Subject: serialNumber=8bbd93d530203704270f5ce18fa067e886ff945ffdad7b6089e5b15ec91a6f02, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:10:b6:6a:64:10:ea:bc:4d:e7:1f:fd:57:0a:
                    9b:c4:11:4c:66:eb:3c:43:72:7e:b7:e9:40:a8:92:
                    7a:8e:ed:20:c9:30:b6:b4:16:54:b5:ff:b6:69:fd:
                    32:33:63:fb:4a:53:14:fb:9d:52:c3:9e:ce:bb:da:
                    ad:c3:03:81:1f:1e:3d:a1:8a:10:b9:de:54:26:6c:
                    9a:b7:3b:20:71:dc:c9:51:08:c8:b7:63:16:c7:22:
                    6c:56:c5:bf:3a:17:e4:65:c5:5f:50:ad:23:a5:d0:
                    45:1e:13:b3:55:74:83:b9:4a:de:55:25:4f:90:56:
                    6b:a9:1c:36:c7:e4:1b:a4:fd:64:f3:8b:e8:b3:2e:
                    a4:05:83:b9:de:08:26:8f:dc:9d:47:e0:04:d3:ca:
                    0e:d7:2d:98:a4:7c:6b:4f:5a:15:20:e0:68:83:48:
                    ce:a4:99:50:da:22:94:49:fa:6e:b2:c3:2c:1f:fd:
                    2a:43:46:5e:3a:0c:56:3c:74:80:71:a8:f7:d9:f4:
                    66:f0:7b:b6:a8:f0:33:b8:2e:5a:b3:03:63:70:1e:
                    b9:3a:59:99:84:89:a8:db:f8:a2:32:9c:9d:4f:51:
                    e7:59:86:d2:f8:64:34:dc:c1:c3:6c:ba:05:82:73:
                    2f:a7:7a:12:7c:86:7b:60:73:38:29:42:c0:9c:2c:
                    a3:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:58:72:AA:64:AB:D4:EC:36:5F:5E:85:DD:27:1D:51:BD:DD:B8:A4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/910b5e0f-d7de-4ca4-984f-9f46c030e4bb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.202.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         19:e3:0e:2f:de:4a:b6:c9:6a:46:2f:1c:42:0f:69:75:84:f6:
         96:13:cc:d6:aa:bd:28:64:4f:24:54:86:dd:76:2c:32:5f:dd:
         57:a0:15:f9:e3:e1:99:c5:aa:b8:32:39:f3:e0:9b:7e:49:6d:
         2b:5f:31:7f:9d:51:6c:a7:71:ff:89:8b:bb:d3:eb:9c:8e:62:
         14:0f:2b:e3:81:d1:e8:11:53:e6:19:80:87:a4:e1:ad:19:f6:
         9e:4d:81:64:7d:bf:2e:dd:80:a8:15:d6:fc:68:3f:e2:d7:04:
         fc:f0:1a:3d:25:39:74:f5:ac:de:db:93:b4:8f:af:92:f8:02:
         7c:29:68:f2:97:ca:fa:09:2f:c9:be:52:b2:28:da:7d:8a:4f:
         29:5d:7e:24:e1:f2:d1:d7:af:1a:3d:56:49:b2:ad:27:56:a6:
         85:bf:12:18:30:94:b3:07:20:c5:f5:c8:f4:e2:23:a4:1c:f4:
         4e:f5:39:3f:4d:29:17:53:c7:f3:ad:b6:35:bd:39:3b:6b:1c:
         28:86:95:b7:e4:5a:dc:ee:75:9b:47:a1:f6:d6:95:5e:aa:df:
         95:a6:6c:86:92:fe:6e:5f:23:70:f5:c9:30:65:6e:9b:bc:6e:
         af:df:d3:6a:96:ef:c6:00:9a:16:ec:c6:c3:d2:53:7d:fc:b6:
         ef:e7:69:c5
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUEIVFq2BZqF3LnrIx7fKnca6+YXAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEzMDEwMDU2WhcNMjUxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YmJkOTNkNTMwMjAzNzA0MjcwZjVjZTE4ZmEwNjdlODg2
ZmY5NDVmZmRhZDdiNjA4OWU1YjE1ZWM5MWE2ZjAyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnELZqZBDqvE3nH/1XCpvEEUxm6zxDcn636UCoknqO7SDJ
MLa0FlS1/7Zp/TIzY/tKUxT7nVLDns672q3DA4EfHj2hihC53lQmbJq3OyBx3MlR
CMi3YxbHImxWxb86F+RlxV9QrSOl0EUeE7NVdIO5St5VJU+QVmupHDbH5Buk/WTz
i+izLqQFg7neCCaP3J1H4ATTyg7XLZikfGtPWhUg4GiDSM6kmVDaIpRJ+m6ywywf
/SpDRl46DFY8dIBxqPfZ9Gbwe7ao8DO4LlqzA2NwHrk6WZmEiajb+KIynJ1PUedZ
htL4ZDTcwcNsugWCcy+nehJ8hntgczgpQsCcLKPTAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUsFhyqmSr1Ow2X16F3ScdUb3duKQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzkxMGI1ZTBmLWQ3ZGUtNGNhNC05ODRmLTlmNDZjMDMwZTRiYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4yjANBgkqhkiG9w0BAQsFAAOCAQEAGeMOL95KtslqRi8cQg9pdYT2lhPM
1qq9KGRPJFSG3XYsMl/dV6AV+ePhmcWquDI58+CbfkltK18xf51RbKdx/4mLu9Pr
nI5iFA8r44HR6BFT5hmAh6ThrRn2nk2BZH2/Lt2AqBXW/Gg/4tcE/PAaPSU5dPWs
3tuTtI+vkvgCfClo8pfK+gkvyb5SsijafYpPKV1+JOHy0devGj1WSbKtJ1amhb8S
GDCUswcgxfXI9OIjpBz0TvU5P00pF1PH8622Nb05O2scKIaVt+Ra3O51m0eh9taV
XqrflaZshpL+bl8jcPXJMGVum7xur9/TapbvxgCaFuzGw9JTffy27+dpxQ==
-----END CERTIFICATE-----