Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c29393c0-6f80-476e-b89a-346f05d1f7e4.roa
File:                     c29393c0-6f80-476e-b89a-346f05d1f7e4.roa (raw, json)
Hash identifier:          5tlV9mcg51MNN+XXHujjMuqm+ZRImQEQ2345WAK9Ikk=
Subject key identifier:   E2:DF:E9:0D:1D:73:7C:9F:92:24:49:23:E2:0C:D5:71:77:FF:4A:AD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4A5532C52673F7245D156E593851947C741C4661
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c29393c0-6f80-476e-b89a-346f05d1f7e4.roa
Signing time:             Thu 13 Nov 2025 00:31:18 +0000
ROA not before:           Thu 13 Nov 2025 00:31:18 +0000
ROA not after:            Thu 18 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.171.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:55:32:c5:26:73:f7:24:5d:15:6e:59:38:51:94:7c:74:1c:46:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 13 00:31:18 2025 GMT
            Not After : Dec 18 23:59:59 2025 GMT
        Subject: serialNumber=de495eb7e0c5e6124e8ede1a03f04acb3d28053b87b3f11a7cd6bf31bc20faba, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:d7:a0:cf:53:8b:16:2c:70:61:6f:58:90:37:
                    d8:44:5f:cd:4f:b0:c2:86:93:34:8e:bc:2d:39:b8:
                    7b:38:bb:b1:1f:bb:40:5f:66:55:7f:1d:c6:af:87:
                    2d:58:2a:a8:53:13:0c:0c:c5:bb:62:9d:dd:81:0f:
                    9b:7a:0d:8a:c5:b8:0e:f4:0d:89:7d:56:a6:bb:87:
                    24:d6:c8:e5:8e:78:c7:34:53:ae:08:fd:84:c3:51:
                    52:6c:0f:ca:a1:b6:c1:78:8b:74:56:38:f7:0e:07:
                    9e:b8:1f:ae:c8:65:57:6e:4d:00:46:58:81:ff:ac:
                    13:c6:74:b8:d1:53:4c:6f:08:99:cf:3e:0d:ba:92:
                    f6:59:20:66:51:6f:f9:6c:94:b0:30:5c:40:8b:a3:
                    a6:3d:f7:65:20:62:f7:60:40:5f:e0:e5:32:00:7c:
                    8b:5d:f4:61:bd:8f:99:11:e2:58:b4:18:d5:a2:0f:
                    6e:8a:23:84:14:1d:6b:27:40:2c:21:c9:fd:8d:d9:
                    5b:36:b0:8a:a5:0f:9c:d6:55:87:ad:7d:99:79:13:
                    ce:1e:94:d2:2d:62:9d:ab:d7:63:ee:f8:fa:c7:f9:
                    6b:f2:9a:77:14:fb:67:6b:75:fb:fd:6f:f4:dd:6e:
                    fa:d1:a0:3d:cf:f1:e2:18:e2:d7:8f:80:61:3a:28:
                    7e:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:DF:E9:0D:1D:73:7C:9F:92:24:49:23:E2:0C:D5:71:77:FF:4A:AD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c29393c0-6f80-476e-b89a-346f05d1f7e4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.171.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         23:76:c9:30:be:e7:3b:31:ff:8e:1d:a0:4c:7b:3c:e7:95:ca:
         7d:4b:5c:d8:b9:fa:04:6f:f8:d5:4e:35:fd:f1:0f:46:45:b1:
         3d:41:fb:3f:15:57:fd:6d:67:06:8e:03:0e:2f:2d:77:9d:59:
         0f:ed:ae:51:c7:f0:d1:5c:0c:cb:d4:29:7f:00:03:16:5f:72:
         39:fb:ef:8b:27:eb:28:0f:f2:c1:0c:42:44:16:4a:26:f1:13:
         91:fb:85:8b:03:a4:16:3a:c3:0f:f1:6a:3f:fe:2e:b1:f6:72:
         c5:4d:ed:2e:40:e5:2e:af:ea:67:00:fd:ce:b3:45:e2:c9:9f:
         34:8c:54:76:44:f3:3d:17:14:09:c6:6d:fa:d6:79:ea:b8:1d:
         1c:8e:70:fe:f7:a4:11:ba:5b:16:b5:79:a0:85:7d:53:2b:69:
         72:fe:bc:73:74:28:e9:6c:83:ca:3c:d0:72:23:c4:d4:66:d2:
         6f:19:a0:fc:47:39:b2:5b:c4:61:74:6d:c4:f8:80:31:c4:9b:
         7c:77:d4:65:7d:c8:23:83:f3:97:4b:f0:ce:ac:8f:a4:8e:e6:
         58:5a:3d:3c:04:06:d1:61:c0:d9:2b:4c:a4:a7:3b:03:0f:bc:
         5a:a3:6c:4a:83:6b:e9:45:2d:b8:df:98:cf:a7:c4:f2:9e:c5:
         b3:f3:ba:7f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUSlUyxSZz9yRdFW5ZOFGUfHQcRmEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEzMDAzMTE4WhcNMjUxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZTQ5NWViN2UwYzVlNjEyNGU4ZWRlMWEwM2YwNGFjYjNk
MjgwNTNiODdiM2YxMWE3Y2Q2YmYzMWJjMjBmYWJhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJ16DPU4sWLHBhb1iQN9hEX81PsMKGkzSOvC05uHs4u7Ef
u0BfZlV/Hcavhy1YKqhTEwwMxbtind2BD5t6DYrFuA70DYl9Vqa7hyTWyOWOeMc0
U64I/YTDUVJsD8qhtsF4i3RWOPcOB564H67IZVduTQBGWIH/rBPGdLjRU0xvCJnP
Pg26kvZZIGZRb/lslLAwXECLo6Y992UgYvdgQF/g5TIAfItd9GG9j5kR4li0GNWi
D26KI4QUHWsnQCwhyf2N2Vs2sIqlD5zWVYetfZl5E84elNItYp2r12Pu+PrH+Wvy
mncU+2drdfv9b/TdbvrRoD3P8eIY4tePgGE6KH7VAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU4t/pDR1zfJ+SJEkj4gzVcXf/Sq0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MyOTM5M2MwLTZmODAtNDc2ZS1iODlhLTM0NmYwNWQxZjdlNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4qzANBgkqhkiG9w0BAQsFAAOCAQEAI3bJML7nOzH/jh2gTHs855XKfUtc
2Ln6BG/41U41/fEPRkWxPUH7PxVX/W1nBo4DDi8td51ZD+2uUcfw0VwMy9QpfwAD
Fl9yOfvviyfrKA/ywQxCRBZKJvETkfuFiwOkFjrDD/FqP/4usfZyxU3tLkDlLq/q
ZwD9zrNF4smfNIxUdkTzPRcUCcZt+tZ56rgdHI5w/vekEbpbFrV5oIV9Uytpcv68
c3Qo6WyDyjzQciPE1GbSbxmg/Ec5slvEYXRtxPiAMcSbfHfUZX3II4Pzl0vwzqyP
pI7mWFo9PAQG0WHA2StMpKc7Aw+8WqNsSoNr6UUtuN+Yz6fE8p7Fs/O6fw==
-----END CERTIFICATE-----