Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cd040691-6f04-4613-a81f-f5417500cc0b.roa
File:                     cd040691-6f04-4613-a81f-f5417500cc0b.roa (raw, json)
Hash identifier:          XwW92SfcuLByTOdCycw7ltL4x4qE+Fjx4ye2TBQLiwI=
Subject key identifier:   72:8F:B9:7A:03:37:08:4B:C6:96:2B:42:48:58:1F:51:7B:2C:B2:28
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       797D9FBE9D8CB2F6D652E68862676A3F97C34CAE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cd040691-6f04-4613-a81f-f5417500cc0b.roa
Signing time:             Wed 12 Nov 2025 02:11:20 +0000
ROA not before:           Wed 12 Nov 2025 02:11:20 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.128.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:7d:9f:be:9d:8c:b2:f6:d6:52:e6:88:62:67:6a:3f:97:c3:4c:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 02:11:20 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=18740a99b9b34185b724645672ec7b40770ca7876ec3f46e5aee558916b34c6b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:b6:a3:70:95:ba:77:86:11:d8:0e:24:34:ca:
                    51:1b:60:e3:f8:18:ff:3f:9e:0d:9a:3b:88:11:05:
                    3c:8b:a1:1b:b1:fd:e9:03:ca:78:79:24:4b:66:bc:
                    da:de:78:33:4c:5b:2e:3a:65:c7:77:e0:17:d9:62:
                    c4:ac:ae:9a:8d:19:e2:c1:21:0b:6b:cc:05:cf:a3:
                    29:3f:6d:f4:f3:7b:d4:ad:5f:ab:1b:fd:37:a9:85:
                    f6:6d:8a:31:f9:c5:2d:aa:9c:93:cd:90:89:45:41:
                    eb:f3:5e:ee:7a:19:e2:87:ec:25:7e:2a:c4:46:f5:
                    d9:2e:93:50:7a:87:3a:22:ad:0a:5e:78:e0:4f:77:
                    d6:fb:26:28:9e:18:39:24:9b:d4:33:6f:f6:cd:3c:
                    e2:5d:21:c7:9d:47:3a:9c:61:e1:a3:f2:c3:66:c1:
                    7f:68:20:ec:85:cd:c6:6c:13:7a:b9:2b:d3:65:5f:
                    de:b3:02:af:9f:fc:a7:dd:10:7c:53:6a:98:b2:71:
                    33:bf:4a:81:f7:f3:f6:85:b0:ac:c5:0d:24:ca:8a:
                    92:8c:ea:5e:1c:9f:39:ee:3c:c6:cd:23:af:ac:af:
                    b4:b6:23:60:76:c9:a8:4e:ff:49:c1:61:1f:e1:46:
                    97:1c:76:10:81:a3:6d:15:89:e1:72:e3:c5:49:84:
                    1d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:8F:B9:7A:03:37:08:4B:C6:96:2B:42:48:58:1F:51:7B:2C:B2:28
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cd040691-6f04-4613-a81f-f5417500cc0b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.128.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         54:fb:a3:b4:d8:c0:5d:ce:fd:91:59:eb:40:89:47:1d:a7:f2:
         40:4b:c7:91:bf:5e:77:d4:a0:3b:52:cd:f1:a7:b1:0f:45:23:
         37:b8:69:db:d4:40:c5:26:44:44:cc:01:d8:42:86:4b:c0:96:
         1a:f9:cb:f3:ad:0c:30:15:97:31:a2:28:3b:4e:03:17:94:03:
         f2:27:05:3b:83:2d:3b:89:46:15:6c:23:ff:8f:8f:45:36:1d:
         9b:8c:99:31:71:25:b1:21:a1:b0:db:32:bf:bb:87:b2:a7:4e:
         df:df:fb:10:03:9e:95:75:68:60:a0:14:e0:be:7b:c2:8e:bf:
         53:80:e5:33:ce:4e:ca:e4:fb:6f:7f:30:f1:e0:47:ea:33:11:
         21:96:c6:77:44:2f:db:6b:1d:7c:9f:70:6b:88:95:6a:b4:bd:
         79:cc:51:28:02:2e:33:6a:b9:70:02:20:4f:b0:fe:52:e9:4d:
         50:bf:a8:f2:27:9c:31:91:f1:a0:e0:f7:a5:ef:1b:8a:f6:c7:
         60:d9:7c:bb:0f:7a:52:23:1e:5f:b2:ca:9d:e6:8f:f3:85:f2:
         e8:fe:1f:46:78:c3:e9:84:d5:6a:62:8f:88:b3:a3:73:53:3b:
         6d:92:f7:36:c6:10:c7:74:12:32:21:5d:61:b7:11:dc:89:7a:
         d7:eb:96:79
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUeX2fvp2MsvbWUuaIYmdqP5fDTK4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDIxMTIwWhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxODc0MGE5OWI5YjM0MTg1YjcyNDY0NTY3MmVjN2I0MDc3
MGNhNzg3NmVjM2Y0NmU1YWVlNTU4OTE2YjM0YzZiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUtqNwlbp3hhHYDiQ0ylEbYOP4GP8/ng2aO4gRBTyLoRux
/ekDynh5JEtmvNreeDNMWy46Zcd34BfZYsSsrpqNGeLBIQtrzAXPoyk/bfTze9St
X6sb/TephfZtijH5xS2qnJPNkIlFQevzXu56GeKH7CV+KsRG9dkuk1B6hzoirQpe
eOBPd9b7JiieGDkkm9Qzb/bNPOJdIcedRzqcYeGj8sNmwX9oIOyFzcZsE3q5K9Nl
X96zAq+f/KfdEHxTapiycTO/SoH38/aFsKzFDSTKipKM6l4cnznuPMbNI6+sr7S2
I2B2yahO/0nBYR/hRpccdhCBo20VieFy48VJhB2BAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUco+5egM3CEvGlitCSFgfUXsssigwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NkMDQwNjkxLTZmMDQtNDYxMy1hODFmLWY1NDE3NTAwY2MwYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4gDANBgkqhkiG9w0BAQsFAAOCAQEAVPujtNjAXc79kVnrQIlHHafyQEvH
kb9ed9SgO1LN8aexD0UjN7hp29RAxSZERMwB2EKGS8CWGvnL860MMBWXMaIoO04D
F5QD8icFO4MtO4lGFWwj/4+PRTYdm4yZMXElsSGhsNsyv7uHsqdO39/7EAOelXVo
YKAU4L57wo6/U4DlM85OyuT7b38w8eBH6jMRIZbGd0Qv22sdfJ9wa4iVarS9ecxR
KAIuM2q5cAIgT7D+UulNUL+o8iecMZHxoOD3pe8bivbHYNl8uw96UiMeX7LKneaP
84Xy6P4fRnjD6YTVamKPiLOjc1M7bZL3NsYQx3QSMiFdYbcR3Il61+uWeQ==
-----END CERTIFICATE-----