Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef414d28-7d98-4c41-931b-d7958ded262d.roa
File:                     ef414d28-7d98-4c41-931b-d7958ded262d.roa (raw, json)
Hash identifier:          cgfKVM3akPN/rc1G0Pe3yUGw8Y3Tz6R8W2icLoSW8F4=
Subject key identifier:   A2:A5:56:F5:1F:FD:E4:08:0B:54:4D:FA:3A:71:C7:AC:63:51:71:C5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       18E1A3DCEB9A97E3E25585FAD306DE75BE7C0BE7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef414d28-7d98-4c41-931b-d7958ded262d.roa
Signing time:             Sun 16 Nov 2025 00:30:13 +0000
ROA not before:           Sun 16 Nov 2025 00:30:13 +0000
ROA not after:            Sun 21 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        57.89.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:e1:a3:dc:eb:9a:97:e3:e2:55:85:fa:d3:06:de:75:be:7c:0b:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 16 00:30:13 2025 GMT
            Not After : Dec 21 23:59:59 2025 GMT
        Subject: serialNumber=95d1ffcb30f8bc2241413479fd544150c0f9ab82f07fb20908572cee76d650d5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:dd:dd:ef:04:39:b8:b3:20:19:3d:9b:83:69:
                    df:f4:c5:7b:64:09:28:0b:75:aa:da:b7:7b:3f:f8:
                    4a:bc:f7:f0:dd:1f:bf:eb:2e:a0:42:db:ea:ce:69:
                    22:1b:6f:cc:79:13:58:71:b6:fc:aa:0b:50:43:2a:
                    fb:25:d5:c1:9a:7b:a3:16:da:2d:db:2d:18:0d:ee:
                    8b:5d:98:0b:21:4d:cb:24:7a:a2:e7:8d:07:d5:d5:
                    e8:ef:b7:34:a8:05:21:dd:50:73:01:1f:68:5b:b6:
                    97:4c:0d:e1:b8:6a:40:61:24:9c:f6:cf:ac:62:86:
                    76:13:1e:8a:02:17:5e:6b:71:5d:a8:08:36:58:27:
                    e5:38:c5:1b:ae:ab:11:c3:44:35:bb:a0:fa:3d:47:
                    7b:e1:d1:55:fa:fe:d6:81:45:85:a5:15:4b:80:39:
                    3b:b0:ef:b7:94:55:59:b0:40:cc:90:6a:2f:f8:b9:
                    51:71:f5:21:0d:a2:cf:b8:79:af:d1:22:b1:ed:90:
                    1c:89:97:61:08:51:6c:81:fe:ed:0b:0a:b8:dd:d9:
                    47:87:ad:8b:63:cc:d9:9a:00:63:b3:99:37:60:a6:
                    d7:8d:32:3b:28:41:75:60:0e:dd:0e:93:b5:12:23:
                    f5:25:77:b9:6e:e4:c0:07:82:cb:de:44:da:86:7f:
                    23:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:A5:56:F5:1F:FD:E4:08:0B:54:4D:FA:3A:71:C7:AC:63:51:71:C5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef414d28-7d98-4c41-931b-d7958ded262d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.89.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5a:0c:a1:1d:31:66:15:75:b9:19:c1:62:1a:5c:d2:17:e4:da:
         d7:24:3f:1f:35:3e:b4:60:8e:04:47:8b:e6:3d:14:fe:e3:29:
         16:9c:19:38:b6:10:51:5c:34:da:2f:53:44:15:32:ca:3a:be:
         bf:0c:72:b4:54:0c:ef:07:b2:1a:3c:e0:58:19:25:ec:c7:07:
         58:7c:5b:a4:9a:ea:f1:96:de:70:cb:66:8f:63:92:6a:6b:ec:
         b8:b8:9f:e1:2b:44:b5:7e:0f:70:b9:07:55:92:c7:a6:b9:f2:
         73:e1:95:0d:c8:c4:a9:57:64:82:0c:3a:48:3e:d1:8e:cc:75:
         94:08:2a:20:0c:40:01:11:7b:49:3e:a3:87:58:0c:0d:ab:c1:
         3e:6e:5b:4c:92:df:db:91:d8:9c:8b:19:ff:fb:78:a9:a5:c6:
         82:76:d3:51:da:62:85:0c:e9:c1:b8:68:ac:22:cc:cc:7f:31:
         05:d5:f6:ee:6a:29:81:57:e7:db:dd:23:c8:b9:ef:90:23:56:
         ff:98:a6:00:39:fa:3c:44:d1:d7:7b:9c:26:75:05:78:61:1c:
         c1:9d:49:69:95:57:1d:58:c3:b9:d3:ad:c2:d7:e9:8c:b1:6e:
         52:41:d1:90:10:4f:0a:5d:58:0f:57:e1:b0:c8:87:53:f7:f7:
         0b:73:9a:ee
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUGOGj3Oual+PiVYX60wbedb58C+cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE2MDAzMDEzWhcNMjUxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NWQxZmZjYjMwZjhiYzIyNDE0MTM0NzlmZDU0NDE1MGMw
ZjlhYjgyZjA3ZmIyMDkwODU3MmNlZTc2ZDY1MGQ1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCo3d3vBDm4syAZPZuDad/0xXtkCSgLdarat3s/+Eq89/Dd
H7/rLqBC2+rOaSIbb8x5E1hxtvyqC1BDKvsl1cGae6MW2i3bLRgN7otdmAshTcsk
eqLnjQfV1ejvtzSoBSHdUHMBH2hbtpdMDeG4akBhJJz2z6xihnYTHooCF15rcV2o
CDZYJ+U4xRuuqxHDRDW7oPo9R3vh0VX6/taBRYWlFUuAOTuw77eUVVmwQMyQai/4
uVFx9SENos+4ea/RIrHtkByJl2EIUWyB/u0LCrjd2UeHrYtjzNmaAGOzmTdgpteN
MjsoQXVgDt0Ok7USI/Uld7lu5MAHgsveRNqGfyPtAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUoqVW9R/95AgLVE36OnHHrGNRccUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VmNDE0ZDI4LTdkOTgtNGM0MS05MzFiLWQ3OTU4ZGVkMjYyZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA5WTANBgkqhkiG9w0BAQsFAAOCAQEAWgyhHTFmFXW5GcFiGlzSF+Ta1yQ/
HzU+tGCOBEeL5j0U/uMpFpwZOLYQUVw02i9TRBUyyjq+vwxytFQM7weyGjzgWBkl
7McHWHxbpJrq8ZbecMtmj2OSamvsuLif4StEtX4PcLkHVZLHprnyc+GVDcjEqVdk
ggw6SD7Rjsx1lAgqIAxAARF7ST6jh1gMDavBPm5bTJLf25HYnIsZ//t4qaXGgnbT
UdpihQzpwbhorCLMzH8xBdX27mopgVfn290jyLnvkCNW/5imADn6PETR13ucJnUF
eGEcwZ1JaZVXHVjDudOtwtfpjLFuUkHRkBBPCl1YD1fhsMiHU/f3C3Oa7g==
-----END CERTIFICATE-----