Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78dd989c-1826-4000-a1be-585b3b82efe8.roa
File:                     78dd989c-1826-4000-a1be-585b3b82efe8.roa (raw, json)
Hash identifier:          RkEYVZnKYLcokQKYberyk9Q2kC/bEiZ2xIfbxCk/qiE=
Subject key identifier:   57:F9:29:F3:A9:FF:80:3A:C0:64:99:C0:F7:07:D4:22:8E:D2:76:39
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7C5E48B77A8214491DAFD394620EFCBEEE2955CA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78dd989c-1826-4000-a1be-585b3b82efe8.roa
Signing time:             Wed 01 Oct 2025 00:39:50 +0000
ROA not before:           Wed 01 Oct 2025 00:39:50 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.48.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:5e:48:b7:7a:82:14:49:1d:af:d3:94:62:0e:fc:be:ee:29:55:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:39:50 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=fdf771d3e477279749dfc6ead3c523c760521f5a20fa49783572b63dc1ef63da, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:78:67:96:bb:9f:6e:49:71:46:6c:27:d0:ed:
                    4f:45:4f:79:25:c4:47:9b:2e:32:be:80:42:9a:09:
                    98:2a:c6:9b:f1:80:62:e4:b1:ee:7d:14:fc:23:8f:
                    0a:b8:25:15:44:23:84:44:bb:69:d5:04:ca:36:fc:
                    ed:a5:f6:fa:bb:59:77:3f:40:39:15:09:d3:dc:04:
                    35:3e:07:45:0e:6f:b9:77:80:50:ac:79:f2:66:f4:
                    a8:7e:7d:dd:77:58:cd:c2:e0:fe:18:34:0e:01:02:
                    95:e7:e2:ac:82:78:6b:b8:a3:cb:23:f3:df:e9:d8:
                    4e:64:fd:dc:24:0d:25:81:93:e8:e0:4f:10:72:7b:
                    55:1b:8e:e6:19:6b:ff:b5:38:d9:2f:82:77:26:6f:
                    64:5b:84:49:7f:79:6e:b8:dd:e3:53:0d:eb:eb:36:
                    cf:1b:fa:73:77:6e:eb:5a:37:76:90:97:72:3e:52:
                    01:5f:8d:4a:10:88:7d:a0:a7:ab:d4:77:97:4c:7c:
                    3c:92:bd:57:35:69:53:07:79:38:85:d8:17:d0:d8:
                    8a:d0:e5:d2:40:f9:99:bc:a6:fc:5d:84:7d:b5:e7:
                    93:69:6e:c1:72:24:da:0e:cc:bb:09:4c:30:6b:09:
                    be:df:4c:74:3e:f9:01:b8:b4:ae:d9:22:59:9a:79:
                    fc:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:F9:29:F3:A9:FF:80:3A:C0:64:99:C0:F7:07:D4:22:8E:D2:76:39
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78dd989c-1826-4000-a1be-585b3b82efe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.48.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         87:86:e6:d3:e1:ab:19:d9:7b:fd:7a:b7:50:15:39:8c:da:bf:
         3e:07:55:63:36:45:bc:68:96:93:dd:dd:ab:cf:c0:33:43:c2:
         35:d5:92:6e:ee:00:df:2e:d7:88:58:ba:2d:af:88:82:bb:9d:
         00:6f:80:7d:45:bc:96:52:60:13:cb:97:d8:e9:21:18:27:b8:
         cf:54:ee:29:69:c2:60:ef:cd:f1:01:79:84:72:f1:aa:8c:db:
         44:60:c3:1d:87:e0:6b:a5:7b:15:a9:4d:06:48:7c:de:3c:fa:
         6c:15:af:4a:a5:35:08:58:46:d9:68:67:27:4f:2a:d2:43:48:
         4a:ad:8a:86:87:10:ef:c0:f8:13:c7:a5:ce:f8:43:b8:f5:57:
         9f:40:97:0a:b3:d3:5a:de:4e:7c:ff:fc:62:02:1a:0f:4d:18:
         a2:f5:06:96:bd:97:a6:6d:f6:f8:ff:ac:6b:92:36:ee:69:5e:
         12:3c:77:41:a1:cf:8d:87:17:1c:eb:c5:c1:1a:d5:91:70:16:
         55:df:bc:a3:21:34:c1:3d:1d:15:f8:24:78:ec:69:c5:b0:cb:
         fc:b6:79:fd:6e:a4:09:82:4b:49:44:ea:16:61:fc:4c:81:67:
         30:7d:da:1e:ea:1d:56:6b:db:b0:bb:92:66:3a:3d:7f:1f:2a:
         f7:4b:00:7b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUfF5It3qCFEkdr9OUYg78vu4pVcowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDAzOTUwWhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZGY3NzFkM2U0NzcyNzk3NDlkZmM2ZWFkM2M1MjNjNzYw
NTIxZjVhMjBmYTQ5NzgzNTcyYjYzZGMxZWY2M2RhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8eGeWu59uSXFGbCfQ7U9FT3klxEebLjK+gEKaCZgqxpvx
gGLkse59FPwjjwq4JRVEI4REu2nVBMo2/O2l9vq7WXc/QDkVCdPcBDU+B0UOb7l3
gFCsefJm9Kh+fd13WM3C4P4YNA4BApXn4qyCeGu4o8sj89/p2E5k/dwkDSWBk+jg
TxBye1UbjuYZa/+1ONkvgncmb2RbhEl/eW643eNTDevrNs8b+nN3butaN3aQl3I+
UgFfjUoQiH2gp6vUd5dMfDySvVc1aVMHeTiF2BfQ2IrQ5dJA+Zm8pvxdhH2155Np
bsFyJNoOzLsJTDBrCb7fTHQ++QG4tK7ZIlmaefzlAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUV/kp86n/gDrAZJnA9wfUIo7SdjkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc4ZGQ5ODljLTE4MjYtNDAwMC1hMWJlLTU4NWIzYjgyZWZlOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4MDANBgkqhkiG9w0BAQsFAAOCAQEAh4bm0+GrGdl7/Xq3UBU5jNq/PgdV
YzZFvGiWk93dq8/AM0PCNdWSbu4A3y7XiFi6La+IgrudAG+AfUW8llJgE8uX2Okh
GCe4z1TuKWnCYO/N8QF5hHLxqozbRGDDHYfga6V7FalNBkh83jz6bBWvSqU1CFhG
2WhnJ08q0kNISq2KhocQ78D4E8elzvhDuPVXn0CXCrPTWt5OfP/8YgIaD00YovUG
lr2Xpm32+P+sa5I27mleEjx3QaHPjYcXHOvFwRrVkXAWVd+8oyE0wT0dFfgkeOxp
xbDL/LZ5/W6kCYJLSUTqFmH8TIFnMH3aHuodVmvbsLuSZjo9fx8q90sAew==
-----END CERTIFICATE-----