Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0289d084-7f33-4bbc-baa0-e777f631c75e.roa
File:                     0289d084-7f33-4bbc-baa0-e777f631c75e.roa (raw, json)
Hash identifier:          NbP4J5f/tWXzyFZlg4LfiEw/j0uZlOdhF63MNG3SOvI=
Subject key identifier:   FF:87:28:47:42:16:E5:C3:1E:11:27:31:36:A9:7C:04:48:E1:6E:2A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6D6BC8C76762C19C998D71C98AAA843EF265705C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0289d084-7f33-4bbc-baa0-e777f631c75e.roa
Signing time:             Wed 08 Oct 2025 00:22:11 +0000
ROA not before:           Wed 08 Oct 2025 00:22:11 +0000
ROA not after:            Wed 12 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.9.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:6b:c8:c7:67:62:c1:9c:99:8d:71:c9:8a:aa:84:3e:f2:65:70:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  8 00:22:11 2025 GMT
            Not After : Nov 12 23:59:59 2025 GMT
        Subject: serialNumber=aa1f818acb2161f08dae5bfb37893b69f1073594182a6cea8ac95c689c9a2058, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:a4:cd:22:fc:b4:37:d1:19:27:8c:af:c7:bc:
                    35:b8:0b:c5:c0:35:91:02:eb:0e:6e:ef:32:d2:8d:
                    93:b5:9e:42:0e:1f:bc:90:92:9d:4b:72:27:3c:82:
                    1d:bc:3d:26:92:14:9b:eb:3b:3e:39:aa:cb:cd:a7:
                    23:4a:db:61:de:1f:16:9d:6f:83:ee:e6:fa:02:83:
                    07:9e:da:f4:2b:b0:ca:cc:f8:bd:02:2d:88:c7:06:
                    a8:75:1a:be:81:be:b0:85:b0:fe:d4:55:44:c4:1f:
                    91:df:e0:1b:3f:01:50:a9:c1:81:95:1c:c2:c5:9d:
                    2d:64:b0:69:0e:f8:cf:36:f3:6a:f6:11:75:e3:94:
                    27:d7:e7:55:17:cd:2e:ae:ae:82:d1:62:b0:80:bf:
                    46:7a:be:ba:40:23:a2:10:01:68:c9:41:dd:79:1b:
                    b3:ad:a6:5e:49:73:ce:3f:08:2e:db:13:5c:71:14:
                    08:1c:79:b3:52:e6:13:f7:7c:cf:67:aa:f3:0a:01:
                    75:40:35:8a:8b:86:df:74:bc:e4:6f:2b:e2:08:ae:
                    85:8a:e6:7c:ac:f5:cf:99:00:b9:3a:82:40:ba:aa:
                    20:67:f7:0b:a8:61:f9:8f:fc:36:66:f1:48:a4:78:
                    b7:17:66:cc:63:ea:f0:87:a8:2f:d1:3a:40:37:e8:
                    fd:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:87:28:47:42:16:E5:C3:1E:11:27:31:36:A9:7C:04:48:E1:6E:2A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0289d084-7f33-4bbc-baa0-e777f631c75e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.9.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         35:8b:87:f0:db:cf:05:64:47:a7:c3:3b:c8:1f:4c:4b:84:91:
         4a:7f:b5:77:f9:5a:4f:6c:63:ee:70:1a:ec:3d:77:20:b1:92:
         0d:4a:99:47:69:63:c9:df:5d:46:fd:e8:64:46:7e:d5:b6:4c:
         85:9c:61:19:af:e3:9a:2a:fc:55:6c:59:5e:78:19:47:cd:a9:
         88:16:e1:43:77:1b:1d:2d:60:9d:68:19:3d:51:82:67:ce:ad:
         4c:ba:ae:64:12:ec:2d:42:4b:f2:2c:22:b3:13:68:ff:ed:77:
         89:10:7c:2a:cf:ab:5b:cd:37:41:ab:6a:8a:b7:04:f8:53:69:
         54:5c:52:0d:45:d5:90:22:21:04:62:15:85:5a:c0:11:a5:f2:
         6b:c5:97:35:e3:ce:8a:7f:f3:f3:42:5f:97:17:f2:18:d8:e5:
         3e:59:4a:34:83:4e:97:d1:7c:2a:c9:e7:58:22:ed:bb:28:b0:
         b2:72:c8:9e:88:cd:f0:ef:df:93:f2:13:69:98:61:85:ac:6e:
         fa:17:11:e7:2c:cd:de:48:db:0e:85:67:62:ca:72:1f:9a:6c:
         8f:00:b5:91:fb:d4:d3:b2:a7:b2:40:31:4b:e2:c6:2d:a7:95:
         af:b0:4a:e8:54:21:4f:f5:14:75:50:85:e6:da:48:38:cc:9b:
         a3:97:f6:31
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbWvIx2diwZyZjXHJiqqEPvJlcFwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA4MDAyMjExWhcNMjUxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhYTFmODE4YWNiMjE2MWYwOGRhZTViZmIzNzg5M2I2OWYx
MDczNTk0MTgyYTZjZWE4YWM5NWM2ODljOWEyMDU4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDkpM0i/LQ30RknjK/HvDW4C8XANZEC6w5u7zLSjZO1nkIO
H7yQkp1Lcic8gh28PSaSFJvrOz45qsvNpyNK22HeHxadb4Pu5voCgwee2vQrsMrM
+L0CLYjHBqh1Gr6BvrCFsP7UVUTEH5Hf4Bs/AVCpwYGVHMLFnS1ksGkO+M8282r2
EXXjlCfX51UXzS6uroLRYrCAv0Z6vrpAI6IQAWjJQd15G7Otpl5Jc84/CC7bE1xx
FAgcebNS5hP3fM9nqvMKAXVANYqLht90vORvK+IIroWK5nys9c+ZALk6gkC6qiBn
9wuoYfmP/DZm8UikeLcXZsxj6vCHqC/ROkA36P1XAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU/4coR0IW5cMeEScxNql8BEjhbiowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAyODlkMDg0LTdmMzMtNGJiYy1iYWEwLWU3NzdmNjMxYzc1ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4CTANBgkqhkiG9w0BAQsFAAOCAQEANYuH8NvPBWRHp8M7yB9MS4SRSn+1
d/laT2xj7nAa7D13ILGSDUqZR2ljyd9dRv3oZEZ+1bZMhZxhGa/jmir8VWxZXngZ
R82piBbhQ3cbHS1gnWgZPVGCZ86tTLquZBLsLUJL8iwisxNo/+13iRB8Ks+rW803
QatqircE+FNpVFxSDUXVkCIhBGIVhVrAEaXya8WXNePOin/z80JflxfyGNjlPllK
NINOl9F8KsnnWCLtuyiwsnLInojN8O/fk/ITaZhhhaxu+hcR5yzN3kjbDoVnYspy
H5psjwC1kfvU07KnskAxS+LGLaeVr7BK6FQhT/UUdVCF5tpIOMybo5f2MQ==
-----END CERTIFICATE-----