Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0eb638bc-c647-466b-800d-9bc4e9827334.roa
File:                     0eb638bc-c647-466b-800d-9bc4e9827334.roa (raw, json)
Hash identifier:          sm1KPZWRXBop3nv0UYAUjXkb3IUpUhyK7WgAqXSbe70=
Subject key identifier:   D1:0E:55:CE:80:74:52:75:70:DF:4B:CF:7A:B9:19:2F:49:C7:8B:6E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3491EC05795AB746F74B726A3940BF0E8F43D01B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0eb638bc-c647-466b-800d-9bc4e9827334.roa
Signing time:             Fri 17 Oct 2025 00:41:53 +0000
ROA not before:           Fri 17 Oct 2025 00:41:53 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        114.56.0.0/14 maxlen: 14
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:91:ec:05:79:5a:b7:46:f7:4b:72:6a:39:40:bf:0e:8f:43:d0:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 17 00:41:53 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=b259a922645c2b188dbd60826cfbc84f77985af0e9a675f09b9a1c9f7052cc3d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:90:1c:73:39:e3:6a:fe:e3:82:a1:ab:08:09:
                    47:68:90:68:ba:70:de:32:d8:20:5d:c2:6f:96:a0:
                    d2:80:0e:88:b8:b7:0a:44:59:26:24:2f:1f:fe:9f:
                    6a:89:91:09:c6:60:ad:1a:82:d2:83:e4:42:85:03:
                    74:78:91:7b:c5:b2:80:71:93:d4:2a:94:0c:bd:a7:
                    f9:b2:8b:0a:49:4b:ce:7d:f1:c5:60:45:fd:84:9b:
                    a3:a5:a9:62:d8:6b:51:d9:10:79:f4:7d:a2:02:83:
                    64:35:8b:72:00:0b:96:69:ab:f7:45:81:40:91:d5:
                    94:c4:a3:b1:ed:86:55:d4:de:a7:8a:dc:85:da:d7:
                    fd:ef:56:f9:bf:99:cf:69:52:a2:df:aa:cc:a2:a4:
                    68:b6:2f:d5:85:2d:09:8b:c0:d6:b6:1c:3f:62:43:
                    d4:62:4c:97:4d:87:8c:1b:ec:01:17:dd:b3:77:9a:
                    67:48:73:84:b6:e7:53:02:3c:53:43:6d:b4:98:39:
                    ce:e7:05:c2:e9:1e:30:51:61:cd:81:bf:cb:04:7d:
                    e1:c3:db:dd:68:7f:2e:d8:24:10:02:60:05:57:3d:
                    1d:2d:11:16:e1:8a:8d:f6:42:0d:77:0a:46:9f:0e:
                    ff:9d:58:28:c2:63:95:33:4b:b7:6c:17:01:f4:7c:
                    1a:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:0E:55:CE:80:74:52:75:70:DF:4B:CF:7A:B9:19:2F:49:C7:8B:6E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0eb638bc-c647-466b-800d-9bc4e9827334.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  114.56.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         4b:6e:a5:2c:73:02:8f:f9:4b:4a:d0:36:d2:81:1f:ce:b0:3b:
         5c:12:62:b4:80:b7:53:b2:4d:ba:df:99:27:c0:8c:37:79:2b:
         78:00:cf:ae:52:46:70:09:f8:e5:5b:42:31:55:21:da:c7:47:
         96:0d:0f:90:96:c7:b3:7c:b6:76:02:a3:81:1e:2e:57:b6:f2:
         a1:7a:d6:2a:5e:24:aa:d2:62:99:86:70:1e:ab:47:33:9e:0e:
         94:02:cc:bc:ed:de:ad:ce:32:fb:9e:c2:2c:e3:69:46:e6:ce:
         70:32:f4:50:83:b6:70:f0:5a:64:5c:52:61:76:e2:13:05:0e:
         4c:5e:e8:d0:9e:1c:02:38:d3:fb:20:6b:b7:a7:1c:35:bc:b8:
         e4:eb:7a:12:a7:11:5c:94:83:eb:42:11:2f:64:e1:22:01:1a:
         e2:1a:c5:30:51:31:5c:41:3d:c0:d0:aa:72:ec:35:72:54:22:
         99:50:71:b1:c4:e9:1b:f6:a7:3f:c6:33:97:a3:00:2e:3a:2f:
         84:9f:81:25:6d:79:f5:ae:ca:7a:d4:56:0b:e3:2d:c0:b5:53:
         d2:23:9d:8b:fc:22:93:89:bf:88:1d:7a:6b:7f:32:73:49:cc:
         54:0d:56:e1:4e:0e:57:2d:49:33:40:0f:a1:31:2a:93:c6:cc:
         06:b1:48:f7
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUNJHsBXlat0b3S3JqOUC/Do9D0BswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE3MDA0MTUzWhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiMjU5YTkyMjY0NWMyYjE4OGRiZDYwODI2Y2ZiYzg0Zjc3
OTg1YWYwZTlhNjc1ZjA5YjlhMWM5ZjcwNTJjYzNkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCOkBxzOeNq/uOCoasICUdokGi6cN4y2CBdwm+WoNKADoi4
twpEWSYkLx/+n2qJkQnGYK0agtKD5EKFA3R4kXvFsoBxk9QqlAy9p/myiwpJS859
8cVgRf2Em6OlqWLYa1HZEHn0faICg2Q1i3IAC5Zpq/dFgUCR1ZTEo7HthlXU3qeK
3IXa1/3vVvm/mc9pUqLfqsyipGi2L9WFLQmLwNa2HD9iQ9RiTJdNh4wb7AEX3bN3
mmdIc4S251MCPFNDbbSYOc7nBcLpHjBRYc2Bv8sEfeHD291ofy7YJBACYAVXPR0t
ERbhio32Qg13CkafDv+dWCjCY5UzS7dsFwH0fBrnAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU0Q5VzoB0UnVw30vPerkZL0nHi24wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBlYjYzOGJjLWM2NDctNDY2Yi04MDBkLTliYzRlOTgyNzMzNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwJyODANBgkqhkiG9w0BAQsFAAOCAQEAS26lLHMCj/lLStA20oEfzrA7XBJi
tIC3U7JNut+ZJ8CMN3kreADPrlJGcAn45VtCMVUh2sdHlg0PkJbHs3y2dgKjgR4u
V7byoXrWKl4kqtJimYZwHqtHM54OlALMvO3erc4y+57CLONpRubOcDL0UIO2cPBa
ZFxSYXbiEwUOTF7o0J4cAjjT+yBrt6ccNby45Ot6EqcRXJSD60IRL2ThIgEa4hrF
MFExXEE9wNCqcuw1clQimVBxscTpG/anP8Yzl6MALjovhJ+BJW159a7KetRWC+Mt
wLVT0iOdi/wik4m/iB16a38yc0nMVA1W4U4OVy1JM0APoTEqk8bMBrFI9w==
-----END CERTIFICATE-----