Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/22c9a730-4525-4f9f-9737-1126e2e464db.roa
File:                     22c9a730-4525-4f9f-9737-1126e2e464db.roa (raw, json)
Hash identifier:          uzubDGmeIXzXMiwyOG1nCa3CKcXgPIs1OOSgFzhn4m8=
Subject key identifier:   08:98:AE:2F:96:70:94:6A:6D:CB:A4:72:ED:D6:63:C5:39:AB:A7:B1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       37FD2C9AA7CFE24B632B6D861AECB6544BB828DB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/22c9a730-4525-4f9f-9737-1126e2e464db.roa
Signing time:             Tue 07 Oct 2025 00:51:53 +0000
ROA not before:           Tue 07 Oct 2025 00:51:53 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.151.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:fd:2c:9a:a7:cf:e2:4b:63:2b:6d:86:1a:ec:b6:54:4b:b8:28:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:51:53 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=51db33dcd65a0e78616e8c97758a6bc0421613997da60ab1d6da54e35be1803e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:bb:8f:0b:2a:7d:44:09:3f:cb:60:14:de:2c:
                    f9:2e:2d:d9:29:7e:96:65:fb:ba:bf:0d:4d:d9:e8:
                    54:21:81:55:f6:22:4d:f4:ac:e2:26:61:0b:14:d0:
                    17:3a:d3:22:cf:5c:c1:bc:c7:2d:7f:51:37:0f:a8:
                    1b:0e:dc:d2:7d:5f:86:4c:10:e5:7c:fd:0c:37:1d:
                    44:44:7f:2b:f7:4d:af:22:08:d3:3a:fb:58:03:e8:
                    fe:0e:ab:7a:20:2c:c2:2e:e7:72:dc:68:5f:84:3a:
                    d7:03:ec:76:9b:83:a1:be:6b:0d:12:b2:bd:1c:8e:
                    07:1b:73:ae:fb:e8:8c:b0:3c:d3:b6:bb:1b:8e:81:
                    6b:c6:19:08:d1:14:2d:c0:fe:69:99:4f:0f:bb:5c:
                    f8:2b:ce:5a:5b:31:72:c3:a0:56:b1:98:6b:0f:5b:
                    ce:d0:88:d3:ee:0f:e3:fd:18:ad:18:6c:2d:1e:8a:
                    8c:06:bb:da:f0:2c:1b:7b:f6:15:11:10:66:45:e0:
                    91:e4:b1:be:05:4c:49:01:3a:53:e6:96:28:f1:3e:
                    fb:85:59:69:70:ea:64:df:c7:51:d9:23:38:3c:eb:
                    6c:eb:2e:bf:c1:bb:9c:af:6b:9c:ba:11:0f:7c:52:
                    45:34:3c:a7:46:f8:12:e3:8f:97:df:a7:40:b4:1b:
                    ae:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:98:AE:2F:96:70:94:6A:6D:CB:A4:72:ED:D6:63:C5:39:AB:A7:B1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/22c9a730-4525-4f9f-9737-1126e2e464db.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.151.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         45:ce:ea:07:e1:1e:c7:ab:d8:3b:01:cd:32:81:72:e1:5a:eb:
         b3:a7:8a:34:26:df:18:27:ec:dc:df:54:2d:36:f5:51:6d:4e:
         ee:51:c7:7a:f5:a7:e1:75:d1:81:a7:51:28:7b:3f:68:f2:bc:
         81:dc:60:06:9c:b9:4e:de:a3:c0:f5:6c:09:45:e8:99:32:b5:
         38:da:9b:21:78:1b:ea:3a:4f:80:f7:42:f3:25:01:3d:42:9d:
         61:76:5b:a9:97:28:2f:56:16:a8:eb:99:96:b9:f8:f6:c3:53:
         d8:81:db:be:d1:c5:5e:b8:f4:9f:ff:3c:ec:56:71:9e:fc:06:
         13:69:22:75:0b:c4:5c:25:d4:f1:e7:1d:a4:da:61:b6:b3:3c:
         6a:fa:32:06:90:97:e4:e0:cd:05:95:77:94:82:1a:45:2d:32:
         54:8b:1d:ac:9c:96:de:fb:f4:60:06:47:22:6c:1f:14:00:4c:
         3f:ad:2c:49:35:74:1a:1c:55:f9:03:da:7b:8d:83:58:b5:cb:
         b7:b7:39:e9:e5:71:b2:7d:93:59:f7:9c:f4:00:f7:9b:f2:56:
         a0:b5:46:e9:23:ac:2a:bc:81:2f:a7:b4:8b:c8:5f:c5:15:94:
         ff:35:a8:07:11:21:ce:0d:22:5b:17:52:99:e6:c6:37:a3:74:
         11:a8:ca:1a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUN/0smqfP4ktjK22GGuy2VEu4KNswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDA1MTUzWhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0A1MWRiMzNkY2Q2NWEwZTc4NjE2ZThjOTc3NThhNmJjMDQy
MTYxMzk5N2RhNjBhYjFkNmRhNTRlMzViZTE4MDNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPu48LKn1ECT/LYBTeLPkuLdkpfpZl+7q/DU3Z6FQhgVX2
Ik30rOImYQsU0Bc60yLPXMG8xy1/UTcPqBsO3NJ9X4ZMEOV8/Qw3HUREfyv3Ta8i
CNM6+1gD6P4Oq3ogLMIu53LcaF+EOtcD7Habg6G+aw0Ssr0cjgcbc6776IywPNO2
uxuOgWvGGQjRFC3A/mmZTw+7XPgrzlpbMXLDoFaxmGsPW87QiNPuD+P9GK0YbC0e
iowGu9rwLBt79hUREGZF4JHksb4FTEkBOlPmlijxPvuFWWlw6mTfx1HZIzg862zr
Lr/Bu5yva5y6EQ98UkU0PKdG+BLjj5ffp0C0G67PAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUCJiuL5ZwlGpty6Ry7dZjxTmrp7EwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIyYzlhNzMwLTQ1MjUtNGY5Zi05NzM3LTExMjZlMmU0NjRkYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4lzANBgkqhkiG9w0BAQsFAAOCAQEARc7qB+Eex6vYOwHNMoFy4Vrrs6eK
NCbfGCfs3N9ULTb1UW1O7lHHevWn4XXRgadRKHs/aPK8gdxgBpy5Tt6jwPVsCUXo
mTK1ONqbIXgb6jpPgPdC8yUBPUKdYXZbqZcoL1YWqOuZlrn49sNT2IHbvtHFXrj0
n/887FZxnvwGE2kidQvEXCXU8ecdpNphtrM8avoyBpCX5ODNBZV3lIIaRS0yVIsd
rJyW3vv0YAZHImwfFABMP60sSTV0GhxV+QPae42DWLXLt7c56eVxsn2TWfec9AD3
m/JWoLVG6SOsKryBL6e0i8hfxRWU/zWoBxEhzg0iWxdSmebGN6N0EajKGg==
-----END CERTIFICATE-----