Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/26b19207-d242-447f-be92-5f266b9a2bc8.roa
File:                     26b19207-d242-447f-be92-5f266b9a2bc8.roa (raw, json)
Hash identifier:          x8uvhinfmgfgMg+mqvblM1x6VhkcHswpw6adkefyUXQ=
Subject key identifier:   A8:61:11:4F:4D:20:49:28:D6:BA:CC:7C:70:F1:EE:57:6B:61:A2:E4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       329C7BF607632D33FDA6EB084E700B66C8908B3A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/26b19207-d242-447f-be92-5f266b9a2bc8.roa
Signing time:             Tue 14 Oct 2025 17:51:55 +0000
ROA not before:           Tue 14 Oct 2025 17:51:55 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        71.152.56.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:9c:7b:f6:07:63:2d:33:fd:a6:eb:08:4e:70:0b:66:c8:90:8b:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 17:51:55 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=b4666484af1847f24e6287c97b851a0b0be249dabe8d7c076aba3305f7f889bd, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:5b:d7:7d:52:05:fe:de:31:16:78:b3:ca:6b:
                    d1:b7:df:da:60:b1:3f:ea:8a:1a:d2:a3:d2:6b:a4:
                    9e:1c:73:b0:09:d3:7e:d0:67:20:06:cf:c3:b7:89:
                    ed:f7:86:30:3c:e5:c2:9a:b0:19:ee:55:fe:bf:c2:
                    65:24:a9:99:b1:f7:f0:5a:c8:83:b7:c7:a9:3c:10:
                    93:3c:da:a7:43:f3:62:55:45:96:80:18:dc:74:1f:
                    c5:e9:ce:8d:f0:39:9f:48:24:be:c4:70:fa:da:42:
                    4b:51:34:a3:cb:15:7f:54:30:5d:4c:81:fe:45:da:
                    d6:47:c2:cf:29:cd:14:30:7a:d7:61:b9:9b:f7:52:
                    fa:87:e7:94:5d:2e:04:d1:96:7d:5b:c1:21:72:8b:
                    6e:6b:06:c2:fa:9e:b2:0f:c7:d5:8a:f3:51:55:a4:
                    c5:69:81:5a:f8:07:b7:ca:6d:a1:2d:57:07:82:34:
                    59:8b:97:6c:0c:0c:ef:96:13:f3:33:eb:e7:8b:a4:
                    2c:38:8a:69:31:04:06:6e:cd:49:6b:12:b6:1f:39:
                    cd:dd:fb:d3:1b:6e:3f:e4:43:86:2e:9d:98:93:cf:
                    76:3c:e1:2c:53:e7:f5:f0:e1:12:89:60:65:ad:e3:
                    d9:c7:ab:7a:25:e4:12:ab:a2:75:ff:85:b0:c4:2b:
                    0a:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:61:11:4F:4D:20:49:28:D6:BA:CC:7C:70:F1:EE:57:6B:61:A2:E4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/26b19207-d242-447f-be92-5f266b9a2bc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  71.152.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:57:41:b9:9f:17:b9:dd:13:07:12:cb:53:95:0c:92:24:e7:
         ee:93:0a:0c:a1:17:aa:e9:0a:d5:fa:ed:64:e4:62:c3:73:df:
         4e:7d:52:2b:e1:09:95:2c:c9:c6:81:6d:fb:0f:2d:93:d2:58:
         d9:cd:24:b1:5f:fb:a0:32:82:fe:49:2c:3f:a6:ca:39:90:1c:
         b2:d8:35:d1:e2:45:67:32:1e:ce:16:e3:b2:47:c0:b3:9a:f8:
         a1:44:a2:e0:88:3d:c4:e4:ed:eb:82:50:33:6f:59:0b:38:0c:
         13:60:e8:40:e9:fb:f9:cc:53:c1:4e:f7:f0:06:4d:a2:3c:d6:
         82:10:16:4d:60:62:b7:08:a2:9a:d1:e6:8c:3b:a8:19:40:ed:
         9f:d1:e6:8f:46:ee:ca:4f:05:88:3f:63:61:07:ee:7f:46:27:
         e3:bb:df:a1:8b:1d:f6:53:a6:51:95:5e:6f:4b:92:44:95:cb:
         cf:38:c4:e2:d4:a0:c7:77:86:ee:b5:32:1d:cd:84:c7:54:38:
         60:6d:26:22:e5:ae:f5:00:b9:ee:6e:f0:00:8a:e5:ab:12:99:
         ab:13:86:6d:4d:8d:5a:40:85:76:a0:70:91:b8:32:9c:bc:6e:
         f3:11:4b:11:05:ef:14:cb:0a:9c:e7:2a:6e:22:6a:98:47:79:
         a4:14:21:8d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMpx79gdjLTP9pusITnALZsiQizowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTc1MTU1WhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNDY2NjQ4NGFmMTg0N2YyNGU2Mjg3Yzk3Yjg1MWEwYjBi
ZTI0OWRhYmU4ZDdjMDc2YWJhMzMwNWY3Zjg4OWJkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFW9d9UgX+3jEWeLPKa9G339pgsT/qihrSo9JrpJ4cc7AJ
037QZyAGz8O3ie33hjA85cKasBnuVf6/wmUkqZmx9/BayIO3x6k8EJM82qdD82JV
RZaAGNx0H8Xpzo3wOZ9IJL7EcPraQktRNKPLFX9UMF1Mgf5F2tZHws8pzRQwetdh
uZv3UvqH55RdLgTRln1bwSFyi25rBsL6nrIPx9WK81FVpMVpgVr4B7fKbaEtVweC
NFmLl2wMDO+WE/Mz6+eLpCw4imkxBAZuzUlrErYfOc3d+9Mbbj/kQ4YunZiTz3Y8
4SxT5/Xw4RKJYGWt49nHq3ol5BKronX/hbDEKwr3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqGERT00gSSjWusx8cPHuV2thouQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI2YjE5MjA3LWQyNDItNDQ3Zi1iZTkyLTVmMjY2YjlhMmJjOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABHmDgwDQYJKoZIhvcNAQELBQADggEBAMxXQbmfF7ndEwcSy1OVDJIk5+6T
CgyhF6rpCtX67WTkYsNz3059UivhCZUsycaBbfsPLZPSWNnNJLFf+6Aygv5JLD+m
yjmQHLLYNdHiRWcyHs4W47JHwLOa+KFEouCIPcTk7euCUDNvWQs4DBNg6EDp+/nM
U8FO9/AGTaI81oIQFk1gYrcIoprR5ow7qBlA7Z/R5o9G7spPBYg/Y2EH7n9GJ+O7
36GLHfZTplGVXm9LkkSVy884xOLUoMd3hu61Mh3NhMdUOGBtJiLlrvUAue5u8ACK
5asSmasThm1NjVpAhXagcJG4Mpy8bvMRSxEF7xTLCpznKm4iaphHeaQUIY0=
-----END CERTIFICATE-----