Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3140b59c-e29d-4b8a-8974-b6c470960f1b.roa
File:                     3140b59c-e29d-4b8a-8974-b6c470960f1b.roa (raw, json)
Hash identifier:          SXrdHQ6HRw3ZtHtEqrBCEzbwKZbicqy12IGVmSJp0l0=
Subject key identifier:   50:85:00:F9:DD:F8:49:69:7B:94:98:26:2D:FD:B3:09:CC:55:DB:50
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       33DE7C9E3ADE6A80EFD7DEFA57FD3B7F0461B927
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3140b59c-e29d-4b8a-8974-b6c470960f1b.roa
Signing time:             Wed 08 Oct 2025 00:12:46 +0000
ROA not before:           Wed 08 Oct 2025 00:12:46 +0000
ROA not after:            Wed 12 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.115.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:de:7c:9e:3a:de:6a:80:ef:d7:de:fa:57:fd:3b:7f:04:61:b9:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  8 00:12:46 2025 GMT
            Not After : Nov 12 23:59:59 2025 GMT
        Subject: serialNumber=f4a6ff9551eb2e81854e81f65684a1eb9efcba6770fa6a42d3187c4766c7528a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:8b:bf:a1:39:a7:be:f1:9e:39:33:85:99:d5:
                    30:39:f2:77:9e:e4:c0:9f:51:16:6d:d2:c0:9c:f0:
                    f3:8b:08:50:19:9e:77:8a:94:d0:77:42:68:0e:53:
                    26:61:89:d8:89:7c:1b:67:e1:cd:6d:2a:63:09:4e:
                    62:dd:87:d1:f0:43:c7:f6:b2:61:08:be:99:d8:1d:
                    e4:99:37:05:dc:ad:c8:a4:79:1e:ca:91:30:4b:c5:
                    12:aa:32:c4:43:89:68:fd:e8:81:2f:2f:2f:77:db:
                    53:59:d7:1b:88:c9:02:79:3c:96:7b:59:f5:1f:17:
                    6d:49:20:8d:2f:ca:c0:c5:2b:ad:92:6d:c7:68:40:
                    61:07:e0:ba:65:a4:00:16:87:bd:15:77:80:e3:3f:
                    7d:f4:87:87:c4:a6:42:2e:79:e7:94:24:4b:68:3f:
                    f3:d4:2e:77:c7:a6:7c:ee:17:8a:e4:32:05:57:7c:
                    64:c8:af:2c:fc:eb:82:97:6f:03:e6:d9:b7:b9:60:
                    25:59:f0:ca:14:9e:ee:eb:d9:ff:2a:3d:56:3a:a1:
                    2d:22:b9:3e:74:a0:99:ff:93:7e:80:96:69:12:84:
                    da:44:5f:3e:21:f7:bf:b0:61:63:82:fe:b3:6d:41:
                    a3:e7:70:82:68:ab:ba:13:16:ca:79:dd:5e:46:05:
                    58:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:85:00:F9:DD:F8:49:69:7B:94:98:26:2D:FD:B3:09:CC:55:DB:50
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3140b59c-e29d-4b8a-8974-b6c470960f1b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.115.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         00:06:d4:5a:3c:a8:c8:1d:f0:9c:14:5d:f9:a5:ee:8b:1a:b2:
         fb:56:03:4e:c0:61:80:3f:3d:99:ca:9a:87:47:57:15:3e:71:
         ae:83:11:bf:03:1a:37:72:bc:2d:40:16:4a:e3:52:30:e0:1f:
         fc:b9:c9:b0:5e:a6:4b:e7:b5:7e:c8:b5:75:05:dd:23:2f:89:
         ca:bf:e0:f8:e2:fe:cd:b7:85:4a:72:70:1f:0a:3c:d9:24:57:
         bc:0e:cf:75:81:eb:f3:ba:69:f7:be:26:eb:f0:71:7c:b0:ec:
         98:5c:b8:77:39:66:0a:a3:5b:da:6f:da:77:ce:5f:21:80:50:
         ca:3f:a3:bd:60:32:1b:da:0c:6f:35:b8:60:87:7e:c4:bb:24:
         c0:6b:db:8d:de:28:a7:59:b7:7f:e1:f3:22:77:b6:58:5b:20:
         ab:cc:a9:84:a2:f7:01:58:1b:1a:79:fa:23:a2:16:62:98:b5:
         f9:cb:f6:d3:81:c2:67:8a:03:09:ed:94:d7:bd:79:d2:d9:68:
         23:6c:3d:55:b9:3f:5e:16:0f:70:41:01:42:9e:61:68:04:ec:
         1c:7d:76:7a:6b:d9:68:e5:b1:d2:69:6a:49:5a:7b:f0:14:e2:
         f0:51:01:35:82:8c:a3:2d:14:2f:e4:7a:c9:02:4c:34:69:98:
         18:cf:db:b1
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUM958njreaoDv1976V/07fwRhuScwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA4MDAxMjQ2WhcNMjUxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNGE2ZmY5NTUxZWIyZTgxODU0ZTgxZjY1Njg0YTFlYjll
ZmNiYTY3NzBmYTZhNDJkMzE4N2M0NzY2Yzc1MjhhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYi7+hOae+8Z45M4WZ1TA58nee5MCfURZt0sCc8POLCFAZ
nneKlNB3QmgOUyZhidiJfBtn4c1tKmMJTmLdh9HwQ8f2smEIvpnYHeSZNwXcrcik
eR7KkTBLxRKqMsRDiWj96IEvLy9321NZ1xuIyQJ5PJZ7WfUfF21JII0vysDFK62S
bcdoQGEH4LplpAAWh70Vd4DjP330h4fEpkIueeeUJEtoP/PULnfHpnzuF4rkMgVX
fGTIryz864KXbwPm2be5YCVZ8MoUnu7r2f8qPVY6oS0iuT50oJn/k36AlmkShNpE
Xz4h97+wYWOC/rNtQaPncIJoq7oTFsp53V5GBVjDAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUUIUA+d34SWl7lJgmLf2zCcxV21AwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMxNDBiNTljLWUyOWQtNGI4YS04OTc0LWI2YzQ3MDk2MGYxYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4czANBgkqhkiG9w0BAQsFAAOCAQEAAAbUWjyoyB3wnBRd+aXuixqy+1YD
TsBhgD89mcqah0dXFT5xroMRvwMaN3K8LUAWSuNSMOAf/LnJsF6mS+e1fsi1dQXd
Iy+Jyr/g+OL+zbeFSnJwHwo82SRXvA7PdYHr87pp974m6/BxfLDsmFy4dzlmCqNb
2m/ad85fIYBQyj+jvWAyG9oMbzW4YId+xLskwGvbjd4op1m3f+HzIne2WFsgq8yp
hKL3AVgbGnn6I6IWYpi1+cv204HCZ4oDCe2U17150tloI2w9Vbk/XhYPcEEBQp5h
aATsHH12emvZaOWx0mlqSVp78BTi8FEBNYKMoy0UL+R6yQJMNGmYGM/bsQ==
-----END CERTIFICATE-----