Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/34ca87d7-ed62-4445-a114-bd33a654a75d.roa
File:                     34ca87d7-ed62-4445-a114-bd33a654a75d.roa (raw, json)
Hash identifier:          U/pOLpfIC92FCbxLNcck/7+v5BE3SkCxogqkG7dSVjA=
Subject key identifier:   1A:99:1A:8B:E0:FB:F1:22:61:86:26:A1:AC:A9:DA:02:64:8C:A2:7E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       63900573A97FF6F488ED5E33376FD51E5E93279F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/34ca87d7-ed62-4445-a114-bd33a654a75d.roa
Signing time:             Wed 01 Oct 2025 00:40:34 +0000
ROA not before:           Wed 01 Oct 2025 00:40:34 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.229.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:90:05:73:a9:7f:f6:f4:88:ed:5e:33:37:6f:d5:1e:5e:93:27:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:40:34 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=7512d1585efa7ad219b9ecd7d742e7b1a8e0df69839e29d22b35bc444d6effb4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:9d:e5:18:f3:3c:5c:48:bc:25:0c:af:00:7d:
                    24:4c:d0:26:fa:4c:0c:8d:dd:54:3c:0f:df:8b:4b:
                    d9:4f:34:c7:97:a9:cd:e2:0c:0c:50:12:2c:23:f5:
                    5b:bb:cb:20:ef:6b:ad:07:1d:ad:99:15:21:42:0a:
                    82:fc:c6:81:72:20:13:e6:f3:db:9b:23:51:8b:cb:
                    b6:4d:73:8b:52:84:48:5b:20:b1:4a:fd:5f:93:34:
                    5f:9a:25:34:f2:f2:19:9d:1a:91:bb:97:af:1b:92:
                    de:9b:a6:6c:fe:ed:41:1e:68:02:75:57:2f:80:87:
                    65:07:5c:15:19:4a:57:4d:36:fd:c6:b4:dd:bb:49:
                    66:69:a0:c1:d3:df:8c:c9:77:00:27:26:75:28:45:
                    70:21:e2:56:0f:d6:bd:7a:92:c3:cb:d2:80:c5:f9:
                    f1:46:d0:cd:63:6e:2d:13:f6:81:61:02:0f:c5:1e:
                    ce:8d:c7:ae:7c:93:c9:96:f5:42:c6:61:79:f8:7b:
                    df:c5:f8:1e:97:f4:36:c3:cd:9a:f7:50:5a:d6:e0:
                    6d:f0:0a:05:0d:78:3a:dc:be:03:30:b1:4a:d3:03:
                    0f:48:86:02:bb:cf:0a:62:e7:2e:b5:65:26:61:97:
                    ba:6f:ab:ec:43:2a:b7:a9:e2:d9:e4:6d:e5:b7:8e:
                    9e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:99:1A:8B:E0:FB:F1:22:61:86:26:A1:AC:A9:DA:02:64:8C:A2:7E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/34ca87d7-ed62-4445-a114-bd33a654a75d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.229.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3c:5d:f2:0d:92:27:60:49:8b:30:d9:46:ea:33:60:2b:b4:9d:
         16:b0:59:3d:45:77:13:ac:16:8a:e5:ba:f3:02:34:9f:cf:17:
         88:5b:6a:a7:c1:0c:94:a6:dd:ab:53:c9:0d:77:f4:6a:3f:81:
         1c:5a:0c:e0:9c:94:b4:fe:d9:74:53:09:15:f0:33:87:91:62:
         3c:67:6a:3e:a1:0c:4f:73:67:3e:cf:ec:a8:8d:6a:ad:d1:ce:
         20:36:43:07:45:7d:d6:de:76:1f:56:d6:41:7b:c6:67:6c:74:
         29:2d:f0:b1:81:4a:aa:7e:90:64:34:15:46:bd:57:8c:4b:0a:
         bf:ea:c5:45:23:0a:ba:f7:d3:f6:6c:a6:61:87:5c:24:01:5c:
         de:d7:77:d2:92:0b:82:c0:0d:0a:67:1b:6e:35:4f:90:4a:8e:
         34:1e:9d:ac:06:d1:f5:12:8e:7c:c4:59:fb:81:8b:ea:08:3e:
         08:09:a8:12:44:c3:22:60:a5:43:05:3b:7f:42:5a:ce:c8:02:
         e0:15:83:33:90:9e:93:e5:bf:6e:d4:56:e6:45:90:84:a8:4a:
         20:a5:80:de:52:90:99:c2:84:29:f8:7c:58:d7:23:c4:e4:77:
         0e:06:f0:82:ac:cb:0d:6c:8b:6e:d0:f3:73:3b:a6:5f:77:f8:
         9a:92:a3:43
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUY5AFc6l/9vSI7V4zN2/VHl6TJ58wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDA0MDM0WhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NTEyZDE1ODVlZmE3YWQyMTliOWVjZDdkNzQyZTdiMWE4
ZTBkZjY5ODM5ZTI5ZDIyYjM1YmM0NDRkNmVmZmI0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8neUY8zxcSLwlDK8AfSRM0Cb6TAyN3VQ8D9+LS9lPNMeX
qc3iDAxQEiwj9Vu7yyDva60HHa2ZFSFCCoL8xoFyIBPm89ubI1GLy7ZNc4tShEhb
ILFK/V+TNF+aJTTy8hmdGpG7l68bkt6bpmz+7UEeaAJ1Vy+Ah2UHXBUZSldNNv3G
tN27SWZpoMHT34zJdwAnJnUoRXAh4lYP1r16ksPL0oDF+fFG0M1jbi0T9oFhAg/F
Hs6Nx658k8mW9ULGYXn4e9/F+B6X9DbDzZr3UFrW4G3wCgUNeDrcvgMwsUrTAw9I
hgK7zwpi5y61ZSZhl7pvq+xDKrep4tnkbeW3jp69AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUGpkai+D78SJhhiahrKnaAmSMon4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM0Y2E4N2Q3LWVkNjItNDQ0NS1hMTE0LWJkMzNhNjU0YTc1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA45TANBgkqhkiG9w0BAQsFAAOCAQEAPF3yDZInYEmLMNlG6jNgK7SdFrBZ
PUV3E6wWiuW68wI0n88XiFtqp8EMlKbdq1PJDXf0aj+BHFoM4JyUtP7ZdFMJFfAz
h5FiPGdqPqEMT3NnPs/sqI1qrdHOIDZDB0V91t52H1bWQXvGZ2x0KS3wsYFKqn6Q
ZDQVRr1XjEsKv+rFRSMKuvfT9mymYYdcJAFc3td30pILgsANCmcbbjVPkEqONB6d
rAbR9RKOfMRZ+4GL6gg+CAmoEkTDImClQwU7f0JazsgC4BWDM5Cek+W/btRW5kWQ
hKhKIKWA3lKQmcKEKfh8WNcjxOR3DgbwgqzLDWyLbtDzczumX3f4mpKjQw==
-----END CERTIFICATE-----