Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3732605d-e89e-4ee3-b46d-7df664583874.roa
File:                     3732605d-e89e-4ee3-b46d-7df664583874.roa (raw, json)
Hash identifier:          DHH8TVmhCVg3VO7NEXp7d/l82/falMWjihZ+WhCi/fQ=
Subject key identifier:   A5:6C:64:96:CC:7F:FA:D6:EA:8E:C0:87:F3:D8:6C:EB:C4:99:DF:8E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4EB9AEC06CC101B9F0904209460A1B9E0A7F023F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3732605d-e89e-4ee3-b46d-7df664583874.roa
Signing time:             Tue 07 Oct 2025 00:51:48 +0000
ROA not before:           Tue 07 Oct 2025 00:51:48 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.130.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:b9:ae:c0:6c:c1:01:b9:f0:90:42:09:46:0a:1b:9e:0a:7f:02:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:51:48 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=77a47e3c5b61bd7d4df360f969fcc87f54c1c82a5399eeede20cb84d6e0fdfaf, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ee:df:e1:e8:63:ac:95:02:29:bb:99:2c:e1:
                    26:b4:2c:45:cf:04:3e:e9:07:fb:06:cb:0e:5a:4d:
                    66:28:51:26:c4:7a:63:1e:26:02:57:2e:42:e1:be:
                    6f:78:4d:fa:de:bc:fc:f9:5f:05:8f:c0:c2:09:45:
                    fd:e8:56:60:8d:ee:1e:02:b9:12:42:63:47:d6:c5:
                    7d:d9:e3:d6:1a:e1:7e:c3:c4:87:2f:93:5b:94:c5:
                    d9:86:20:07:3e:a6:3d:e1:28:c1:7f:ff:67:fb:d9:
                    7a:e4:c0:c9:8f:45:88:2e:ec:4c:32:d8:6c:81:8f:
                    af:be:64:72:75:dd:b8:3b:ad:cf:0c:b7:61:b3:30:
                    4d:ca:82:9a:8b:3f:7c:33:8f:2b:1b:b6:72:32:dd:
                    81:84:e4:36:20:3d:02:b1:20:8e:b6:01:b7:f4:fc:
                    58:fc:29:7b:ec:1d:46:fd:03:cc:de:57:63:ba:76:
                    75:00:81:f9:25:7a:a3:2e:11:13:5e:2e:65:b9:db:
                    3f:2d:89:a3:ad:aa:b1:ee:5e:bf:a0:ad:6e:68:91:
                    a4:41:90:ad:87:ef:b6:d5:b6:22:ef:6d:a8:0c:73:
                    fa:5e:ac:a9:7c:b0:18:99:71:60:25:25:fd:c1:cb:
                    9f:2a:ac:3b:cc:17:bd:cb:80:13:09:bf:b4:6f:bf:
                    c8:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:6C:64:96:CC:7F:FA:D6:EA:8E:C0:87:F3:D8:6C:EB:C4:99:DF:8E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3732605d-e89e-4ee3-b46d-7df664583874.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.130.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b2:f4:a5:ca:62:da:64:9e:67:4b:97:15:3d:41:dd:99:7d:e4:
         12:4d:e6:b1:73:53:e3:dd:6f:e1:b8:64:32:d5:80:ad:75:4b:
         43:84:48:a3:98:6b:7b:c4:6d:f6:9d:55:98:9e:bc:01:e6:ca:
         dd:3d:a1:4e:a8:df:bb:9c:aa:1b:fc:89:62:cf:1e:a3:a0:9e:
         4d:43:bd:0a:4a:69:a1:01:fe:79:32:a0:f0:e4:9a:41:bd:d9:
         29:45:6f:0e:72:2b:6c:4d:1b:47:7c:c4:fd:8c:f7:23:bf:27:
         ae:2f:f1:a7:30:12:66:b0:c7:51:54:8b:f3:0c:d3:f2:ca:a1:
         b2:63:c5:47:90:7a:04:bd:8c:b5:cf:a4:12:33:32:9d:32:5f:
         09:a3:27:07:16:48:04:2f:0f:b5:bb:02:35:03:01:09:88:ae:
         32:ef:ed:f5:18:7f:d0:f1:7f:2c:5c:55:2e:68:e5:57:d3:e5:
         3d:d5:34:34:fe:f6:79:54:aa:eb:bc:c1:62:8e:59:d6:33:43:
         95:d8:6c:de:08:54:2d:6d:ac:c2:88:ea:2d:6c:d0:5e:8a:b9:
         d4:72:cd:bb:4f:5b:d2:a2:50:01:19:1d:6a:a1:5d:b4:94:a4:
         da:ce:57:56:11:df:b6:9e:d3:6e:29:fc:c5:8d:35:ae:8c:b2:
         41:57:0d:8b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTrmuwGzBAbnwkEIJRgobngp/Aj8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDA1MTQ4WhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0A3N2E0N2UzYzViNjFiZDdkNGRmMzYwZjk2OWZjYzg3ZjU0
YzFjODJhNTM5OWVlZWRlMjBjYjg0ZDZlMGZkZmFmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC37t/h6GOslQIpu5ks4Sa0LEXPBD7pB/sGyw5aTWYoUSbE
emMeJgJXLkLhvm94TfrevPz5XwWPwMIJRf3oVmCN7h4CuRJCY0fWxX3Z49Ya4X7D
xIcvk1uUxdmGIAc+pj3hKMF//2f72XrkwMmPRYgu7Ewy2GyBj6++ZHJ13bg7rc8M
t2GzME3KgpqLP3wzjysbtnIy3YGE5DYgPQKxII62Abf0/Fj8KXvsHUb9A8zeV2O6
dnUAgfkleqMuERNeLmW52z8tiaOtqrHuXr+grW5okaRBkK2H77bVtiLvbagMc/pe
rKl8sBiZcWAlJf3By58qrDvMF73LgBMJv7Rvv8gPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUpWxklsx/+tbqjsCH89hs68SZ344wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM3MzI2MDVkLWU4OWUtNGVlMy1iNDZkLTdkZjY2NDU4Mzg3NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4gjANBgkqhkiG9w0BAQsFAAOCAQEAsvSlymLaZJ5nS5cVPUHdmX3kEk3m
sXNT491v4bhkMtWArXVLQ4RIo5hre8Rt9p1VmJ68AebK3T2hTqjfu5yqG/yJYs8e
o6CeTUO9CkppoQH+eTKg8OSaQb3ZKUVvDnIrbE0bR3zE/Yz3I78nri/xpzASZrDH
UVSL8wzT8sqhsmPFR5B6BL2Mtc+kEjMynTJfCaMnBxZIBC8PtbsCNQMBCYiuMu/t
9Rh/0PF/LFxVLmjlV9PlPdU0NP72eVSq67zBYo5Z1jNDldhs3ghULW2swojqLWzQ
Xoq51HLNu09b0qJQARkdaqFdtJSk2s5XVhHftp7Tbin8xY01royyQVcNiw==
-----END CERTIFICATE-----