Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/41241b60-7ab8-4677-9f4f-dc4402b95d0d.roa
File:                     41241b60-7ab8-4677-9f4f-dc4402b95d0d.roa (raw, json)
Hash identifier:          JtGWiakkrO/zs6g+8kO9FRtqKEDxigfzTTAik3bI5r4=
Subject key identifier:   B9:AF:6B:67:12:E1:5E:50:A5:B0:9F:40:0E:F0:68:CE:E6:E0:72:1D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       231E7602A2734714DDCEDEB53566A83B8B828729
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/41241b60-7ab8-4677-9f4f-dc4402b95d0d.roa
Signing time:             Sun 19 Oct 2025 01:01:00 +0000
ROA not before:           Sun 19 Oct 2025 01:01:00 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.221.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:1e:76:02:a2:73:47:14:dd:ce:de:b5:35:66:a8:3b:8b:82:87:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 01:01:00 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=ecfec6cd12f8a86dd6a84ee7b26f6e6c950e424454166ced14bdc6d38fb522eb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:0a:99:55:c7:5e:03:58:e0:3d:8e:7d:65:89:
                    ed:fa:0f:8c:52:c6:f3:89:dc:a5:77:e5:b9:9b:ab:
                    42:d0:3f:ef:08:71:ba:5b:ab:17:ac:23:c7:e2:c2:
                    79:23:54:d0:5e:3f:10:d5:24:5b:a3:f4:0c:6b:d0:
                    2c:12:09:c0:3c:6d:e5:74:fd:cf:03:4e:c0:56:20:
                    c7:cc:4c:54:30:39:db:0e:00:e3:ab:ab:35:ea:90:
                    bb:28:9b:a5:58:84:f3:a7:85:13:ea:f0:d8:70:17:
                    46:8e:33:88:97:80:e1:a5:0f:cb:71:51:7d:dd:77:
                    4f:de:ab:a1:ed:92:57:98:37:5c:13:90:59:ec:03:
                    2d:89:7a:32:37:05:e3:46:81:79:63:6a:80:55:7e:
                    91:cb:42:12:47:d7:00:2a:25:cf:23:6c:73:5e:94:
                    24:ff:09:35:31:d2:6a:15:a4:ff:b8:ef:39:bc:76:
                    8f:24:62:40:22:6c:e5:d6:c3:21:d5:63:d9:81:fa:
                    fe:18:3e:19:31:77:34:09:55:25:b6:dd:24:e0:fa:
                    c3:70:c4:b5:67:2c:bf:33:b1:27:bb:00:6d:fc:dc:
                    7a:ee:7e:54:54:23:9d:9b:70:85:75:83:00:75:70:
                    dc:60:a1:c8:87:02:14:3f:33:5c:2a:3b:c4:91:39:
                    67:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:AF:6B:67:12:E1:5E:50:A5:B0:9F:40:0E:F0:68:CE:E6:E0:72:1D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/41241b60-7ab8-4677-9f4f-dc4402b95d0d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.221.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         26:03:8b:47:c8:a8:ee:77:0e:22:79:92:8c:a4:d2:34:6c:db:
         89:15:35:83:d4:fc:79:77:dc:1f:3e:d2:3b:a6:ab:57:bb:94:
         39:9e:84:8e:6e:6e:a4:7b:ea:16:12:e1:0d:b0:b7:b4:92:5d:
         68:ff:89:7e:23:3b:91:48:76:8c:84:5f:32:cc:8d:85:b7:65:
         0a:18:35:93:92:97:7a:a9:f7:7b:21:4a:15:7f:29:46:37:a3:
         06:7e:af:a2:d4:8f:19:a0:6b:69:34:cc:93:91:e9:cc:b1:e9:
         f8:fb:bf:40:9f:9d:7e:5a:74:17:2e:f6:15:2b:20:34:81:1e:
         16:5e:52:4d:fb:c7:16:cf:55:33:42:c1:ea:79:73:21:3b:9a:
         8d:06:9c:4b:26:fd:58:9e:01:62:b8:b3:64:1f:44:a8:dc:ac:
         65:a3:b5:50:ba:20:3b:6c:7b:d0:d3:dc:8a:21:36:2f:bc:3f:
         aa:12:97:dc:ce:1f:83:a7:a4:a5:6b:53:9f:62:25:dd:9a:a1:
         4c:01:6f:38:97:cd:d9:0e:85:42:39:de:8f:86:9f:b3:1a:b8:
         04:c0:04:f2:87:11:c6:fa:4f:f8:a6:ac:44:67:52:c0:64:2c:
         f0:17:1a:1c:7e:4c:b3:aa:71:41:bf:4f:01:5f:79:9f:d2:8c:
         ae:6c:bd:91
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUIx52AqJzRxTdzt61NWaoO4uChykwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDEwMTAwWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BlY2ZlYzZjZDEyZjhhODZkZDZhODRlZTdiMjZmNmU2Yzk1
MGU0MjQ0NTQxNjZjZWQxNGJkYzZkMzhmYjUyMmViMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgCplVx14DWOA9jn1lie36D4xSxvOJ3KV35bmbq0LQP+8I
cbpbqxesI8fiwnkjVNBePxDVJFuj9Axr0CwSCcA8beV0/c8DTsBWIMfMTFQwOdsO
AOOrqzXqkLsom6VYhPOnhRPq8NhwF0aOM4iXgOGlD8txUX3dd0/eq6HtkleYN1wT
kFnsAy2JejI3BeNGgXljaoBVfpHLQhJH1wAqJc8jbHNelCT/CTUx0moVpP+47zm8
do8kYkAibOXWwyHVY9mB+v4YPhkxdzQJVSW23STg+sNwxLVnLL8zsSe7AG383Hru
flRUI52bcIV1gwB1cNxgociHAhQ/M1wqO8SROWeFAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUua9rZxLhXlClsJ9ADvBozubgch0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQxMjQxYjYwLTdhYjgtNDY3Ny05ZjRmLWRjNDQwMmI5NWQwZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA43TANBgkqhkiG9w0BAQsFAAOCAQEAJgOLR8io7ncOInmSjKTSNGzbiRU1
g9T8eXfcHz7SO6arV7uUOZ6Ejm5upHvqFhLhDbC3tJJdaP+JfiM7kUh2jIRfMsyN
hbdlChg1k5KXeqn3eyFKFX8pRjejBn6votSPGaBraTTMk5HpzLHp+Pu/QJ+dflp0
Fy72FSsgNIEeFl5STfvHFs9VM0LB6nlzITuajQacSyb9WJ4BYrizZB9EqNysZaO1
ULogO2x70NPciiE2L7w/qhKX3M4fg6ekpWtTn2Il3ZqhTAFvOJfN2Q6FQjnej4af
sxq4BMAE8ocRxvpP+KasRGdSwGQs8BcaHH5Ms6pxQb9PAV95n9KMrmy9kQ==
-----END CERTIFICATE-----