Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/45481046-38a5-409c-a78c-876f51ced0e5.roa
File:                     45481046-38a5-409c-a78c-876f51ced0e5.roa (raw, json)
Hash identifier:          Kl4d2uTgXtRFy+AVzhEy+povqzzNnCWOuytdrjcPbNw=
Subject key identifier:   8E:AA:F3:D6:91:A3:67:19:57:C9:C8:AD:CB:82:22:64:64:C1:04:B7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       33BCC7BDE653D0B63BC4F247392E78E636713FF8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/45481046-38a5-409c-a78c-876f51ced0e5.roa
Signing time:             Sat 27 Sep 2025 00:41:26 +0000
ROA not before:           Sat 27 Sep 2025 00:41:26 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.53.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:bc:c7:bd:e6:53:d0:b6:3b:c4:f2:47:39:2e:78:e6:36:71:3f:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 27 00:41:26 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=62fe322d52517de4606ea746018ed391f7fdf84a432a58e8bdc4fbd93cd4225d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b3:26:24:59:f2:b7:33:c7:21:3b:a7:e5:19:
                    90:2d:00:5d:b4:7d:3e:5a:97:41:01:bd:94:3a:f7:
                    54:65:48:bd:b8:f9:0b:56:f1:8b:7f:7b:1c:bd:a3:
                    ef:28:51:c4:b9:2f:b0:45:86:c5:e7:28:11:e8:a2:
                    0f:bd:2a:d2:fc:ba:b9:80:7f:f5:1d:9f:81:65:96:
                    c4:94:41:f9:a8:81:e3:c6:22:a3:85:d9:f9:7d:a6:
                    0d:25:1f:cc:90:89:05:a6:4b:39:8b:50:8b:64:b7:
                    42:1f:fd:8e:49:59:5b:fb:f3:c0:1d:e0:8a:07:69:
                    de:6c:7c:75:9c:de:aa:af:73:a9:ec:1a:3e:d4:f7:
                    4b:1a:8e:e6:37:9c:6c:94:9a:8d:aa:1a:1d:e4:21:
                    5e:ae:6b:df:b3:ba:33:e9:8f:87:80:b8:56:c7:92:
                    f3:9c:4a:6f:27:b5:be:ce:ca:15:72:ad:9d:07:88:
                    15:6a:1c:df:8b:01:69:f7:83:c2:c5:43:8d:f8:fd:
                    ac:33:5b:a3:73:18:d0:89:1b:d7:f2:49:14:65:c9:
                    10:b7:a4:c9:a2:d0:7e:f0:8e:24:13:49:87:86:bd:
                    74:ac:93:a5:23:1a:a2:e2:1a:7d:a7:6d:ad:96:64:
                    3c:80:0b:49:69:44:31:ce:77:92:61:96:32:68:24:
                    b8:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:AA:F3:D6:91:A3:67:19:57:C9:C8:AD:CB:82:22:64:64:C1:04:B7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/45481046-38a5-409c-a78c-876f51ced0e5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.53.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         81:9e:d4:ed:6d:4e:25:a6:79:ab:24:b0:2c:ce:2b:b5:38:8a:
         04:a2:2f:10:05:44:fa:06:8c:4a:90:81:38:e7:e8:af:e5:ec:
         10:3a:07:97:86:75:52:02:95:1b:09:b0:9a:4c:11:52:3f:46:
         6c:4c:e5:29:59:99:d3:74:17:f9:03:19:33:2f:29:16:7e:a8:
         ba:10:f7:57:03:9c:e1:8b:4e:e0:64:db:9e:68:85:75:ba:46:
         03:ba:09:c1:1b:62:fc:3a:0c:e5:7c:be:e7:9e:c1:62:23:c0:
         96:df:ef:e2:b8:96:11:99:88:94:c1:74:49:00:26:97:c1:e2:
         a9:91:ad:99:e0:21:b2:60:f6:f9:ba:a2:5e:53:8a:97:d4:8f:
         38:4b:a1:85:7f:32:6c:2b:a7:22:3d:4f:f4:00:1b:07:c1:9d:
         1a:49:4e:52:7b:c3:91:4b:23:43:d6:f1:37:34:55:c5:7d:2a:
         37:a2:85:fe:98:31:bf:96:d8:a4:a9:a4:0d:cc:fa:5b:2a:01:
         06:2f:c1:e1:b7:66:c7:a2:74:ad:47:3d:d4:78:a2:ae:aa:a2:
         71:59:bb:a3:98:46:77:69:10:25:61:bf:22:54:98:87:91:e2:
         17:de:07:0b:6b:f3:78:57:c3:94:d0:cc:e9:72:56:4b:3a:e1:
         c3:2a:6e:a5
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUM7zHveZT0LY7xPJHOS545jZxP/gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI3MDA0MTI2WhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MmZlMzIyZDUyNTE3ZGU0NjA2ZWE3NDYwMThlZDM5MWY3
ZmRmODRhNDMyYTU4ZThiZGM0ZmJkOTNjZDQyMjVkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0syYkWfK3M8chO6flGZAtAF20fT5al0EBvZQ691RlSL24
+QtW8Yt/exy9o+8oUcS5L7BFhsXnKBHoog+9KtL8urmAf/Udn4FllsSUQfmogePG
IqOF2fl9pg0lH8yQiQWmSzmLUItkt0If/Y5JWVv788Ad4IoHad5sfHWc3qqvc6ns
Gj7U90sajuY3nGyUmo2qGh3kIV6ua9+zujPpj4eAuFbHkvOcSm8ntb7OyhVyrZ0H
iBVqHN+LAWn3g8LFQ434/awzW6NzGNCJG9fySRRlyRC3pMmi0H7wjiQTSYeGvXSs
k6UjGqLiGn2nba2WZDyAC0lpRDHOd5JhljJoJLhBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUjqrz1pGjZxlXycity4IiZGTBBLcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ1NDgxMDQ2LTM4YTUtNDA5Yy1hNzhjLTg3NmY1MWNlZDBlNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4NTANBgkqhkiG9w0BAQsFAAOCAQEAgZ7U7W1OJaZ5qySwLM4rtTiKBKIv
EAVE+gaMSpCBOOfor+XsEDoHl4Z1UgKVGwmwmkwRUj9GbEzlKVmZ03QX+QMZMy8p
Fn6ouhD3VwOc4YtO4GTbnmiFdbpGA7oJwRti/DoM5Xy+557BYiPAlt/v4riWEZmI
lMF0SQAml8HiqZGtmeAhsmD2+bqiXlOKl9SPOEuhhX8ybCunIj1P9AAbB8GdGklO
UnvDkUsjQ9bxNzRVxX0qN6KF/pgxv5bYpKmkDcz6WyoBBi/B4bdmx6J0rUc91Hii
rqqicVm7o5hGd2kQJWG/IlSYh5HiF94HC2vzeFfDlNDM6XJWSzrhwypupQ==
-----END CERTIFICATE-----