Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6316716a-9487-4213-97b0-541f76036d84.roa
File:                     6316716a-9487-4213-97b0-541f76036d84.roa (raw, json)
Hash identifier:          T+9c9ad6I69vnLeSip3Dpf0BUcdom+U+fiN+rF4xyqU=
Subject key identifier:   F7:F0:1D:1D:60:B7:1D:C2:8E:D6:70:FF:A4:66:7F:82:08:10:16:0A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       15D2B70C1909776B5C33C5E34B02DC64291E1024
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6316716a-9487-4213-97b0-541f76036d84.roa
Signing time:             Tue 07 Oct 2025 00:52:43 +0000
ROA not before:           Tue 07 Oct 2025 00:52:43 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.101.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:d2:b7:0c:19:09:77:6b:5c:33:c5:e3:4b:02:dc:64:29:1e:10:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:52:43 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=1e18ebaffa0662baf73903cdd57b28eb403cd4a5d26f6819f4ce45cec638c6c2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:72:56:d9:7f:04:ce:46:63:83:b4:0a:7d:47:
                    88:8f:87:67:c4:b9:28:2e:b9:fc:e3:8b:20:2a:fd:
                    2a:d8:f3:d1:b4:90:70:b2:09:af:20:76:87:94:c2:
                    20:01:e0:5a:f4:22:ed:1e:89:cd:03:33:76:2e:38:
                    4d:fc:f0:49:ad:4c:90:e4:7d:1b:16:16:d4:69:28:
                    06:40:49:6a:ab:80:a7:f8:59:17:72:94:3c:39:8e:
                    db:fa:a7:16:46:5c:6d:7a:7e:21:ab:9c:50:86:b1:
                    46:21:16:e1:b5:1f:39:c4:62:b2:ac:65:f9:7e:d6:
                    3b:40:1c:99:56:14:d5:77:db:35:fe:e7:fe:c5:b1:
                    ac:c5:86:18:a1:19:cf:f2:2c:62:5e:6e:85:7a:85:
                    d5:36:31:a7:77:d7:67:6e:ad:b0:7d:a2:35:5e:c6:
                    f5:4f:88:81:e3:02:35:cb:f1:37:59:51:e0:1f:b2:
                    73:c4:fc:04:7c:1c:9d:0e:24:74:6e:09:d0:61:f1:
                    d8:a5:9c:79:7f:1e:fc:41:1b:96:97:45:34:9e:f7:
                    9f:65:7d:79:51:c2:c3:d7:ab:12:4a:20:59:31:f3:
                    56:c2:38:3b:29:12:14:d3:46:72:9e:7f:7c:d8:7d:
                    0f:0d:d7:d2:ed:ba:c7:7d:c8:61:94:e1:c6:c7:6a:
                    d9:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:F0:1D:1D:60:B7:1D:C2:8E:D6:70:FF:A4:66:7F:82:08:10:16:0A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6316716a-9487-4213-97b0-541f76036d84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.101.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         81:ab:4d:50:c4:f6:6c:68:7b:0d:c3:f3:8d:5f:9a:c0:3b:fa:
         e2:3b:39:72:44:2b:fb:9c:32:5f:cf:b7:de:b9:32:d9:94:09:
         5f:dc:6c:ad:65:30:ab:11:9a:ab:bd:8a:32:6d:75:d1:1f:cd:
         dd:11:24:80:88:35:87:64:73:83:b7:62:50:d6:04:fb:51:c5:
         4d:0d:c9:bd:3e:61:8b:47:9d:e6:98:30:b9:69:b3:f0:93:1f:
         4c:a2:e4:bb:a4:10:6c:b2:08:fb:05:74:d0:ca:bb:48:92:5e:
         92:de:16:24:89:4b:7b:c5:6c:70:a7:7d:a0:24:66:3a:26:a9:
         ad:f9:fd:9e:20:e0:64:b3:10:f4:b2:a5:e1:7f:52:08:02:ea:
         1a:45:74:e0:03:9e:21:66:e9:88:23:07:ab:3d:48:3d:af:ee:
         60:2e:cc:4d:9e:48:b3:83:8a:35:4e:26:81:c7:f4:7d:cf:43:
         c0:76:d3:b2:e9:72:2e:87:96:2d:21:dc:90:e7:01:de:09:c4:
         b7:b4:b5:c7:58:63:e9:fa:48:75:ad:ac:c4:89:5d:3a:0e:5c:
         8c:96:9d:20:18:92:a1:de:1f:fd:b3:31:fb:10:27:48:6c:73:
         83:d5:bc:62:8b:67:6b:f4:4f:c8:bc:b0:7a:6c:cc:a4:ba:a8:
         41:ad:f3:0f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFdK3DBkJd2tcM8XjSwLcZCkeECQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDA1MjQzWhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0AxZTE4ZWJhZmZhMDY2MmJhZjczOTAzY2RkNTdiMjhlYjQw
M2NkNGE1ZDI2ZjY4MTlmNGNlNDVjZWM2MzhjNmMyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDqclbZfwTORmODtAp9R4iPh2fEuSguufzjiyAq/SrY89G0
kHCyCa8gdoeUwiAB4Fr0Iu0eic0DM3YuOE388EmtTJDkfRsWFtRpKAZASWqrgKf4
WRdylDw5jtv6pxZGXG16fiGrnFCGsUYhFuG1HznEYrKsZfl+1jtAHJlWFNV32zX+
5/7FsazFhhihGc/yLGJeboV6hdU2Mad312durbB9ojVexvVPiIHjAjXL8TdZUeAf
snPE/AR8HJ0OJHRuCdBh8dilnHl/HvxBG5aXRTSe959lfXlRwsPXqxJKIFkx81bC
ODspEhTTRnKef3zYfQ8N19Ltusd9yGGU4cbHatljAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU9/AdHWC3HcKO1nD/pGZ/gggQFgowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYzMTY3MTZhLTk0ODctNDIxMy05N2IwLTU0MWY3NjAzNmQ4NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4ZTANBgkqhkiG9w0BAQsFAAOCAQEAgatNUMT2bGh7DcPzjV+awDv64js5
ckQr+5wyX8+33rky2ZQJX9xsrWUwqxGaq72KMm110R/N3REkgIg1h2Rzg7diUNYE
+1HFTQ3JvT5hi0ed5pgwuWmz8JMfTKLku6QQbLII+wV00Mq7SJJekt4WJIlLe8Vs
cKd9oCRmOiaprfn9niDgZLMQ9LKl4X9SCALqGkV04AOeIWbpiCMHqz1IPa/uYC7M
TZ5Is4OKNU4mgcf0fc9DwHbTsulyLoeWLSHckOcB3gnEt7S1x1hj6fpIda2sxIld
Og5cjJadIBiSod4f/bMx+xAnSGxzg9W8Yotna/RPyLywemzMpLqoQa3zDw==
-----END CERTIFICATE-----