Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64ebae17-f5e1-463d-899b-7418dd1add2f.roa
File:                     64ebae17-f5e1-463d-899b-7418dd1add2f.roa (raw, json)
Hash identifier:          Nsr8mWPnteFCQbaEHDya7h73F6tCLDVPPY0+mQgNyfU=
Subject key identifier:   0F:8D:44:DC:DF:04:DC:3B:0E:E5:08:3D:23:C7:96:DB:D7:99:57:E8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7241BB165A451D135A275879A9BC7D12F9BAF29F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64ebae17-f5e1-463d-899b-7418dd1add2f.roa
Signing time:             Fri 03 Oct 2025 00:22:58 +0000
ROA not before:           Fri 03 Oct 2025 00:22:58 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.236.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:41:bb:16:5a:45:1d:13:5a:27:58:79:a9:bc:7d:12:f9:ba:f2:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:22:58 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=9b501e71ad4aafa5e6d6fe6ec97306c06892dc78379c2db7472582478a0fb677, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a5:98:41:a7:5d:50:da:97:a4:24:5a:75:0c:
                    79:46:89:22:98:a9:04:40:22:e4:c1:a1:ec:3f:fd:
                    b9:53:d2:fa:d5:37:d4:a9:b1:1c:00:19:0e:23:b8:
                    b0:74:4c:00:dc:c5:39:7f:1d:bf:03:68:61:f9:c2:
                    4d:e8:af:0f:ff:b5:c1:c6:4b:4e:f6:f5:ab:13:2e:
                    64:d9:c8:0d:da:7b:20:d7:8f:85:6b:bb:ee:2d:da:
                    b5:1d:a0:0a:5e:a1:7d:a4:cd:3b:92:35:84:2b:d9:
                    2c:65:40:9d:43:91:a0:ea:52:ba:87:d2:d3:28:58:
                    f3:1a:80:8a:8f:03:a8:30:5d:4b:d6:a3:da:be:3c:
                    8a:82:ed:c9:db:e2:9a:39:9d:33:96:23:7a:14:e6:
                    cf:5f:4d:43:7b:d0:08:89:bb:9e:fd:14:19:e0:03:
                    0c:fa:74:bd:bf:60:32:87:b0:44:e7:c6:cc:87:66:
                    1e:38:68:80:f6:41:69:c0:5b:08:9f:17:dd:68:f1:
                    fa:70:dc:49:f3:77:37:1a:52:ec:6f:16:9a:d3:d2:
                    86:06:af:ca:e9:ae:dc:31:1a:84:04:ac:4c:5c:e4:
                    a2:8a:71:14:d7:a8:1d:bf:bd:98:0d:4c:9a:6a:75:
                    3b:59:d9:50:60:a5:cd:5c:b7:05:34:b9:14:76:64:
                    33:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:8D:44:DC:DF:04:DC:3B:0E:E5:08:3D:23:C7:96:DB:D7:99:57:E8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64ebae17-f5e1-463d-899b-7418dd1add2f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.236.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a8:2d:96:2c:64:bc:d0:f2:d8:d4:5b:80:2c:71:94:6a:87:cf:
         55:5d:89:ef:a9:61:1d:fa:89:a1:bc:72:50:aa:0e:a0:de:02:
         a7:d6:8a:dd:41:53:0a:cd:ef:54:d5:ea:b5:81:cf:d6:c3:04:
         42:b9:2e:dc:95:b9:8d:04:4d:b4:3b:69:58:b4:e7:9d:00:68:
         e5:76:1a:dd:48:bd:d3:e4:ab:54:99:d0:80:54:f9:75:f2:34:
         c0:45:b2:ab:66:99:9c:0e:9a:5e:20:8b:3d:54:ca:ec:6b:cd:
         95:f2:3c:e9:9f:2e:1e:7f:88:56:85:e1:ce:f4:54:95:46:2a:
         a3:ca:e8:bf:34:05:11:b6:f3:5e:d7:7f:53:9a:65:85:6b:75:
         90:7b:c4:78:52:e6:b4:aa:5e:1c:cb:39:c7:fc:c8:30:cc:1f:
         ee:d0:75:62:17:96:ae:dc:40:ae:9a:71:c1:e3:e7:5a:a0:e8:
         ec:02:dc:55:82:b9:39:26:37:b0:a4:ab:08:6b:3e:98:2c:ed:
         59:d4:6a:ea:ce:1d:b6:b9:58:80:a8:24:cc:c7:64:9f:32:79:
         06:df:6f:7a:59:da:52:a8:63:14:0c:7f:8f:ee:1f:16:92:e0:
         f4:f8:59:a2:c7:ae:02:df:dd:b3:9d:5e:f0:7c:5c:14:b1:ea:
         ed:27:45:bc
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUckG7FlpFHRNaJ1h5qbx9Evm68p8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDAyMjU4WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5YjUwMWU3MWFkNGFhZmE1ZTZkNmZlNmVjOTczMDZjMDY4
OTJkYzc4Mzc5YzJkYjc0NzI1ODI0NzhhMGZiNjc3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjpZhBp11Q2pekJFp1DHlGiSKYqQRAIuTBoew//blT0vrV
N9SpsRwAGQ4juLB0TADcxTl/Hb8DaGH5wk3orw//tcHGS0729asTLmTZyA3aeyDX
j4Vru+4t2rUdoApeoX2kzTuSNYQr2SxlQJ1DkaDqUrqH0tMoWPMagIqPA6gwXUvW
o9q+PIqC7cnb4po5nTOWI3oU5s9fTUN70AiJu579FBngAwz6dL2/YDKHsETnxsyH
Zh44aID2QWnAWwifF91o8fpw3EnzdzcaUuxvFprT0oYGr8rprtwxGoQErExc5KKK
cRTXqB2/vZgNTJpqdTtZ2VBgpc1ctwU0uRR2ZDOrAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUD41E3N8E3DsO5Qg9I8eW29eZV+gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY0ZWJhZTE3LWY1ZTEtNDYzZC04OTliLTc0MThkZDFhZGQyZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA47DANBgkqhkiG9w0BAQsFAAOCAQEAqC2WLGS80PLY1FuALHGUaofPVV2J
76lhHfqJobxyUKoOoN4Cp9aK3UFTCs3vVNXqtYHP1sMEQrku3JW5jQRNtDtpWLTn
nQBo5XYa3Ui90+SrVJnQgFT5dfI0wEWyq2aZnA6aXiCLPVTK7GvNlfI86Z8uHn+I
VoXhzvRUlUYqo8rovzQFEbbzXtd/U5plhWt1kHvEeFLmtKpeHMs5x/zIMMwf7tB1
YheWrtxArppxwePnWqDo7ALcVYK5OSY3sKSrCGs+mCztWdRq6s4dtrlYgKgkzMdk
nzJ5Bt9velnaUqhjFAx/j+4fFpLg9PhZoseuAt/ds51e8HxcFLHq7SdFvA==
-----END CERTIFICATE-----