Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7dc69a83-4a96-485c-9489-1b574db4510f.roa
File:                     7dc69a83-4a96-485c-9489-1b574db4510f.roa (raw, json)
Hash identifier:          wzjxcHK8cs8f7HOqPydYO6rFZFPR+0Qif3JLhk+M4yM=
Subject key identifier:   3F:F8:6A:9B:0D:0C:4B:7A:93:B1:52:A6:62:8F:32:8D:F7:66:0F:8A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       768CB112918F6E0D196485DD461768EE05510429
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7dc69a83-4a96-485c-9489-1b574db4510f.roa
Signing time:             Tue 07 Oct 2025 15:01:16 +0000
ROA not before:           Tue 07 Oct 2025 15:01:16 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.90.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:8c:b1:12:91:8f:6e:0d:19:64:85:dd:46:17:68:ee:05:51:04:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 15:01:16 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=27a14f6f8ce3056737eb0106f995d77e8c8961caad7e07aff5631ce8b1cb9586, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:5c:e3:f2:1c:b3:ae:08:e8:21:27:10:bb:44:
                    7e:b5:bf:49:68:c0:f1:e0:32:90:4d:a6:ab:10:3c:
                    b3:e5:3e:03:39:52:71:3e:a4:0f:6d:a2:46:09:37:
                    0d:be:86:16:fb:fb:01:e5:7a:90:ab:e3:16:03:03:
                    45:e7:e0:6a:b0:5c:d6:18:9b:0b:e1:eb:9d:16:6e:
                    f1:63:77:ce:91:6b:ba:8c:19:17:c2:f6:f9:b3:90:
                    e1:a3:09:fd:07:62:3e:7d:e2:e1:5e:9f:2c:05:d1:
                    e5:7b:91:f9:7f:10:04:b0:46:5b:82:af:f5:45:46:
                    fe:d2:69:d2:25:07:4d:77:5f:45:50:6b:72:b7:33:
                    31:f7:eb:2a:4c:a9:d3:d2:a7:61:86:65:27:14:aa:
                    a2:e3:02:a5:23:2e:3f:d9:83:4b:bf:8c:31:f6:37:
                    b2:a6:86:11:63:b8:b7:92:91:6b:32:7d:f2:91:1e:
                    42:b9:4e:18:9f:7f:7e:ca:cb:e1:1a:ba:ec:b1:67:
                    92:58:a4:5c:42:d1:1e:f3:74:2c:88:9a:de:d8:57:
                    1e:30:40:46:6f:32:02:9d:45:4d:77:83:0d:af:7a:
                    cd:de:82:96:70:34:dd:47:e0:85:77:3d:b9:7a:84:
                    96:f8:0e:f2:40:dc:e1:67:1f:3e:2f:35:ae:53:9d:
                    96:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:F8:6A:9B:0D:0C:4B:7A:93:B1:52:A6:62:8F:32:8D:F7:66:0F:8A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7dc69a83-4a96-485c-9489-1b574db4510f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.90.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         76:0c:64:f9:95:f1:b8:97:9d:87:42:fe:21:d4:b9:f0:ab:7b:
         62:08:da:92:c9:31:9d:1b:eb:1b:7f:e4:2a:89:32:b6:f5:d9:
         9a:5a:04:9b:70:4f:ab:91:be:d4:1e:f6:32:85:28:6f:e7:7d:
         4a:58:60:22:ec:4a:ff:c4:ab:2a:a9:12:6e:b7:64:2a:8d:38:
         52:ba:31:4a:21:c8:2e:88:48:4c:a8:d2:24:5c:f7:ec:29:e7:
         d5:e5:94:ac:c2:a4:c9:56:e8:79:f3:a6:92:0c:07:14:be:15:
         ac:d6:e6:35:2a:28:5f:74:67:c5:b3:e4:f8:17:37:f5:d0:7d:
         19:06:6d:69:a1:6c:a0:ed:71:1e:9b:12:0e:7d:45:a6:44:6f:
         56:25:97:73:99:0d:37:ba:34:2f:be:b8:b3:33:4b:a2:e6:43:
         54:fd:00:9c:41:3e:5c:8f:a1:b4:03:a6:9b:bb:2d:12:ff:53:
         53:dc:c7:e2:c1:e5:e6:e3:1e:9c:9d:e0:90:0f:10:ff:77:32:
         4c:50:27:40:bc:8f:1a:87:96:88:17:e1:cd:b4:57:87:3f:ce:
         39:59:ac:a6:43:d6:4f:84:b5:ce:f5:25:7a:f0:b9:dc:c9:f3:
         d7:45:db:50:80:d2:10:b4:2e:a5:a5:e1:66:ab:39:76:72:1c:
         ee:28:ad:08
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdoyxEpGPbg0ZZIXdRhdo7gVRBCkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MTUwMTE2WhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0AyN2ExNGY2ZjhjZTMwNTY3MzdlYjAxMDZmOTk1ZDc3ZThj
ODk2MWNhYWQ3ZTA3YWZmNTYzMWNlOGIxY2I5NTg2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDqXOPyHLOuCOghJxC7RH61v0lowPHgMpBNpqsQPLPlPgM5
UnE+pA9tokYJNw2+hhb7+wHlepCr4xYDA0Xn4GqwXNYYmwvh650WbvFjd86Ra7qM
GRfC9vmzkOGjCf0HYj594uFenywF0eV7kfl/EASwRluCr/VFRv7SadIlB013X0VQ
a3K3MzH36ypMqdPSp2GGZScUqqLjAqUjLj/Zg0u/jDH2N7KmhhFjuLeSkWsyffKR
HkK5Thiff37Ky+EauuyxZ5JYpFxC0R7zdCyImt7YVx4wQEZvMgKdRU13gw2ves3e
gpZwNN1H4IV3Pbl6hJb4DvJA3OFnHz4vNa5TnZYRAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUP/hqmw0MS3qTsVKmYo8yjfdmD4owHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdkYzY5YTgzLTRhOTYtNDg1Yy05NDg5LTFiNTc0ZGI0NTEwZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4WjANBgkqhkiG9w0BAQsFAAOCAQEAdgxk+ZXxuJedh0L+IdS58Kt7Ygja
kskxnRvrG3/kKokytvXZmloEm3BPq5G+1B72MoUob+d9SlhgIuxK/8SrKqkSbrdk
Ko04UroxSiHILohITKjSJFz37Cnn1eWUrMKkyVboefOmkgwHFL4VrNbmNSooX3Rn
xbPk+Bc39dB9GQZtaaFsoO1xHpsSDn1FpkRvViWXc5kNN7o0L764szNLouZDVP0A
nEE+XI+htAOmm7stEv9TU9zH4sHl5uMenJ3gkA8Q/3cyTFAnQLyPGoeWiBfhzbRX
hz/OOVmspkPWT4S1zvUlevC53Mnz10XbUIDSELQupaXhZqs5dnIc7iitCA==
-----END CERTIFICATE-----