Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/847e48cb-589d-4414-90c5-e5f31d38ad1a.roa
File:                     847e48cb-589d-4414-90c5-e5f31d38ad1a.roa (raw, json)
Hash identifier:          o2iCiY5XBsKi8LgCXdo8rnVP8u+q3Aj6/vQ7BHXU7Lo=
Subject key identifier:   02:74:3A:04:80:09:38:10:A9:A8:DA:6E:D2:1C:66:2C:86:F8:88:C2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       43A54EB2DFDAC2D35810CD807BB0E52E21A337CB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/847e48cb-589d-4414-90c5-e5f31d38ad1a.roa
Signing time:             Wed 01 Oct 2025 00:40:32 +0000
ROA not before:           Wed 01 Oct 2025 00:40:32 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.212.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:a5:4e:b2:df:da:c2:d3:58:10:cd:80:7b:b0:e5:2e:21:a3:37:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:40:32 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=ca2c145f72a93ffe11181612be47649dd77fb9c5a3a2e8feb7ea50ef3954fef8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:b4:b1:38:ad:67:d5:dc:82:90:36:ea:18:82:
                    63:73:e1:cd:68:88:26:3b:63:7d:96:ed:77:6b:eb:
                    52:25:d4:df:51:12:1b:a7:db:89:ef:75:3a:52:8c:
                    e1:b8:8d:a4:d2:61:a0:cc:22:6f:96:6e:5c:92:03:
                    f8:be:43:2d:c3:13:a5:30:68:d4:42:c2:1a:30:48:
                    7f:ae:ce:a6:90:09:23:02:b5:56:f9:8d:1e:ff:f8:
                    d1:9b:01:fb:3f:14:78:5c:5c:97:5a:e4:2b:c0:2f:
                    28:c4:27:ca:cd:dc:3a:6e:cf:27:7f:8e:db:7b:07:
                    6c:a9:c4:4c:ce:8a:54:a9:11:28:5f:e3:38:69:64:
                    c4:b6:e4:51:06:e3:a1:e1:7e:82:a8:12:0f:1b:3a:
                    48:a5:16:19:89:5b:47:0b:53:b2:67:8a:5c:6b:e3:
                    30:b7:c4:e3:4c:d0:4c:4f:4a:00:f6:88:0a:51:fc:
                    bf:f9:1e:6e:43:1d:a0:9b:10:dc:a2:75:cc:bb:73:
                    f9:38:21:c5:cb:89:6e:2f:a3:0a:35:00:29:e9:4b:
                    44:59:ff:4c:0e:fa:6b:61:d3:5e:cf:f7:88:56:e6:
                    fa:f3:0c:93:0e:52:36:65:4a:ce:e6:8b:e0:e6:0e:
                    c2:e0:b7:5c:42:22:f2:54:f4:d0:82:fc:bf:8c:25:
                    22:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:74:3A:04:80:09:38:10:A9:A8:DA:6E:D2:1C:66:2C:86:F8:88:C2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/847e48cb-589d-4414-90c5-e5f31d38ad1a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.212.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7b:66:1f:44:94:e7:a0:77:39:20:bd:c7:7b:63:39:56:c3:37:
         70:24:eb:6e:ee:99:bd:d8:98:2a:0d:79:d0:a7:ab:04:01:0b:
         f8:31:22:5c:f9:89:fb:16:d9:14:b3:29:43:88:10:32:45:8c:
         08:ed:3b:61:0e:cb:e0:fa:a6:c8:bf:cc:f5:2b:99:68:e9:8a:
         0b:c3:e5:15:64:69:09:92:b9:2b:2b:0d:b7:a8:4e:50:96:f1:
         e2:6d:89:6b:8d:59:92:ff:19:28:bb:2d:6e:8f:5c:d4:ea:f3:
         af:87:53:ff:2c:84:e9:c3:72:b1:56:6f:6c:6a:1e:ea:26:05:
         8f:85:bb:4d:11:11:5e:d1:62:c2:58:14:0b:5c:cf:c6:9d:f5:
         71:35:27:25:3e:14:ab:e7:a7:8a:9c:42:2b:02:7c:28:d5:7f:
         ce:3c:fb:d4:8d:4f:25:30:19:2d:f8:ce:4d:40:71:6b:65:ae:
         a5:d4:09:ba:8a:ea:ca:7d:6e:10:9e:c4:f7:6e:0a:01:51:65:
         45:8f:99:20:6f:8a:8d:bc:06:3e:85:82:4f:e3:0b:4c:cc:b0:
         81:d3:f3:6b:d6:a4:e1:63:c3:1b:76:d3:a9:55:18:f1:ae:94:
         80:9c:00:48:43:45:ce:91:a5:7c:cf:26:76:95:39:80:96:2f:
         4b:96:87:2a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQ6VOst/awtNYEM2Ae7DlLiGjN8swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDA0MDMyWhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYTJjMTQ1ZjcyYTkzZmZlMTExODE2MTJiZTQ3NjQ5ZGQ3
N2ZiOWM1YTNhMmU4ZmViN2VhNTBlZjM5NTRmZWY4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChtLE4rWfV3IKQNuoYgmNz4c1oiCY7Y32W7Xdr61Il1N9R
Ehun24nvdTpSjOG4jaTSYaDMIm+WblySA/i+Qy3DE6UwaNRCwhowSH+uzqaQCSMC
tVb5jR7/+NGbAfs/FHhcXJda5CvALyjEJ8rN3Dpuzyd/jtt7B2ypxEzOilSpEShf
4zhpZMS25FEG46HhfoKoEg8bOkilFhmJW0cLU7Jnilxr4zC3xONM0ExPSgD2iApR
/L/5Hm5DHaCbENyidcy7c/k4IcXLiW4vowo1ACnpS0RZ/0wO+mth017P94hW5vrz
DJMOUjZlSs7mi+DmDsLgt1xCIvJU9NCC/L+MJSIvAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUAnQ6BIAJOBCpqNpu0hxmLIb4iMIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg0N2U0OGNiLTU4OWQtNDQxNC05MGM1LWU1ZjMxZDM4YWQxYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA41DANBgkqhkiG9w0BAQsFAAOCAQEAe2YfRJTnoHc5IL3He2M5VsM3cCTr
bu6ZvdiYKg150KerBAEL+DEiXPmJ+xbZFLMpQ4gQMkWMCO07YQ7L4PqmyL/M9SuZ
aOmKC8PlFWRpCZK5KysNt6hOUJbx4m2Ja41Zkv8ZKLstbo9c1Orzr4dT/yyE6cNy
sVZvbGoe6iYFj4W7TRERXtFiwlgUC1zPxp31cTUnJT4Uq+enipxCKwJ8KNV/zjz7
1I1PJTAZLfjOTUBxa2WupdQJuorqyn1uEJ7E924KAVFlRY+ZIG+KjbwGPoWCT+ML
TMywgdPza9ak4WPDG3bTqVUY8a6UgJwASENFzpGlfM8mdpU5gJYvS5aHKg==
-----END CERTIFICATE-----