Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/940bd107-87a1-467d-a6ff-57aca7389c67.roa
File:                     940bd107-87a1-467d-a6ff-57aca7389c67.roa (raw, json)
Hash identifier:          nGKm7lOpb4pPQJ8PvXGKyovWP+jee3gvZOdAxMGB1GM=
Subject key identifier:   2E:B0:29:FC:17:15:94:BC:A4:83:29:E6:2F:61:4C:8E:48:36:5C:55
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       058A13427DD8F69C9AA19009E7F62F84590DEB25
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/940bd107-87a1-467d-a6ff-57aca7389c67.roa
Signing time:             Tue 07 Oct 2025 15:01:12 +0000
ROA not before:           Tue 07 Oct 2025 15:01:12 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.225.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:8a:13:42:7d:d8:f6:9c:9a:a1:90:09:e7:f6:2f:84:59:0d:eb:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 15:01:12 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=6a4dbe5321bbc0208f29506fc4aa70706f2080d23682b2240cfb1e4b0611d4ff, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:f0:d6:c3:7f:15:f8:bf:f3:c5:74:13:7d:f0:
                    f7:82:e1:b9:ff:a1:b7:4a:75:5b:d7:0f:d5:30:21:
                    2b:5a:14:26:51:9c:ab:a9:bb:77:3a:0a:df:ea:f2:
                    39:9d:30:b3:a6:47:a7:2c:88:2b:2c:27:ba:61:01:
                    58:48:76:22:c1:53:19:20:76:9a:7f:54:40:f3:2f:
                    e4:07:26:bf:8d:4e:68:e0:74:c8:15:79:64:e2:4f:
                    64:57:6a:5b:49:a7:6b:e4:0c:a1:6d:e9:5b:31:2d:
                    a8:6b:e3:3b:ee:54:09:2e:cd:a0:f8:f7:c5:b0:4d:
                    5e:5c:f5:92:4e:8e:1e:f5:c4:28:50:65:ad:b2:22:
                    da:e7:cf:d3:ab:ec:5d:95:68:42:35:81:db:5e:f2:
                    99:74:3f:94:92:17:a7:8d:35:79:38:e6:91:31:f4:
                    09:99:24:91:cb:a0:e0:e8:86:32:88:71:a7:64:a4:
                    9f:36:4f:26:21:0b:d7:f7:bd:57:36:a1:6a:5b:ba:
                    7e:d9:ed:6c:63:ec:d8:eb:ac:29:a6:bc:04:1a:bf:
                    4e:79:96:86:9c:e4:0e:07:13:a9:1c:5a:ca:3d:7c:
                    7c:11:18:c6:f5:6f:0d:bf:9c:95:bc:9b:a0:6a:d2:
                    c9:5e:29:a9:3a:1f:bf:7d:ef:26:c5:44:21:65:89:
                    81:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:B0:29:FC:17:15:94:BC:A4:83:29:E6:2F:61:4C:8E:48:36:5C:55
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/940bd107-87a1-467d-a6ff-57aca7389c67.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.225.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0a:20:f8:61:27:e9:b7:12:d2:8c:9b:e8:c0:b5:fe:62:11:1e:
         67:08:3c:80:6a:b8:fb:fd:ff:ee:e4:88:e1:f3:85:60:c7:f1:
         61:e6:c9:62:0f:92:00:b8:23:11:a8:66:ff:39:67:5c:55:5a:
         19:7a:7f:fe:52:65:38:f2:f4:05:c1:a8:64:ee:25:d7:5d:b6:
         5b:1c:9b:e9:18:6b:71:c1:db:36:25:39:03:a3:bb:62:6e:7d:
         f2:c6:2a:d9:7e:51:50:26:25:82:9f:d5:27:41:72:ee:ab:03:
         fb:e8:1d:db:e4:81:26:0e:39:d0:9e:fc:d7:7f:26:ce:aa:a8:
         1e:c9:da:95:fc:41:6e:48:2c:59:07:57:ac:66:6b:69:a7:4d:
         c5:e3:27:e4:14:64:7e:1c:c5:c8:d9:0b:31:f2:82:47:89:e3:
         84:fd:76:86:05:aa:4d:58:0e:a3:a2:58:77:7c:8f:62:7e:cb:
         5b:0c:f4:56:98:2d:38:a0:c0:37:0f:b2:d2:e7:70:66:5f:5a:
         c2:24:85:5c:63:27:39:4e:8f:08:e8:a9:4e:57:4c:e4:ee:8a:
         b0:f3:42:ce:ff:4c:21:57:3d:f9:b4:5b:b9:51:a9:12:c8:83:
         4a:0b:de:ff:96:d4:bf:62:97:2c:40:08:5a:0d:41:c3:c2:87:
         38:f4:b3:5b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBYoTQn3Y9pyaoZAJ5/YvhFkN6yUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MTUwMTEyWhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0A2YTRkYmU1MzIxYmJjMDIwOGYyOTUwNmZjNGFhNzA3MDZm
MjA4MGQyMzY4MmIyMjQwY2ZiMWU0YjA2MTFkNGZmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDb8NbDfxX4v/PFdBN98PeC4bn/obdKdVvXD9UwIStaFCZR
nKupu3c6Ct/q8jmdMLOmR6csiCssJ7phAVhIdiLBUxkgdpp/VEDzL+QHJr+NTmjg
dMgVeWTiT2RXaltJp2vkDKFt6VsxLahr4zvuVAkuzaD498WwTV5c9ZJOjh71xChQ
Za2yItrnz9Or7F2VaEI1gdte8pl0P5SSF6eNNXk45pEx9AmZJJHLoODohjKIcadk
pJ82TyYhC9f3vVc2oWpbun7Z7Wxj7NjrrCmmvAQav055loac5A4HE6kcWso9fHwR
GMb1bw2/nJW8m6Bq0sleKak6H7997ybFRCFliYGTAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQULrAp/BcVlLykgynmL2FMjkg2XFUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk0MGJkMTA3LTg3YTEtNDY3ZC1hNmZmLTU3YWNhNzM4OWM2Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA44TANBgkqhkiG9w0BAQsFAAOCAQEACiD4YSfptxLSjJvowLX+YhEeZwg8
gGq4+/3/7uSI4fOFYMfxYebJYg+SALgjEahm/zlnXFVaGXp//lJlOPL0BcGoZO4l
1122Wxyb6RhrccHbNiU5A6O7Ym598sYq2X5RUCYlgp/VJ0Fy7qsD++gd2+SBJg45
0J78138mzqqoHsnalfxBbkgsWQdXrGZraadNxeMn5BRkfhzFyNkLMfKCR4njhP12
hgWqTVgOo6JYd3yPYn7LWwz0VpgtOKDANw+y0udwZl9awiSFXGMnOU6PCOipTldM
5O6KsPNCzv9MIVc9+bRbuVGpEsiDSgve/5bUv2KXLEAIWg1Bw8KHOPSzWw==
-----END CERTIFICATE-----