Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/957f0a75-2fea-4fd6-ac57-1c87799dc4e1.roa
File:                     957f0a75-2fea-4fd6-ac57-1c87799dc4e1.roa (raw, json)
Hash identifier:          biclPoU/6S44r45sGN1Of0u2M90sI9dnMEKEtDwhgQk=
Subject key identifier:   C8:33:88:CF:0D:24:98:AF:B3:AD:C6:34:F8:52:DE:07:EB:82:4A:98
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1051240FC7A162A41888343FF3A0C3014DF3A36F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/957f0a75-2fea-4fd6-ac57-1c87799dc4e1.roa
Signing time:             Tue 07 Oct 2025 15:01:17 +0000
ROA not before:           Tue 07 Oct 2025 15:01:17 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.97.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:51:24:0f:c7:a1:62:a4:18:88:34:3f:f3:a0:c3:01:4d:f3:a3:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 15:01:17 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=e960b6431efd5f527159c7cec69ce92bd05b1bbf6fe1a2b3870fe56f7eff5e2c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:4b:cb:c5:ac:3b:f6:da:b6:8c:f1:2e:12:f5:
                    8f:31:e3:ef:d4:74:e0:ae:87:a3:d3:f2:41:db:f7:
                    77:ab:b1:87:90:34:6c:80:83:15:ba:e1:dd:c9:cc:
                    3e:74:59:9c:d3:f7:12:d8:22:7b:10:36:9f:95:b3:
                    8d:35:e3:6d:ae:dc:83:3d:2d:63:28:e1:1c:9a:4d:
                    f7:c1:fe:9a:a6:df:70:79:8e:cf:4e:1b:5f:03:49:
                    fa:db:d7:c6:a5:1e:7c:a2:e4:f5:ff:f0:fb:7f:60:
                    27:41:15:a3:53:6d:ae:1d:4b:ca:5e:24:5e:5b:98:
                    1b:1a:59:27:cd:86:89:50:cc:6c:4d:ef:3b:11:d1:
                    58:dc:38:53:1a:f8:f7:00:78:94:12:83:8d:ef:4c:
                    ca:f4:a0:fd:5d:21:33:be:a7:f5:8a:34:47:1f:dd:
                    f0:e1:47:44:c1:9c:53:c1:31:18:56:6e:54:bf:2a:
                    57:eb:67:ce:2b:79:2e:77:ca:d2:c1:b5:87:7c:7d:
                    ff:92:60:02:aa:0e:23:6b:e7:6f:25:a4:0f:7e:2b:
                    ed:7f:2b:df:c9:82:64:54:f6:54:7a:10:be:a0:c4:
                    c7:bb:32:e0:ef:7e:60:51:fe:82:d4:06:f3:14:0d:
                    d0:ba:87:bf:ad:6e:f8:cc:11:3d:00:d2:5d:7a:2c:
                    05:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:33:88:CF:0D:24:98:AF:B3:AD:C6:34:F8:52:DE:07:EB:82:4A:98
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/957f0a75-2fea-4fd6-ac57-1c87799dc4e1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.97.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         01:63:13:4d:4d:cf:7c:09:83:98:1e:75:f3:de:61:a5:ca:65:
         b7:21:1b:c2:50:4d:a7:ce:a3:26:47:f3:ab:5c:55:5b:24:03:
         74:2f:bc:0a:22:91:ee:a5:72:28:2d:06:20:65:8c:25:b9:df:
         cc:07:c8:b0:31:13:f3:36:93:5e:4b:56:1a:31:b9:49:6c:cf:
         0a:d7:b9:56:7e:24:26:89:6b:a8:b6:3f:d8:17:eb:e8:7b:f7:
         b0:80:f5:87:d4:e7:f7:ce:43:86:36:98:a7:17:e1:3f:4d:09:
         8a:f7:37:2d:8a:4d:a3:53:0d:e6:3b:c7:00:27:9c:c1:eb:19:
         6d:82:a3:d0:09:a4:f7:9e:f9:8c:07:7c:f5:4f:62:fe:63:13:
         47:b7:08:7a:4e:44:24:de:9f:67:e2:58:ee:88:e3:be:cf:b0:
         7d:21:0d:98:74:aa:7d:6a:81:6e:47:5a:36:cb:69:74:80:04:
         72:71:96:10:b1:28:60:f4:fd:45:f2:3c:94:68:ae:fa:94:5e:
         86:37:a5:78:6b:6f:ef:c7:89:af:56:17:58:48:24:7f:2e:cc:
         f7:93:cd:f5:c8:e2:ef:e9:a1:7e:23:45:5c:18:d2:f0:62:06:
         61:1b:c4:ea:78:27:19:d5:2c:fb:02:e5:67:30:2d:26:ae:d3:
         fc:1e:bd:9b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUEFEkD8ehYqQYiDQ/86DDAU3zo28wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MTUwMTE3WhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0BlOTYwYjY0MzFlZmQ1ZjUyNzE1OWM3Y2VjNjljZTkyYmQw
NWIxYmJmNmZlMWEyYjM4NzBmZTU2ZjdlZmY1ZTJjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCJS8vFrDv22raM8S4S9Y8x4+/UdOCuh6PT8kHb93ersYeQ
NGyAgxW64d3JzD50WZzT9xLYInsQNp+Vs401422u3IM9LWMo4RyaTffB/pqm33B5
js9OG18DSfrb18alHnyi5PX/8Pt/YCdBFaNTba4dS8peJF5bmBsaWSfNholQzGxN
7zsR0VjcOFMa+PcAeJQSg43vTMr0oP1dITO+p/WKNEcf3fDhR0TBnFPBMRhWblS/
KlfrZ84reS53ytLBtYd8ff+SYAKqDiNr528lpA9+K+1/K9/JgmRU9lR6EL6gxMe7
MuDvfmBR/oLUBvMUDdC6h7+tbvjMET0A0l16LAV7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUyDOIzw0kmK+zrcY0+FLeB+uCSpgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk1N2YwYTc1LTJmZWEtNGZkNi1hYzU3LTFjODc3OTlkYzRlMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4YTANBgkqhkiG9w0BAQsFAAOCAQEAAWMTTU3PfAmDmB51895hpcpltyEb
wlBNp86jJkfzq1xVWyQDdC+8CiKR7qVyKC0GIGWMJbnfzAfIsDET8zaTXktWGjG5
SWzPCte5Vn4kJolrqLY/2Bfr6Hv3sID1h9Tn985DhjaYpxfhP00Jivc3LYpNo1MN
5jvHACecwesZbYKj0Amk9575jAd89U9i/mMTR7cIek5EJN6fZ+JY7ojjvs+wfSEN
mHSqfWqBbkdaNstpdIAEcnGWELEoYPT9RfI8lGiu+pRehjeleGtv78eJr1YXWEgk
fy7M95PN9cji7+mhfiNFXBjS8GIGYRvE6ngnGdUs+wLlZzAtJq7T/B69mw==
-----END CERTIFICATE-----