Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/95e22508-19cf-4432-8b3a-79d513cb62d8.roa
File:                     95e22508-19cf-4432-8b3a-79d513cb62d8.roa (raw, json)
Hash identifier:          lH8gZ13n8Yv0Mqx09QGJPdQbBC5S0G4ScmAVOOrEnfY=
Subject key identifier:   6E:75:13:6B:33:2D:ED:BB:87:28:46:96:4B:AE:7A:96:79:7A:72:17
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       24D250E823C213ED7229691A767B77728A29639F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/95e22508-19cf-4432-8b3a-79d513cb62d8.roa
Signing time:             Wed 01 Oct 2025 00:39:48 +0000
ROA not before:           Wed 01 Oct 2025 00:39:48 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.254.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:d2:50:e8:23:c2:13:ed:72:29:69:1a:76:7b:77:72:8a:29:63:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:39:48 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=d060f93abdfeca0c15d4c410647ecffced1151b90d57252cf0533cca3c43fd89, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:bc:32:31:01:01:36:d5:4a:74:25:19:81:16:
                    39:16:7b:d0:ba:60:eb:db:13:2f:aa:d4:2e:c7:bc:
                    ed:5c:5d:ec:81:89:0a:44:44:2e:fe:8b:a7:88:61:
                    5e:92:d8:be:fc:80:ba:29:67:ed:8c:60:e2:a3:d4:
                    51:f3:7b:b9:2c:f8:d9:eb:48:0d:d1:cf:87:f2:00:
                    83:3a:ec:a5:70:d9:91:5b:d5:50:25:10:8f:c4:ed:
                    8d:c0:7e:68:3d:93:a4:67:06:44:63:a2:07:f3:a4:
                    73:0c:f5:87:ca:e0:99:12:64:ce:5c:e0:82:4b:85:
                    46:cf:50:f9:a1:ac:a7:da:57:ad:b9:d1:11:8f:a7:
                    dd:54:b5:14:a8:94:eb:3a:a2:42:bc:e4:e2:f6:4e:
                    39:8c:d7:9b:eb:88:23:8d:98:43:2f:49:c4:04:b2:
                    91:a3:46:62:cc:d3:01:e7:8e:0d:4b:b2:d9:d3:e0:
                    78:40:41:ae:ea:1e:be:39:0d:ce:a4:a0:ba:a4:59:
                    01:ba:41:68:35:dd:23:b2:32:c1:ee:db:f8:ea:3b:
                    01:36:2a:09:bb:ce:c3:71:38:64:1e:d2:34:a8:83:
                    f2:86:e2:6e:87:97:2b:e2:3e:b7:bc:a8:c8:81:ab:
                    1d:ab:1f:1f:df:f4:e7:9d:6a:bc:c8:57:af:49:8a:
                    95:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:75:13:6B:33:2D:ED:BB:87:28:46:96:4B:AE:7A:96:79:7A:72:17
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/95e22508-19cf-4432-8b3a-79d513cb62d8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.254.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c6:46:73:b0:08:7c:96:74:63:79:cf:b8:dd:c1:b8:00:0d:ce:
         79:81:f7:30:06:ed:9d:04:29:c0:54:a4:04:c3:0f:3a:ac:2a:
         c9:7f:1d:3a:c6:df:a3:ff:5a:cb:d0:87:ab:96:fc:c5:e6:74:
         b2:df:b4:1d:4d:02:6d:8f:9d:99:f3:2e:fe:ae:65:7e:d8:02:
         f8:11:32:77:9e:7a:8a:ec:7e:b7:fc:6d:14:f1:bc:da:78:8b:
         62:4d:e5:f5:4c:7c:99:3a:da:fd:f2:34:73:cd:c8:92:d2:84:
         9d:02:5a:68:a5:96:8f:7f:68:98:bf:4f:b5:88:f4:80:3a:d1:
         42:df:d4:9d:e4:93:f6:7a:0d:48:98:1a:2d:cc:e8:a5:1b:06:
         66:bf:6d:dd:99:5e:bb:9f:44:b5:40:d9:5e:b4:b6:b5:59:28:
         fc:91:54:bf:e8:7f:2d:44:be:3c:71:6a:b7:59:38:b3:a5:ee:
         a6:d1:48:20:a9:6f:49:8e:66:0a:06:b6:f3:f7:03:02:0d:5f:
         c0:86:98:32:04:7e:df:b9:b2:d9:da:64:a4:41:5c:55:26:53:
         71:29:c6:85:b4:ca:be:a2:5b:43:40:67:55:29:17:fa:b7:73:
         9d:9d:86:c1:89:dc:c1:b9:be:42:d1:7d:ba:12:df:51:2d:3b:
         46:fe:9e:33
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUJNJQ6CPCE+1yKWkadnt3coopY58wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDAzOTQ4WhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMDYwZjkzYWJkZmVjYTBjMTVkNGM0MTA2NDdlY2ZmY2Vk
MTE1MWI5MGQ1NzI1MmNmMDUzM2NjYTNjNDNmZDg5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcvDIxAQE21Up0JRmBFjkWe9C6YOvbEy+q1C7HvO1cXeyB
iQpERC7+i6eIYV6S2L78gLopZ+2MYOKj1FHze7ks+NnrSA3Rz4fyAIM67KVw2ZFb
1VAlEI/E7Y3Afmg9k6RnBkRjogfzpHMM9YfK4JkSZM5c4IJLhUbPUPmhrKfaV625
0RGPp91UtRSolOs6okK85OL2TjmM15vriCONmEMvScQEspGjRmLM0wHnjg1LstnT
4HhAQa7qHr45Dc6koLqkWQG6QWg13SOyMsHu2/jqOwE2Kgm7zsNxOGQe0jSog/KG
4m6HlyviPre8qMiBqx2rHx/f9OedarzIV69JipUpAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUbnUTazMt7buHKEaWS656lnl6chcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk1ZTIyNTA4LTE5Y2YtNDQzMi04YjNhLTc5ZDUxM2NiNjJkOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4/jANBgkqhkiG9w0BAQsFAAOCAQEAxkZzsAh8lnRjec+43cG4AA3OeYH3
MAbtnQQpwFSkBMMPOqwqyX8dOsbfo/9ay9CHq5b8xeZ0st+0HU0CbY+dmfMu/q5l
ftgC+BEyd556iux+t/xtFPG82niLYk3l9Ux8mTra/fI0c83IktKEnQJaaKWWj39o
mL9PtYj0gDrRQt/UneST9noNSJgaLczopRsGZr9t3Zleu59EtUDZXrS2tVko/JFU
v+h/LUS+PHFqt1k4s6XuptFIIKlvSY5mCga28/cDAg1fwIaYMgR+37my2dpkpEFc
VSZTcSnGhbTKvqJbQ0BnVSkX+rdznZ2GwYncwbm+QtF9uhLfUS07Rv6eMw==
-----END CERTIFICATE-----