Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/991a7270-70c3-4177-b80a-03d48b249d96.roa
File:                     991a7270-70c3-4177-b80a-03d48b249d96.roa (raw, json)
Hash identifier:          TmvundhTLBrVpaozqqdrPsVtUrtCC5TjUlnCrFdn6ho=
Subject key identifier:   57:2B:B3:85:DF:D6:C6:FE:C4:8D:C0:BC:0C:B3:91:71:13:CA:91:13
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       084F6E808877D07054EB8CEFE0127EB9F7094478
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/991a7270-70c3-4177-b80a-03d48b249d96.roa
Signing time:             Mon 06 Oct 2025 15:39:59 +0000
ROA not before:           Mon 06 Oct 2025 15:39:59 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     6167
IP address blocks:        139.56.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:4f:6e:80:88:77:d0:70:54:eb:8c:ef:e0:12:7e:b9:f7:09:44:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 15:39:59 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=b12ba840529d040e0583311dd8a11022e7018f4ee11a339e951d2ebd41e25b3c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:9f:35:84:75:2a:d0:73:60:b0:c7:8d:5f:39:
                    b7:2e:33:3f:c5:37:9f:d6:61:f1:02:7e:0d:e9:dc:
                    17:b1:4a:cc:fd:8f:bb:cd:3f:38:79:e9:45:e8:73:
                    cf:dd:32:89:f8:b0:0c:55:a9:b8:26:18:ad:8d:26:
                    62:01:32:38:ca:1b:6e:44:b6:7d:36:8f:a9:75:e5:
                    81:4b:ca:17:88:50:41:2f:d8:e9:ee:4c:17:94:43:
                    da:b2:77:c8:a2:9d:23:78:a3:70:ae:93:31:04:7e:
                    a7:a1:0e:6b:c9:56:53:4b:39:63:c0:7c:ec:9f:33:
                    3e:ef:a6:51:94:83:bd:41:b6:dd:48:11:47:ed:65:
                    b5:65:1c:6c:d4:74:6b:e0:69:42:04:32:67:0a:1c:
                    d1:a3:a0:e4:1d:5c:66:23:f0:2b:61:d3:89:fc:43:
                    2b:b6:3c:7c:e6:62:00:25:6f:bf:b3:fd:c1:5d:ff:
                    a6:ce:5b:22:0f:4a:bb:c3:4e:01:5a:1e:b4:10:35:
                    94:cc:cb:94:c8:8d:ce:31:74:05:52:6b:b4:0b:4c:
                    cb:c4:45:eb:2b:1d:2b:fd:f8:5d:5b:7f:47:b6:02:
                    d6:a7:10:a9:35:3d:0b:f9:a7:39:02:78:2f:fd:67:
                    58:c7:ab:da:1f:45:7a:1d:74:21:c7:f8:f5:22:40:
                    70:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:2B:B3:85:DF:D6:C6:FE:C4:8D:C0:BC:0C:B3:91:71:13:CA:91:13
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/991a7270-70c3-4177-b80a-03d48b249d96.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.56.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         86:3c:90:87:4a:cb:7f:5c:87:e4:90:b6:28:b8:0a:f5:36:49:
         e6:8b:71:58:6a:67:f3:17:c3:c3:2a:0b:e0:84:e4:c6:dc:f8:
         bb:19:78:d2:92:b9:88:3a:8b:bb:47:9b:a9:d9:b4:89:0f:a2:
         3d:e0:d8:91:ca:52:2e:0d:f9:da:a1:92:01:5e:ac:28:3f:44:
         16:8f:f0:5b:a0:72:dc:ea:da:38:25:d2:ed:5a:ea:9b:f4:10:
         c8:96:2d:57:ef:c1:ed:3f:7f:aa:50:99:67:c1:c2:a1:5a:e7:
         35:d5:97:82:00:3e:57:fa:ea:28:34:2e:5a:60:c3:69:5a:0c:
         1d:88:1d:03:3f:69:8e:38:a5:23:99:73:5d:22:1c:a9:0b:70:
         7a:91:f3:6c:0b:f3:b4:4c:9c:df:d3:18:fc:26:05:98:e5:c7:
         31:95:91:70:99:2b:78:f6:44:99:51:73:95:9d:d9:9f:35:e6:
         7a:75:47:5b:e2:1b:25:8c:d2:3d:d8:c8:61:a0:1f:a4:bc:57:
         fb:87:d4:65:ce:df:b8:6c:9c:fd:1e:5a:30:87:9c:74:a5:60:
         14:20:9d:b5:1d:fc:39:c6:d9:eb:91:f5:5f:43:05:e6:49:7b:
         23:b1:c6:3c:a9:2f:2c:82:43:e1:80:e8:49:ed:a8:c9:a3:12:
         e7:c4:4f:ed
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUCE9ugIh30HBU64zv4BJ+ufcJRHgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTUzOTU5WhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BiMTJiYTg0MDUyOWQwNDBlMDU4MzMxMWRkOGExMTAyMmU3
MDE4ZjRlZTExYTMzOWU5NTFkMmViZDQxZTI1YjNjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCVnzWEdSrQc2Cwx41fObcuMz/FN5/WYfECfg3p3BexSsz9
j7vNPzh56UXoc8/dMon4sAxVqbgmGK2NJmIBMjjKG25Etn02j6l15YFLyheIUEEv
2OnuTBeUQ9qyd8iinSN4o3CukzEEfqehDmvJVlNLOWPAfOyfMz7vplGUg71Btt1I
EUftZbVlHGzUdGvgaUIEMmcKHNGjoOQdXGYj8Cth04n8Qyu2PHzmYgAlb7+z/cFd
/6bOWyIPSrvDTgFaHrQQNZTMy5TIjc4xdAVSa7QLTMvEResrHSv9+F1bf0e2Atan
EKk1PQv5pzkCeC/9Z1jHq9ofRXoddCHH+PUiQHD9AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUVyuzhd/Wxv7EjcC8DLORcRPKkRMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk5MWE3MjcwLTcwYzMtNDE3Ny1iODBhLTAzZDQ4YjI0OWQ5Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCLODANBgkqhkiG9w0BAQsFAAOCAQEAhjyQh0rLf1yH5JC2KLgK9TZJ5otx
WGpn8xfDwyoL4ITkxtz4uxl40pK5iDqLu0ebqdm0iQ+iPeDYkcpSLg352qGSAV6s
KD9EFo/wW6By3OraOCXS7Vrqm/QQyJYtV+/B7T9/qlCZZ8HCoVrnNdWXggA+V/rq
KDQuWmDDaVoMHYgdAz9pjjilI5lzXSIcqQtwepHzbAvztEyc39MY/CYFmOXHMZWR
cJkrePZEmVFzlZ3ZnzXmenVHW+IbJYzSPdjIYaAfpLxX+4fUZc7fuGyc/R5aMIec
dKVgFCCdtR38OcbZ65H1X0MF5kl7I7HGPKkvLIJD4YDoSe2oyaMS58RP7Q==
-----END CERTIFICATE-----