Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b21c677d-50e7-454f-babb-5348e47e691d.roa
File:                     b21c677d-50e7-454f-babb-5348e47e691d.roa (raw, json)
Hash identifier:          485NIOObB19iy41xVcR3JrpBMEI4F6wwV2pyS7fyEbg=
Subject key identifier:   B7:CF:55:08:39:35:4D:82:CF:EB:8E:70:D6:30:68:02:0E:D8:25:5D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       63E8E49AEF9B4C341CBA1C8650525CD27CB4637D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b21c677d-50e7-454f-babb-5348e47e691d.roa
Signing time:             Tue 07 Oct 2025 00:51:55 +0000
ROA not before:           Tue 07 Oct 2025 00:51:55 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.185.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:e8:e4:9a:ef:9b:4c:34:1c:ba:1c:86:50:52:5c:d2:7c:b4:63:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:51:55 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=67a9631dde1b8fa265ff48503506e9e8abeafe1c402d3d87938257fe136bc18b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:3f:5c:cc:bc:b9:c7:f9:9c:7b:09:5b:9d:46:
                    06:18:db:9c:4b:a1:c3:a0:b8:f5:2f:e7:56:06:1b:
                    f8:83:a5:31:0b:3f:db:c5:f6:aa:6f:70:08:cc:47:
                    8c:d9:a9:a1:9f:00:54:5b:e3:3d:29:84:e0:13:aa:
                    60:60:10:e1:00:a3:d6:7d:23:92:71:78:c8:de:2a:
                    bc:e8:93:99:97:87:2d:71:25:b0:82:29:d8:46:47:
                    e4:8d:be:0b:ed:44:08:e1:3f:00:a7:61:c6:ba:6a:
                    16:11:58:17:61:cc:f3:8e:61:71:cb:dc:cf:9c:66:
                    3f:42:3a:34:7e:4f:62:30:01:14:01:20:ed:eb:40:
                    9d:b3:a6:de:ab:86:71:e3:46:fb:48:66:27:c2:ce:
                    a5:03:fe:52:00:67:f1:4b:85:7b:1e:77:5b:60:12:
                    12:c8:c9:9b:4d:b8:81:94:11:b1:0d:98:fd:07:f5:
                    cc:4d:be:9d:9b:0c:ca:49:b1:38:07:62:6a:ad:35:
                    2c:86:2a:41:57:d8:bc:b3:2f:6a:f9:09:76:18:fc:
                    07:6c:76:fd:ee:7d:71:ee:55:79:26:56:70:36:6f:
                    ca:c7:71:79:0f:4e:97:ee:97:87:ec:0b:b0:58:88:
                    af:2a:5f:77:bc:0b:b8:25:a3:67:97:54:04:d8:91:
                    a4:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:CF:55:08:39:35:4D:82:CF:EB:8E:70:D6:30:68:02:0E:D8:25:5D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b21c677d-50e7-454f-babb-5348e47e691d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.185.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         94:6c:c7:d3:69:25:ff:8e:d0:74:22:8d:ec:2e:3a:d6:76:43:
         dc:31:e3:cb:10:d4:c9:51:e0:25:23:a2:02:8c:ae:7a:68:95:
         63:13:68:cb:aa:8f:98:5a:11:af:6c:25:dc:db:bd:4d:30:a4:
         af:a0:4e:6c:1d:89:8d:bc:84:82:cd:b1:96:a4:ef:15:14:92:
         83:e9:ea:b1:5c:44:50:aa:f5:96:cb:6b:68:04:14:05:33:b7:
         af:0d:ef:44:f7:8a:fc:8d:ed:f1:3b:98:d8:da:fe:a7:e3:cb:
         db:42:6c:4b:93:a9:1a:52:e3:17:b1:95:ab:b9:ff:c7:f2:58:
         d8:ee:f7:f3:42:bf:92:ec:d8:6a:04:9d:e2:71:d4:f0:87:c1:
         81:68:43:c8:96:56:b3:2c:00:94:8d:2b:84:67:c2:e0:ec:1e:
         82:44:1e:03:2e:61:e5:5f:16:8f:4a:58:fa:0a:b2:80:f8:13:
         39:8f:1b:1c:04:b7:1a:b1:87:ee:3a:49:46:18:26:0d:e9:a8:
         d7:35:91:67:1b:2e:66:5d:40:ee:b7:b5:e7:38:e4:bf:0c:35:
         b0:1d:b0:11:e0:0b:39:aa:2e:0e:4c:5b:b0:e0:b5:1f:cd:a8:
         7d:1f:fd:af:b0:fd:ec:d5:a2:ad:0e:e1:de:a8:01:cd:83:2e:
         a6:ea:1b:1e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUY+jkmu+bTDQcuhyGUFJc0ny0Y30wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDA1MTU1WhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0A2N2E5NjMxZGRlMWI4ZmEyNjVmZjQ4NTAzNTA2ZTllOGFi
ZWFmZTFjNDAyZDNkODc5MzgyNTdmZTEzNmJjMThiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLP1zMvLnH+Zx7CVudRgYY25xLocOguPUv51YGG/iDpTEL
P9vF9qpvcAjMR4zZqaGfAFRb4z0phOATqmBgEOEAo9Z9I5JxeMjeKrzok5mXhy1x
JbCCKdhGR+SNvgvtRAjhPwCnYca6ahYRWBdhzPOOYXHL3M+cZj9COjR+T2IwARQB
IO3rQJ2zpt6rhnHjRvtIZifCzqUD/lIAZ/FLhXsed1tgEhLIyZtNuIGUEbENmP0H
9cxNvp2bDMpJsTgHYmqtNSyGKkFX2LyzL2r5CXYY/Adsdv3ufXHuVXkmVnA2b8rH
cXkPTpful4fsC7BYiK8qX3e8C7glo2eXVATYkaSDAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUt89VCDk1TYLP645w1jBoAg7YJV0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IyMWM2NzdkLTUwZTctNDU0Zi1iYWJiLTUzNDhlNDdlNjkxZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4uTANBgkqhkiG9w0BAQsFAAOCAQEAlGzH02kl/47QdCKN7C461nZD3DHj
yxDUyVHgJSOiAoyuemiVYxNoy6qPmFoRr2wl3Nu9TTCkr6BObB2JjbyEgs2xlqTv
FRSSg+nqsVxEUKr1lstraAQUBTO3rw3vRPeK/I3t8TuY2Nr+p+PL20JsS5OpGlLj
F7GVq7n/x/JY2O7380K/kuzYagSd4nHU8IfBgWhDyJZWsywAlI0rhGfC4OwegkQe
Ay5h5V8Wj0pY+gqygPgTOY8bHAS3GrGH7jpJRhgmDemo1zWRZxsuZl1A7re15zjk
vww1sB2wEeALOaouDkxbsOC1H82ofR/9r7D97NWirQ7h3qgBzYMupuobHg==
-----END CERTIFICATE-----