Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b31a2247-59e9-4e69-bf7c-c55f87670f23.roa
File:                     b31a2247-59e9-4e69-bf7c-c55f87670f23.roa (raw, json)
Hash identifier:          cs2sz/DNQ1LEX1aocENQecWuQRpfcvFXv6OfQO3PJ+A=
Subject key identifier:   F0:4C:CC:EB:60:C9:9C:AA:B8:9D:1B:20:1C:7A:38:EB:65:38:4C:12
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1C5D87B2D319DBF7C6187E6F74525718F19F6219
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b31a2247-59e9-4e69-bf7c-c55f87670f23.roa
Signing time:             Sun 19 Oct 2025 01:00:09 +0000
ROA not before:           Sun 19 Oct 2025 01:00:09 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.211.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:5d:87:b2:d3:19:db:f7:c6:18:7e:6f:74:52:57:18:f1:9f:62:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 19 01:00:09 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=3d5221e3fcf1dcb6f1a9aee5037cac194ab22cc0f7ad6e1e12046f1f5a8fb7e7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:1e:54:d5:ec:69:a5:26:c4:b6:a0:0f:a5:16:
                    fd:88:15:41:1f:82:c3:cf:c2:ad:c4:5d:3b:a2:fa:
                    e0:bd:b6:04:0c:72:61:00:ea:e9:bd:27:da:72:19:
                    0d:c9:cf:ef:db:c2:f4:77:82:b8:04:d2:2b:43:5b:
                    ce:d5:42:fd:b3:1e:5c:35:30:fb:ff:4e:9a:c4:2a:
                    2f:4f:d9:90:0b:50:0e:d1:47:24:20:72:9a:40:55:
                    0f:81:a4:cc:e0:46:e7:ff:54:cc:5c:b2:1b:b3:6a:
                    e9:d1:bd:be:53:f8:c3:bd:42:9a:9d:64:c1:70:9e:
                    01:2e:a0:5d:06:16:64:f9:ad:12:63:37:f4:f9:eb:
                    4c:51:da:44:29:57:bf:3e:b7:02:69:ea:b0:57:23:
                    17:ea:a6:11:15:97:87:b9:fe:6e:f2:2b:d8:e7:55:
                    ab:c1:54:12:a1:b7:b6:4d:db:72:ad:57:f1:ed:0f:
                    80:92:fe:b9:7b:e7:2f:3e:85:bd:25:0c:85:4f:8c:
                    bd:e5:49:d3:8a:50:fe:a5:11:7f:d1:38:e3:ee:c0:
                    9b:3c:17:f3:f6:c1:11:c8:d2:04:2e:88:98:e4:28:
                    55:3f:3e:9f:21:16:92:74:a2:d6:c8:11:27:b2:2e:
                    57:b4:14:20:91:4c:96:32:db:54:24:5e:b3:10:6c:
                    b9:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:4C:CC:EB:60:C9:9C:AA:B8:9D:1B:20:1C:7A:38:EB:65:38:4C:12
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b31a2247-59e9-4e69-bf7c-c55f87670f23.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.211.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         8b:28:64:9d:71:30:b2:88:dc:1b:53:6a:42:3a:56:ef:6d:29:
         7c:57:06:e8:5f:26:c1:eb:37:07:24:59:a2:b5:d7:b4:05:eb:
         70:52:5e:b7:f2:6e:47:40:e8:af:f9:4e:48:a3:3e:24:06:84:
         9a:f4:90:ba:23:7a:37:e8:9c:d1:ea:9d:a1:a2:57:ce:5f:fd:
         d6:a5:17:a0:ae:83:80:4c:7e:f8:3d:26:51:15:e9:cb:3f:42:
         39:9b:0b:97:4a:38:63:50:f3:e6:ea:1d:ec:53:43:11:13:b1:
         a2:14:6e:49:e6:13:70:fe:19:6a:2f:3c:e8:16:6f:ee:29:99:
         6b:5a:ba:c5:1c:37:cd:16:b6:c1:27:52:3d:f3:81:36:94:f1:
         c4:93:89:90:1a:5e:66:c5:a5:1f:99:9f:b8:6e:6c:e9:f2:45:
         08:78:03:85:12:08:04:2f:c2:1a:c1:84:c1:c4:4a:cc:1f:1a:
         75:44:d3:4c:ea:35:03:a7:db:da:90:b8:1c:34:ae:23:af:f7:
         94:ff:84:d9:e9:c4:73:c1:9f:cd:27:18:70:d6:22:af:7d:74:
         b7:33:f9:05:80:d0:14:c2:e1:c3:4a:56:94:c3:56:de:9f:63:
         38:97:f7:38:51:c0:af:c7:ab:b5:f3:ad:52:f4:85:0e:b9:5d:
         90:07:a5:73
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUHF2HstMZ2/fGGH5vdFJXGPGfYhkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE5MDEwMDA5WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzZDUyMjFlM2ZjZjFkY2I2ZjFhOWFlZTUwMzdjYWMxOTRh
YjIyY2MwZjdhZDZlMWUxMjA0NmYxZjVhOGZiN2U3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDiHlTV7GmlJsS2oA+lFv2IFUEfgsPPwq3EXTui+uC9tgQM
cmEA6um9J9pyGQ3Jz+/bwvR3grgE0itDW87VQv2zHlw1MPv/TprEKi9P2ZALUA7R
RyQgcppAVQ+BpMzgRuf/VMxcshuzaunRvb5T+MO9QpqdZMFwngEuoF0GFmT5rRJj
N/T560xR2kQpV78+twJp6rBXIxfqphEVl4e5/m7yK9jnVavBVBKht7ZN23KtV/Ht
D4CS/rl75y8+hb0lDIVPjL3lSdOKUP6lEX/ROOPuwJs8F/P2wRHI0gQuiJjkKFU/
Pp8hFpJ0otbIESeyLle0FCCRTJYy21QkXrMQbLnfAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU8EzM62DJnKq4nRsgHHo462U4TBIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IzMWEyMjQ3LTU5ZTktNGU2OS1iZjdjLWM1NWY4NzY3MGYyMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA40zANBgkqhkiG9w0BAQsFAAOCAQEAiyhknXEwsojcG1NqQjpW720pfFcG
6F8mwes3ByRZorXXtAXrcFJet/JuR0Dor/lOSKM+JAaEmvSQuiN6N+ic0eqdoaJX
zl/91qUXoK6DgEx++D0mURXpyz9COZsLl0o4Y1Dz5uod7FNDEROxohRuSeYTcP4Z
ai886BZv7imZa1q6xRw3zRa2wSdSPfOBNpTxxJOJkBpeZsWlH5mfuG5s6fJFCHgD
hRIIBC/CGsGEwcRKzB8adUTTTOo1A6fb2pC4HDSuI6/3lP+E2enEc8GfzScYcNYi
r310tzP5BYDQFMLhw0pWlMNW3p9jOJf3OFHAr8ertfOtUvSFDrldkAelcw==
-----END CERTIFICATE-----