Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c01ab0fb-a853-4925-93fd-d23412f0342f.roa
File:                     c01ab0fb-a853-4925-93fd-d23412f0342f.roa (raw, json)
Hash identifier:          ZKxtTDOP4xHixsro839NpQGpeX2WTgmWE1g1qpWJ9tc=
Subject key identifier:   9A:BB:72:FC:5B:4F:D0:8E:AD:EB:7F:D9:E6:B3:0C:3D:20:6B:33:95
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2FA0419C624E7B95146F09519511D6CF81503180
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c01ab0fb-a853-4925-93fd-d23412f0342f.roa
Signing time:             Sat 27 Sep 2025 00:23:33 +0000
ROA not before:           Sat 27 Sep 2025 00:23:33 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.54.56.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:a0:41:9c:62:4e:7b:95:14:6f:09:51:95:11:d6:cf:81:50:31:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 27 00:23:33 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=c6a7333fb97b77bb824a605dc38ff068c015edfa2bda42523466589330c658df, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e6:f4:fd:38:8a:d4:52:a5:9a:ea:f3:01:36:
                    eb:e4:31:7b:d0:cd:95:01:1b:51:23:05:60:87:2b:
                    e5:6b:d2:07:70:8d:a4:40:69:82:a9:ab:74:75:d6:
                    f7:a0:2d:c4:1c:9d:18:80:91:38:98:6c:1c:91:fc:
                    28:f2:6d:80:fb:c9:c0:c1:0e:2d:e9:1d:07:e7:f8:
                    b1:51:81:b6:49:25:74:17:30:f4:e5:50:06:9d:55:
                    9e:d0:c8:85:bd:35:ef:2b:9d:bc:f8:10:a1:19:2f:
                    09:d7:8a:d5:4a:72:a0:17:b7:b3:d1:54:ef:70:06:
                    41:ea:27:c6:ae:41:d7:57:ec:04:31:c9:65:d7:41:
                    1c:d6:f5:f1:23:fb:b2:f2:f9:9f:04:81:2b:64:e7:
                    3a:8d:ba:1a:ba:c0:50:d1:ab:55:1e:fc:1e:a3:d1:
                    44:4e:7e:b9:d5:f9:57:60:43:9e:87:4d:20:84:1e:
                    ac:6c:98:7e:97:29:9a:4f:e0:d8:ca:6b:44:e1:c1:
                    eb:2f:e0:34:83:c8:cf:72:5e:d9:ed:1e:c8:4c:1b:
                    63:1e:36:50:60:e0:77:f4:aa:79:f6:54:84:1c:e8:
                    d5:56:3d:26:4a:69:89:2a:fc:15:8b:ed:9c:52:a2:
                    b4:b6:7a:69:20:24:74:23:54:c5:77:e1:2e:f1:51:
                    5e:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:BB:72:FC:5B:4F:D0:8E:AD:EB:7F:D9:E6:B3:0C:3D:20:6B:33:95
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c01ab0fb-a853-4925-93fd-d23412f0342f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.54.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:84:e2:ca:c0:eb:6b:c5:c5:f5:48:e2:8f:31:e6:53:f7:32:
         e9:40:b0:0a:21:16:e2:55:79:24:77:fe:be:d8:77:00:96:a3:
         e8:93:73:68:4c:83:db:d4:e0:0b:c6:92:05:75:64:c9:1b:a8:
         39:59:bb:b5:5f:64:4f:be:48:47:11:ea:f9:03:6e:cc:ed:a0:
         3e:bf:99:66:3a:71:6f:4d:cf:d3:98:8a:ae:e6:a4:6a:ba:d4:
         c5:80:fd:0b:75:80:e0:25:71:c5:0d:0b:c3:80:2d:1a:f5:d8:
         43:fa:32:98:42:1c:aa:57:bf:27:12:56:7c:f3:ab:28:c3:75:
         ac:0c:c1:18:30:94:5d:c9:e4:24:02:07:df:92:51:c5:95:27:
         a2:6b:35:e3:ab:64:04:b3:2c:b9:b7:6b:de:70:bd:31:cd:bb:
         0e:fa:7a:37:7b:77:cc:8d:91:9d:98:fe:f4:98:49:d3:26:67:
         a8:b6:aa:3f:bb:22:cb:24:74:4e:88:2a:98:8c:77:1c:15:b5:
         94:de:c1:49:a3:35:aa:8c:9c:83:17:b2:1e:b5:bd:31:dc:cf:
         0e:98:c6:81:77:61:7b:91:24:ac:74:2c:54:e6:48:fc:28:ed:
         14:9d:4e:e9:50:66:da:0a:28:5f:a0:af:dd:8f:a4:59:fc:70:
         9b:ab:19:2d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL6BBnGJOe5UUbwlRlRHWz4FQMYAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI3MDAyMzMzWhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNmE3MzMzZmI5N2I3N2JiODI0YTYwNWRjMzhmZjA2OGMw
MTVlZGZhMmJkYTQyNTIzNDY2NTg5MzMwYzY1OGRmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCs5vT9OIrUUqWa6vMBNuvkMXvQzZUBG1EjBWCHK+Vr0gdw
jaRAaYKpq3R11vegLcQcnRiAkTiYbByR/CjybYD7ycDBDi3pHQfn+LFRgbZJJXQX
MPTlUAadVZ7QyIW9Ne8rnbz4EKEZLwnXitVKcqAXt7PRVO9wBkHqJ8auQddX7AQx
yWXXQRzW9fEj+7Ly+Z8EgStk5zqNuhq6wFDRq1Ue/B6j0UROfrnV+VdgQ56HTSCE
HqxsmH6XKZpP4NjKa0Thwesv4DSDyM9yXtntHshMG2MeNlBg4Hf0qnn2VIQc6NVW
PSZKaYkq/BWL7ZxSorS2emkgJHQjVMV34S7xUV5xAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmrty/FtP0I6t63/Z5rMMPSBrM5UwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MwMWFiMGZiLWE4NTMtNDkyNS05M2ZkLWQyMzQxMmYwMzQyZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjNjgwDQYJKoZIhvcNAQELBQADggEBALKE4srA62vFxfVI4o8x5lP3MulA
sAohFuJVeSR3/r7YdwCWo+iTc2hMg9vU4AvGkgV1ZMkbqDlZu7VfZE++SEcR6vkD
bsztoD6/mWY6cW9Nz9OYiq7mpGq61MWA/Qt1gOAlccUNC8OALRr12EP6MphCHKpX
vycSVnzzqyjDdawMwRgwlF3J5CQCB9+SUcWVJ6JrNeOrZASzLLm3a95wvTHNuw76
ejd7d8yNkZ2Y/vSYSdMmZ6i2qj+7IsskdE6IKpiMdxwVtZTewUmjNaqMnIMXsh61
vTHczw6YxoF3YXuRJKx0LFTmSPwo7RSdTulQZtoKKF+gr92PpFn8cJurGS0=
-----END CERTIFICATE-----