Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ee072b22-d511-4e36-bf63-9dea3fed9955.roa
File:                     ee072b22-d511-4e36-bf63-9dea3fed9955.roa (raw, json)
Hash identifier:          yV/oLrW12epsH1y448Iv54yTVIRsIMqIQh2ul6F6c0k=
Subject key identifier:   97:A3:0B:64:C3:9C:87:20:82:98:F1:20:1B:27:51:93:42:F2:9D:87
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       492C178A12DAB3B7F74F11681B89F45674EEE866
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ee072b22-d511-4e36-bf63-9dea3fed9955.roa
Signing time:             Fri 26 Sep 2025 00:40:30 +0000
ROA not before:           Fri 26 Sep 2025 00:40:30 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.40.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:2c:17:8a:12:da:b3:b7:f7:4f:11:68:1b:89:f4:56:74:ee:e8:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 26 00:40:30 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=9faeb7a69ff645b434afb95dc10ce9cc2731a895d9d1f0144b7345c7c771eb31, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d8:76:53:8a:64:b1:61:bd:53:96:96:e6:2a:
                    c0:fc:50:d9:27:79:8f:70:50:65:76:b7:71:68:64:
                    aa:be:c8:87:2c:8a:44:ac:74:fd:16:c8:97:be:d7:
                    81:11:1f:da:7f:e2:50:2f:36:e8:cb:45:24:a4:6b:
                    d4:ff:52:3b:9b:2e:1e:3f:3b:e9:e7:a5:ad:5d:b1:
                    07:71:54:fa:a9:07:08:e6:73:8d:59:05:c5:ee:fc:
                    82:22:ca:dc:ac:a0:5a:25:dc:b6:bb:5a:38:e4:14:
                    67:1d:7e:7b:ff:18:20:c2:37:ab:58:47:ac:20:a5:
                    c3:43:41:f3:96:06:f9:6f:4d:3a:fc:76:8f:a1:dd:
                    4a:40:5e:2d:c8:b0:40:ec:06:4f:59:dd:c5:62:b9:
                    18:6b:17:da:25:d9:2a:73:0a:98:8d:fe:15:31:69:
                    c0:1d:5a:6c:42:27:ba:41:dd:ee:3b:85:e7:fe:80:
                    e5:cc:b0:6c:fc:0c:fe:8b:d1:20:72:c3:f1:1f:5a:
                    5a:e7:c7:82:25:1a:02:7d:b7:63:bb:7d:a0:02:06:
                    64:6b:7f:17:4b:8f:32:f5:39:f8:5a:34:81:48:e7:
                    e6:85:2f:42:6d:a8:0d:d6:10:00:06:da:03:a4:0c:
                    57:ba:c1:09:58:d0:fc:49:e9:a0:d4:5c:03:fe:22:
                    fe:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:A3:0B:64:C3:9C:87:20:82:98:F1:20:1B:27:51:93:42:F2:9D:87
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ee072b22-d511-4e36-bf63-9dea3fed9955.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.40.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a3:21:b9:bb:de:40:11:63:d1:a2:b9:6c:fa:ab:8f:79:8f:3e:
         cd:ba:aa:2b:96:38:02:66:35:31:58:85:16:c2:8c:7c:20:1b:
         c6:0f:7d:93:a4:58:ae:b9:34:5c:d9:0a:11:79:88:d1:10:8e:
         46:e3:00:e1:48:ab:72:0d:ac:98:2b:a0:6d:37:19:51:eb:ae:
         dc:aa:95:f8:98:8c:92:4f:0b:b8:3b:cd:35:cd:ce:8b:d3:91:
         a7:20:ea:18:c0:ec:32:61:c4:9b:bd:10:e7:c1:5e:e2:d9:f2:
         6c:e9:17:7d:c1:0c:53:c8:ef:4b:b5:d0:12:01:22:3a:44:3f:
         08:a1:fc:3c:97:ec:15:56:18:e4:cc:f9:79:8a:e2:c1:e8:57:
         35:f1:4e:0d:fd:3c:5c:fc:bb:f5:e6:4a:2c:f6:b6:07:fd:23:
         ce:86:de:b9:11:ed:cf:e2:35:ab:5e:26:c7:b5:72:04:5f:a9:
         a7:73:fc:a5:36:b6:e2:00:58:ad:9b:d3:fb:5e:e1:73:d9:f3:
         81:c7:30:d6:27:08:f5:e7:0b:0b:0b:60:9a:cb:3e:57:57:66:
         b9:64:e7:5c:1c:6c:2d:fc:dd:26:b2:74:f8:50:9c:8c:19:56:
         7a:e6:0e:16:33:a6:4f:dd:25:45:8b:51:8c:50:67:37:0a:0a:
         db:31:fe:e7
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUSSwXihLas7f3TxFoG4n0VnTu6GYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI2MDA0MDMwWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZmFlYjdhNjlmZjY0NWI0MzRhZmI5NWRjMTBjZTljYzI3
MzFhODk1ZDlkMWYwMTQ0YjczNDVjN2M3NzFlYjMxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCS2HZTimSxYb1TlpbmKsD8UNkneY9wUGV2t3FoZKq+yIcs
ikSsdP0WyJe+14ERH9p/4lAvNujLRSSka9T/UjubLh4/O+nnpa1dsQdxVPqpBwjm
c41ZBcXu/IIiytysoFol3La7WjjkFGcdfnv/GCDCN6tYR6wgpcNDQfOWBvlvTTr8
do+h3UpAXi3IsEDsBk9Z3cViuRhrF9ol2SpzCpiN/hUxacAdWmxCJ7pB3e47hef+
gOXMsGz8DP6L0SByw/EfWlrnx4IlGgJ9t2O7faACBmRrfxdLjzL1OfhaNIFI5+aF
L0JtqA3WEAAG2gOkDFe6wQlY0PxJ6aDUXAP+Iv4HAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUl6MLZMOchyCCmPEgGydRk0LynYcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VlMDcyYjIyLWQ1MTEtNGUzNi1iZjYzLTlkZWEzZmVkOTk1NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4KDANBgkqhkiG9w0BAQsFAAOCAQEAoyG5u95AEWPRorls+quPeY8+zbqq
K5Y4AmY1MViFFsKMfCAbxg99k6RYrrk0XNkKEXmI0RCORuMA4Uircg2smCugbTcZ
Ueuu3KqV+JiMkk8LuDvNNc3Oi9ORpyDqGMDsMmHEm70Q58Fe4tnybOkXfcEMU8jv
S7XQEgEiOkQ/CKH8PJfsFVYY5Mz5eYriwehXNfFODf08XPy79eZKLPa2B/0jzobe
uRHtz+I1q14mx7VyBF+pp3P8pTa24gBYrZvT+17hc9nzgccw1icI9ecLCwtgmss+
V1dmuWTnXBxsLfzdJrJ0+FCcjBlWeuYOFjOmT90lRYtRjFBnNwoK2zH+5w==
-----END CERTIFICATE-----