Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fc59645b-efad-4950-a874-ac47ec42f4b2.roa
File:                     fc59645b-efad-4950-a874-ac47ec42f4b2.roa (raw, json)
Hash identifier:          hvY5/uX5MgWiZ0ku+rb+Hms6cZ1pnQ27jBReXCE1frM=
Subject key identifier:   E2:3A:C6:51:7F:66:92:CE:1B:51:9C:59:60:5A:1E:F0:0C:20:70:3F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       63A09E0105D08C8DB6DF8A63979B85DFDC030FE3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fc59645b-efad-4950-a874-ac47ec42f4b2.roa
Signing time:             Mon 06 Oct 2025 15:39:59 +0000
ROA not before:           Mon 06 Oct 2025 15:39:59 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     701
IP address blocks:        139.56.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:a0:9e:01:05:d0:8c:8d:b6:df:8a:63:97:9b:85:df:dc:03:0f:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 15:39:59 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=8ec234a79ab26221c69716e6d4b707264e456b689f8fafed71e49005abb297f4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:4b:24:72:3c:c9:35:1b:c8:ef:40:0b:d3:51:
                    26:62:d8:1c:c8:12:81:a5:5c:3e:2f:ff:af:2f:0e:
                    2a:f4:a8:14:6c:de:3c:2c:02:79:06:9e:30:de:ad:
                    3a:05:23:6b:7c:f2:d0:f9:30:8a:40:9f:57:73:37:
                    12:c9:eb:9c:12:4c:1c:da:2f:e9:92:93:09:45:2f:
                    92:61:d0:4a:9f:3d:a2:31:cc:5f:45:f4:1b:11:5a:
                    99:d6:b9:34:7e:f3:4d:12:84:ae:2c:5d:c6:28:39:
                    09:58:a9:bf:49:31:90:20:ba:d3:1e:4c:9c:71:26:
                    0b:a5:e4:b3:28:43:fe:7a:91:46:5d:f2:9a:85:78:
                    01:e9:01:49:1c:8d:3c:5a:ff:d7:95:73:b0:c4:f8:
                    2b:d8:15:0f:cc:09:2a:d5:40:94:f6:6d:91:b0:2a:
                    e1:2d:d7:b3:c4:10:a9:fb:1f:b8:37:0c:33:f6:a4:
                    f8:96:bb:b3:59:46:97:19:36:a1:66:21:47:5f:d7:
                    37:8f:ca:a8:53:99:d9:48:ce:a5:fc:b6:65:c2:ef:
                    ea:ab:5d:df:0c:17:07:65:33:76:1c:03:21:27:41:
                    42:c2:b5:02:f9:3b:72:8f:fe:37:8e:7c:61:88:ea:
                    e4:44:8f:81:a7:87:bd:1f:08:9d:99:0d:72:d7:f5:
                    e7:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:3A:C6:51:7F:66:92:CE:1B:51:9C:59:60:5A:1E:F0:0C:20:70:3F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fc59645b-efad-4950-a874-ac47ec42f4b2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.56.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b1:d3:35:1d:44:a4:03:a1:d3:e1:14:32:9d:f5:dd:42:18:41:
         91:fa:17:51:57:d4:e6:19:bf:da:b6:c5:6c:ea:73:35:62:92:
         5e:71:03:01:05:c2:ab:ec:86:2d:5f:1d:b4:07:8d:2d:e7:80:
         76:0c:89:ce:ed:42:0a:84:ea:3f:74:c1:74:0f:5b:b6:a8:07:
         9a:a8:4b:a5:29:74:81:89:00:74:78:9c:b8:c5:26:3d:d9:f3:
         bb:a3:03:b0:f4:ff:45:48:1b:4e:16:f6:d3:13:03:03:3e:40:
         5b:a8:78:53:99:02:f4:0a:1b:3a:0f:db:a7:5f:8c:f8:7b:ca:
         67:fb:33:04:49:c3:e5:21:40:d0:e2:2e:4e:fa:10:b1:99:75:
         85:aa:71:e0:2e:18:5c:a8:a7:fb:61:03:c3:08:94:2e:bb:23:
         c6:57:bd:fc:2f:91:3f:e3:53:f0:50:16:dd:59:07:6b:aa:55:
         fd:11:1c:b2:d2:6b:6e:54:b1:da:82:29:e2:15:88:5e:b8:f4:
         88:93:71:3a:f5:27:43:60:5b:33:a6:f9:b5:5d:4a:c6:ef:08:
         42:aa:a7:c5:d7:b5:72:ed:9b:8a:11:6b:ee:70:79:bf:6c:61:
         29:de:49:2d:8f:e7:5b:01:79:e6:3b:d8:83:3a:15:d0:f9:b9:
         19:3e:ca:a0
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUY6CeAQXQjI2234pjl5uF39wDD+MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTUzOTU5WhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZWMyMzRhNzlhYjI2MjIxYzY5NzE2ZTZkNGI3MDcyNjRl
NDU2YjY4OWY4ZmFmZWQ3MWU0OTAwNWFiYjI5N2Y0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCeSyRyPMk1G8jvQAvTUSZi2BzIEoGlXD4v/68vDir0qBRs
3jwsAnkGnjDerToFI2t88tD5MIpAn1dzNxLJ65wSTBzaL+mSkwlFL5Jh0EqfPaIx
zF9F9BsRWpnWuTR+800ShK4sXcYoOQlYqb9JMZAgutMeTJxxJgul5LMoQ/56kUZd
8pqFeAHpAUkcjTxa/9eVc7DE+CvYFQ/MCSrVQJT2bZGwKuEt17PEEKn7H7g3DDP2
pPiWu7NZRpcZNqFmIUdf1zePyqhTmdlIzqX8tmXC7+qrXd8MFwdlM3YcAyEnQULC
tQL5O3KP/jeOfGGI6uREj4Gnh70fCJ2ZDXLX9ecRAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU4jrGUX9mks4bUZxZYFoe8AwgcD8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZjNTk2NDViLWVmYWQtNDk1MC1hODc0LWFjNDdlYzQyZjRiMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCLODANBgkqhkiG9w0BAQsFAAOCAQEAsdM1HUSkA6HT4RQynfXdQhhBkfoX
UVfU5hm/2rbFbOpzNWKSXnEDAQXCq+yGLV8dtAeNLeeAdgyJzu1CCoTqP3TBdA9b
tqgHmqhLpSl0gYkAdHicuMUmPdnzu6MDsPT/RUgbThb20xMDAz5AW6h4U5kC9Aob
Og/bp1+M+HvKZ/szBEnD5SFA0OIuTvoQsZl1hapx4C4YXKin+2EDwwiULrsjxle9
/C+RP+NT8FAW3VkHa6pV/REcstJrblSx2oIp4hWIXrj0iJNxOvUnQ2BbM6b5tV1K
xu8IQqqnxde1cu2bihFr7nB5v2xhKd5JLY/nWwF55jvYgzoV0Pm5GT7KoA==
-----END CERTIFICATE-----