Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0289d084-7f33-4bbc-baa0-e777f631c75e.roa
File:                     0289d084-7f33-4bbc-baa0-e777f631c75e.roa (raw, json)
Hash identifier:          oXePX2QgSFVkEv8c/A01wkBk7QTSI2iGKd4iRvRMo/g=
Subject key identifier:   EA:50:B9:87:8C:10:FA:E4:C3:A0:96:2F:81:7A:4C:3F:AD:C1:3C:4B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       714DCC344A321C927839FFC98B0BB2E28A0B649E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0289d084-7f33-4bbc-baa0-e777f631c75e.roa
Signing time:             Sun 02 Nov 2025 00:11:11 +0000
ROA not before:           Sun 02 Nov 2025 00:11:11 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.9.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:4d:cc:34:4a:32:1c:92:78:39:ff:c9:8b:0b:b2:e2:8a:0b:64:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:11:11 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=fded7366d97b048a6e11f9dfa2834bec617424b2af8791f2c9a1b1dd9e3fce64, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:87:33:2e:b8:27:18:dc:27:9f:19:99:2a:72:
                    a6:de:5b:07:40:2c:ab:10:71:4c:fb:2c:ea:64:af:
                    2c:ec:1f:fc:39:a4:fe:df:17:09:72:4f:63:01:2a:
                    3c:00:cf:4e:e9:a9:33:08:f5:28:99:ba:89:88:82:
                    de:ae:16:af:05:7b:a9:99:94:b8:f5:fc:b2:c7:5c:
                    3d:13:c1:11:dc:a1:b3:3a:31:ea:33:01:84:35:55:
                    8d:76:db:ad:98:dd:03:08:fa:68:a3:80:36:88:86:
                    74:6a:de:dc:08:9d:ab:f0:32:ad:52:c7:ee:e6:b6:
                    23:5d:5b:3d:6b:81:fe:a6:74:7c:b3:de:cc:f1:81:
                    50:6f:be:63:27:ad:fa:fd:b6:f3:4d:fd:f1:b4:c2:
                    03:42:65:6f:5b:0a:20:8c:02:5b:27:4d:9b:ed:11:
                    9e:40:be:c7:20:d3:b0:b6:eb:50:54:39:4e:53:4b:
                    96:5d:88:38:fa:cd:07:99:c8:90:24:5d:d9:87:ed:
                    c0:2e:87:74:76:94:0b:bf:96:35:91:b9:99:8a:6d:
                    84:ab:5e:73:48:40:64:49:5f:e2:b2:45:8f:47:ac:
                    fb:3b:2d:1c:c6:8a:27:14:74:f3:ba:a8:8c:7b:41:
                    72:79:97:2a:bc:43:fc:3f:af:fb:35:55:48:a6:b4:
                    69:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:50:B9:87:8C:10:FA:E4:C3:A0:96:2F:81:7A:4C:3F:AD:C1:3C:4B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0289d084-7f33-4bbc-baa0-e777f631c75e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.9.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9d:7d:45:09:b7:15:9a:2f:07:5a:d5:c4:b5:5f:cd:df:18:1a:
         b6:dd:1b:ee:b2:42:02:57:43:ef:ac:f7:bd:88:c0:9c:6f:0b:
         8a:7f:ac:40:cb:0b:5c:92:b4:f9:ee:fd:30:73:8f:d1:78:c0:
         c0:29:81:96:b5:44:85:71:84:cd:69:f0:1d:23:ea:c4:f4:33:
         b1:12:07:e2:67:94:9b:45:35:9c:50:56:d7:1f:2d:a3:dd:72:
         04:9c:e3:75:7b:a7:cd:db:b3:9d:8f:6b:e6:ef:21:03:e0:96:
         99:e8:d1:c4:1d:85:82:8c:cc:18:d9:fa:ea:f1:9a:33:59:7b:
         75:ca:73:60:2d:15:e1:bc:2d:31:c5:85:e6:1f:33:8f:3c:39:
         94:f9:39:5c:55:50:8e:36:1d:45:51:dc:2e:98:cf:25:eb:6a:
         ff:41:f3:52:c8:76:10:4b:08:e1:66:dc:e9:63:b6:15:f4:a3:
         09:6b:fb:8e:94:7b:fe:ac:4e:ce:72:af:35:74:c2:be:c6:8f:
         d4:56:57:b4:b0:14:05:e3:95:fc:17:67:44:8d:ec:cc:e1:5e:
         73:86:72:7b:cc:a3:68:a9:99:f6:c1:38:fa:42:1c:ca:94:66:
         8e:a0:93:f8:3a:34:8a:62:e6:fc:45:dd:47:fd:f0:b1:e1:6a:
         11:78:d3:3b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUcU3MNEoyHJJ4Of/Jiwuy4ooLZJ4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDAxMTExWhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZGVkNzM2NmQ5N2IwNDhhNmUxMWY5ZGZhMjgzNGJlYzYx
NzQyNGIyYWY4NzkxZjJjOWExYjFkZDllM2ZjZTY0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwhzMuuCcY3CefGZkqcqbeWwdALKsQcUz7LOpkryzsH/w5
pP7fFwlyT2MBKjwAz07pqTMI9SiZuomIgt6uFq8Fe6mZlLj1/LLHXD0TwRHcobM6
MeozAYQ1VY12262Y3QMI+mijgDaIhnRq3twInavwMq1Sx+7mtiNdWz1rgf6mdHyz
3szxgVBvvmMnrfr9tvNN/fG0wgNCZW9bCiCMAlsnTZvtEZ5Avscg07C261BUOU5T
S5ZdiDj6zQeZyJAkXdmH7cAuh3R2lAu/ljWRuZmKbYSrXnNIQGRJX+KyRY9HrPs7
LRzGiicUdPO6qIx7QXJ5lyq8Q/w/r/s1VUimtGl3AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU6lC5h4wQ+uTDoJYvgXpMP63BPEswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAyODlkMDg0LTdmMzMtNGJiYy1iYWEwLWU3NzdmNjMxYzc1ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4CTANBgkqhkiG9w0BAQsFAAOCAQEAnX1FCbcVmi8HWtXEtV/N3xgatt0b
7rJCAldD76z3vYjAnG8Lin+sQMsLXJK0+e79MHOP0XjAwCmBlrVEhXGEzWnwHSPq
xPQzsRIH4meUm0U1nFBW1x8to91yBJzjdXunzduznY9r5u8hA+CWmejRxB2FgozM
GNn66vGaM1l7dcpzYC0V4bwtMcWF5h8zjzw5lPk5XFVQjjYdRVHcLpjPJetq/0Hz
Ush2EEsI4Wbc6WO2FfSjCWv7jpR7/qxOznKvNXTCvsaP1FZXtLAUBeOV/BdnRI3s
zOFec4Zye8yjaKmZ9sE4+kIcypRmjqCT+Do0imLm/EXdR/3wseFqEXjTOw==
-----END CERTIFICATE-----