Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0b3352c2-ebbd-4dcd-85d6-ab8d23f1d4e6.roa
File:                     0b3352c2-ebbd-4dcd-85d6-ab8d23f1d4e6.roa (raw, json)
Hash identifier:          iG15wPh0ffnm45QIB5bh9KiiJlPqqUI9tcikPnar5Ss=
Subject key identifier:   85:19:58:57:FB:85:6F:DE:EE:F3:6C:F1:4D:7D:3C:0B:ED:E1:00:6F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       328A4D6A1E1B72D2FABD5F804EA1F08CA3825EE3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0b3352c2-ebbd-4dcd-85d6-ab8d23f1d4e6.roa
Signing time:             Tue 28 Oct 2025 00:50:50 +0000
ROA not before:           Tue 28 Oct 2025 00:50:50 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.67.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:8a:4d:6a:1e:1b:72:d2:fa:bd:5f:80:4e:a1:f0:8c:a3:82:5e:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:50:50 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=4c536008f558fe65f4b38a19c688a168bd1c1d1b819a53b1dc014eb50a544d41, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f8:ca:b3:54:2f:d1:ac:4b:4c:9c:ed:b5:e9:
                    82:2f:ee:6a:c5:bf:12:fe:5a:4e:f2:d3:82:46:7c:
                    de:0f:10:62:20:36:0e:6a:be:a9:ac:4b:c1:e3:97:
                    ba:ae:6a:b6:8d:20:aa:69:6e:b4:e2:ed:76:13:43:
                    9b:b5:6f:58:94:c3:68:80:ab:31:1b:01:47:f7:29:
                    2b:bf:3c:fc:e5:26:c0:d9:fc:6b:28:2b:28:15:1d:
                    4e:ea:65:a2:2f:c0:8f:08:1a:eb:09:22:e9:7e:fe:
                    d6:b4:9f:3a:b9:13:41:36:96:c3:c4:32:17:37:fa:
                    a9:4e:eb:d8:fe:9e:68:c0:27:91:b9:66:90:5a:7d:
                    2d:b4:61:50:4d:b1:89:fd:67:f3:8d:c2:1a:47:74:
                    06:86:31:c8:f9:29:eb:da:20:0d:59:96:5d:ad:41:
                    21:18:9d:0f:57:c3:6a:1d:79:5b:e9:85:f2:58:0e:
                    42:c0:d7:fb:2e:bb:d7:62:b3:3e:ff:fb:bf:a7:50:
                    14:68:98:34:7b:ae:0d:b4:4b:7c:a9:9a:10:b1:45:
                    6d:e9:36:f3:cb:df:3d:2a:29:b4:2b:9c:fe:3e:7c:
                    5a:d7:58:02:ad:85:16:ca:48:c6:b7:12:fb:e2:74:
                    be:69:9f:21:fe:1a:1c:f6:0d:94:1c:5e:07:8e:e9:
                    d1:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:19:58:57:FB:85:6F:DE:EE:F3:6C:F1:4D:7D:3C:0B:ED:E1:00:6F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0b3352c2-ebbd-4dcd-85d6-ab8d23f1d4e6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.67.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         47:01:f0:48:11:23:04:e6:b6:f2:c5:49:2c:35:23:f2:0f:8d:
         8b:bb:86:b5:f5:24:2e:06:f8:19:fc:d6:b7:02:8c:59:a4:c0:
         64:ff:0d:8f:15:31:8d:fa:f1:cc:5f:51:da:57:ad:13:09:1f:
         2b:7e:e6:bc:ae:34:e6:5b:c9:54:f3:28:18:31:94:74:f4:1e:
         98:c0:6f:e9:ec:d1:33:de:47:2b:a4:b2:eb:3c:a0:94:01:c9:
         68:7b:fb:03:7b:06:fe:f5:cd:42:13:76:15:e5:41:89:80:7b:
         36:bd:a4:0c:38:21:49:a4:cc:f9:bd:da:83:d4:ba:70:48:d9:
         0d:5e:63:c5:9e:f8:64:d1:53:18:ac:34:1b:19:1d:d4:15:3e:
         49:1d:a1:14:bb:31:55:eb:c8:97:a7:db:1d:e3:59:87:7b:59:
         79:69:68:a4:2b:86:05:d2:6c:99:d8:e3:9c:0c:f6:72:f4:4b:
         78:22:c4:fa:cd:6c:24:00:49:4a:89:67:49:c4:07:49:77:36:
         20:05:2a:27:9b:4e:bd:38:9f:0e:c0:38:84:33:d8:ac:1c:d0:
         ad:4d:ec:df:bb:33:d8:73:f2:56:cb:16:4e:ae:5c:2c:5d:d2:
         45:7d:1a:80:eb:0a:2b:3e:0a:05:cb:bd:54:01:f2:cd:c0:28:
         6a:44:ae:a5
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUMopNah4bctL6vV+ATqHwjKOCXuMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDA1MDUwWhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0YzUzNjAwOGY1NThmZTY1ZjRiMzhhMTljNjg4YTE2OGJk
MWMxZDFiODE5YTUzYjFkYzAxNGViNTBhNTQ0ZDQxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3+MqzVC/RrEtMnO216YIv7mrFvxL+Wk7y04JGfN4PEGIg
Ng5qvqmsS8Hjl7quaraNIKppbrTi7XYTQ5u1b1iUw2iAqzEbAUf3KSu/PPzlJsDZ
/GsoKygVHU7qZaIvwI8IGusJIul+/ta0nzq5E0E2lsPEMhc3+qlO69j+nmjAJ5G5
ZpBafS20YVBNsYn9Z/ONwhpHdAaGMcj5KevaIA1Zll2tQSEYnQ9Xw2odeVvphfJY
DkLA1/suu9disz7/+7+nUBRomDR7rg20S3ypmhCxRW3pNvPL3z0qKbQrnP4+fFrX
WAKthRbKSMa3EvvidL5pnyH+Ghz2DZQcXgeO6dEHAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUhRlYV/uFb97u82zxTX08C+3hAG8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBiMzM1MmMyLWViYmQtNGRjZC04NWQ2LWFiOGQyM2YxZDRlNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4QzANBgkqhkiG9w0BAQsFAAOCAQEARwHwSBEjBOa28sVJLDUj8g+Ni7uG
tfUkLgb4GfzWtwKMWaTAZP8NjxUxjfrxzF9R2letEwkfK37mvK405lvJVPMoGDGU
dPQemMBv6ezRM95HK6Sy6zyglAHJaHv7A3sG/vXNQhN2FeVBiYB7Nr2kDDghSaTM
+b3ag9S6cEjZDV5jxZ74ZNFTGKw0Gxkd1BU+SR2hFLsxVevIl6fbHeNZh3tZeWlo
pCuGBdJsmdjjnAz2cvRLeCLE+s1sJABJSolnScQHSXc2IAUqJ5tOvTifDsA4hDPY
rBzQrU3s37sz2HPyVssWTq5cLF3SRX0agOsKKz4KBcu9VAHyzcAoakSupQ==
-----END CERTIFICATE-----