Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1aa1ce22-611e-497d-b5a2-a85a34928e7b.roa
File:                     1aa1ce22-611e-497d-b5a2-a85a34928e7b.roa (raw, json)
Hash identifier:          yiYnE8TIuHZUQrRZqseQX4UNm2haVhzLuzyGND9tRYQ=
Subject key identifier:   FE:2E:92:18:1E:60:91:C7:D0:3D:B6:D8:D5:33:DE:95:79:C4:0A:C2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       58D8EC5F9B6FECED5B97DAD6B717A70F049EA183
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1aa1ce22-611e-497d-b5a2-a85a34928e7b.roa
Signing time:             Sat 01 Nov 2025 00:20:57 +0000
ROA not before:           Sat 01 Nov 2025 00:20:57 +0000
ROA not after:            Sat 06 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        56.97.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:d8:ec:5f:9b:6f:ec:ed:5b:97:da:d6:b7:17:a7:0f:04:9e:a1:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  1 00:20:57 2025 GMT
            Not After : Dec  6 23:59:59 2025 GMT
        Subject: serialNumber=0c648431ff0901f79a77a83d08e2667cf2cca9304f52e7d06f2a8ac13afc14ea, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e8:c7:2e:7d:ab:8d:0f:c1:3e:db:a7:d9:75:
                    da:ec:e1:6d:36:fd:61:79:bd:2e:11:47:54:78:2f:
                    a8:11:15:e4:de:12:a8:55:7f:cb:4c:03:d2:bd:3e:
                    76:80:35:f5:c1:50:90:3b:80:ed:57:69:9c:55:0e:
                    2b:74:59:02:b8:9c:83:d5:ff:3a:eb:f8:70:1e:8d:
                    09:aa:8c:15:21:f9:b9:f9:96:8b:84:51:8c:1d:2a:
                    5a:8a:a0:07:69:ac:7f:11:b9:ef:14:a1:88:6d:2e:
                    e1:fa:48:5e:8d:02:54:32:fe:39:f2:cc:ae:c8:5b:
                    2e:77:fc:97:d7:6e:5f:1a:e9:d6:24:60:7a:d9:44:
                    bf:d1:a1:5b:ca:ee:6e:ea:3e:27:01:ad:7c:c7:25:
                    3c:e7:db:20:69:87:c8:26:eb:49:85:c6:35:e1:b6:
                    e7:e1:39:98:30:61:2d:98:89:fd:72:7c:bb:07:68:
                    81:ac:0f:56:c1:76:26:38:4b:15:26:87:53:08:41:
                    19:16:2f:52:76:eb:d4:30:27:e7:60:36:89:e1:ae:
                    9b:5e:73:13:63:bf:7d:b0:05:cb:83:4e:df:f3:3e:
                    55:0e:30:0b:d2:6f:5f:be:b8:39:46:c3:b8:95:cb:
                    dd:02:c1:27:ed:66:a7:6b:b9:18:0f:de:63:50:5e:
                    97:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:2E:92:18:1E:60:91:C7:D0:3D:B6:D8:D5:33:DE:95:79:C4:0A:C2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1aa1ce22-611e-497d-b5a2-a85a34928e7b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.97.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         34:b0:02:a6:eb:84:92:2f:19:75:77:2e:6f:2c:0e:41:7a:6d:
         68:c2:38:69:50:16:96:f2:af:1c:10:11:49:b1:9a:c0:21:1a:
         bf:38:44:b2:5c:8b:25:72:b0:9c:c8:62:2a:6a:b3:76:4c:d5:
         12:ff:60:4c:9f:8a:c1:9c:b3:19:99:43:8a:eb:82:29:00:b1:
         63:68:ca:bf:b8:66:8b:78:e4:04:45:44:b1:4b:f4:49:b3:3d:
         5a:f5:b3:cf:2d:6a:38:7b:f3:47:9a:37:00:90:1f:82:22:60:
         13:0a:43:ca:00:35:6f:db:97:ad:5b:a4:8a:52:a7:c6:13:0b:
         88:31:f6:bb:ce:01:c2:4c:ef:80:74:7c:3b:59:e3:39:85:5a:
         e7:44:b4:bb:1c:0d:b6:76:1a:6f:1f:a2:2e:e4:43:22:49:f2:
         cc:73:66:6e:b0:50:6f:b0:15:dd:72:9c:29:86:37:b4:07:0b:
         d9:34:a9:48:5c:25:44:ff:13:79:f4:02:e2:1f:f6:5b:8d:ac:
         71:39:c1:8c:01:bd:c0:68:35:e0:0d:95:86:7b:11:8f:17:e2:
         5a:31:97:f3:6c:07:69:c8:b4:79:63:da:49:57:aa:8f:94:0c:
         95:d3:73:6e:5e:cb:37:fb:a2:33:3e:c5:20:a4:e1:4d:e7:0b:
         1b:3c:75:9c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUWNjsX5tv7O1bl9rWtxenDwSeoYMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAxMDAyMDU3WhcNMjUxMjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYzY0ODQzMWZmMDkwMWY3OWE3N2E4M2QwOGUyNjY3Y2Yy
Y2NhOTMwNGY1MmU3ZDA2ZjJhOGFjMTNhZmMxNGVhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCd6McufauND8E+26fZddrs4W02/WF5vS4RR1R4L6gRFeTe
EqhVf8tMA9K9PnaANfXBUJA7gO1XaZxVDit0WQK4nIPV/zrr+HAejQmqjBUh+bn5
louEUYwdKlqKoAdprH8Rue8UoYhtLuH6SF6NAlQy/jnyzK7IWy53/JfXbl8a6dYk
YHrZRL/RoVvK7m7qPicBrXzHJTzn2yBph8gm60mFxjXhtufhOZgwYS2Yif1yfLsH
aIGsD1bBdiY4SxUmh1MIQRkWL1J269QwJ+dgNonhrptecxNjv32wBcuDTt/zPlUO
MAvSb1++uDlGw7iVy90CwSftZqdruRgP3mNQXpfjAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU/i6SGB5gkcfQPbbY1TPelXnECsIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFhYTFjZTIyLTYxMWUtNDk3ZC1iNWEyLWE4NWEzNDkyOGU3Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4YTANBgkqhkiG9w0BAQsFAAOCAQEANLACpuuEki8ZdXcubywOQXptaMI4
aVAWlvKvHBARSbGawCEavzhEslyLJXKwnMhiKmqzdkzVEv9gTJ+KwZyzGZlDiuuC
KQCxY2jKv7hmi3jkBEVEsUv0SbM9WvWzzy1qOHvzR5o3AJAfgiJgEwpDygA1b9uX
rVukilKnxhMLiDH2u84BwkzvgHR8O1njOYVa50S0uxwNtnYabx+iLuRDIknyzHNm
brBQb7AV3XKcKYY3tAcL2TSpSFwlRP8TefQC4h/2W42scTnBjAG9wGg14A2VhnsR
jxfiWjGX82wHaci0eWPaSVeqj5QMldNzbl7LN/uiMz7FIKThTecLGzx1nA==
-----END CERTIFICATE-----