Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1ff67b07-091b-43da-9723-1a94e29d65e8.roa
File:                     1ff67b07-091b-43da-9723-1a94e29d65e8.roa (raw, json)
Hash identifier:          z0BnE2R8j4t399JvXOKMQ6GZTaoVSlysgv2y7pcrYsQ=
Subject key identifier:   AE:C7:4A:99:88:12:9B:F8:09:91:67:5F:3B:72:35:EB:AC:9C:92:BB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4B58AC379D6B706FF332492FFCFB53CE0B9596B9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1ff67b07-091b-43da-9723-1a94e29d65e8.roa
Signing time:             Tue 21 Oct 2025 00:51:03 +0000
ROA not before:           Tue 21 Oct 2025 00:51:03 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.43.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:58:ac:37:9d:6b:70:6f:f3:32:49:2f:fc:fb:53:ce:0b:95:96:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 21 00:51:03 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=ad5f736fba695550a6d1452ab38962b137b6abb0c3aaa70a9e6bc6b157fb1847, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:97:23:5c:2d:8e:57:f0:6f:6d:d7:0b:ed:f6:
                    9d:4b:b7:d5:24:51:3b:de:84:26:07:19:9b:96:e6:
                    95:b9:9a:eb:1a:24:88:69:ed:a5:22:00:e5:2a:1d:
                    01:10:6c:c9:ab:06:77:72:ab:5a:da:ba:93:33:1c:
                    4c:1d:0a:9f:60:ff:39:57:12:3d:80:a5:5d:52:28:
                    3d:b1:b0:c9:18:9b:c9:62:8b:05:a8:7b:0a:61:d4:
                    6f:35:93:fb:19:27:49:2d:12:a9:b0:02:3d:a7:fb:
                    bb:86:25:c6:d1:6c:c3:86:84:d3:0c:9b:aa:b1:fa:
                    52:7a:22:35:22:49:e1:98:36:b7:5c:68:98:f3:39:
                    ca:51:c4:da:0f:51:09:75:f4:b4:73:c2:b7:c7:c9:
                    64:16:ca:38:97:3d:5b:29:3a:fb:18:6a:dd:7a:47:
                    f0:60:b5:86:67:dd:ce:44:62:70:76:b3:98:5b:bb:
                    f7:60:10:d9:0d:9f:40:45:fd:6a:a2:e7:68:e0:56:
                    40:f8:cb:00:0f:64:db:29:a8:2c:e9:fe:98:8f:33:
                    11:31:5c:6b:6e:71:32:c6:f2:a9:85:6f:84:27:d1:
                    3d:76:d2:a4:f3:09:f1:7d:4d:0e:45:9e:7b:ec:55:
                    86:ba:db:bd:3e:6a:e7:8e:65:15:12:63:e8:84:81:
                    ee:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:C7:4A:99:88:12:9B:F8:09:91:67:5F:3B:72:35:EB:AC:9C:92:BB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1ff67b07-091b-43da-9723-1a94e29d65e8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.43.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         01:f7:36:47:2e:1c:c1:76:d2:68:aa:c1:cf:83:1f:16:d1:cd:
         b9:55:3a:61:5f:d2:ac:0f:8a:9e:7d:a3:ce:ac:ae:11:d4:03:
         26:68:c7:28:4e:50:13:b7:b0:30:be:ab:71:18:0a:54:30:bd:
         6e:ad:9d:51:54:3f:a5:53:9e:57:cc:3e:19:d9:65:18:0b:13:
         d4:13:c2:d0:c5:ce:8d:01:66:a2:d9:f8:6f:04:78:21:c8:0c:
         26:d4:7b:99:b9:82:b6:65:84:c0:65:b6:73:6f:2d:9e:8b:b1:
         9c:a5:45:3d:74:67:7d:17:e4:f8:cc:e7:46:05:52:c1:61:82:
         62:a6:9a:6e:2a:bb:61:73:60:09:65:eb:2c:e5:6e:40:cd:7b:
         b4:50:31:66:3d:6d:ea:dc:e6:b0:26:a1:26:e5:7a:c2:9e:3a:
         c9:d3:d0:29:5d:c9:b8:23:57:ba:2b:59:88:c5:58:8d:2e:a1:
         c8:61:47:b1:2b:20:f3:cd:3e:6b:2f:65:c8:7b:99:8c:2b:c7:
         a1:fc:1d:fb:68:83:be:18:ff:bf:54:00:c2:c4:db:e7:77:84:
         e7:d3:0a:a9:21:f3:53:7b:1d:70:b7:bd:99:49:01:a2:75:7c:
         d5:2e:e1:f0:47:3a:f7:45:be:93:e0:c1:e9:51:14:3f:ac:f8:
         9c:c7:92:13
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUS1isN51rcG/zMkkv/PtTzguVlrkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIxMDA1MTAzWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZDVmNzM2ZmJhNjk1NTUwYTZkMTQ1MmFiMzg5NjJiMTM3
YjZhYmIwYzNhYWE3MGE5ZTZiYzZiMTU3ZmIxODQ3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDalyNcLY5X8G9t1wvt9p1Lt9UkUTvehCYHGZuW5pW5musa
JIhp7aUiAOUqHQEQbMmrBndyq1raupMzHEwdCp9g/zlXEj2ApV1SKD2xsMkYm8li
iwWoewph1G81k/sZJ0ktEqmwAj2n+7uGJcbRbMOGhNMMm6qx+lJ6IjUiSeGYNrdc
aJjzOcpRxNoPUQl19LRzwrfHyWQWyjiXPVspOvsYat16R/BgtYZn3c5EYnB2s5hb
u/dgENkNn0BF/Wqi52jgVkD4ywAPZNspqCzp/piPMxExXGtucTLG8qmFb4Qn0T12
0qTzCfF9TQ5FnnvsVYa6270+aueOZRUSY+iEge7hAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUrsdKmYgSm/gJkWdfO3I166yckrswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFmZjY3YjA3LTA5MWItNDNkYS05NzIzLTFhOTRlMjlkNjVlOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4KzANBgkqhkiG9w0BAQsFAAOCAQEAAfc2Ry4cwXbSaKrBz4MfFtHNuVU6
YV/SrA+Knn2jzqyuEdQDJmjHKE5QE7ewML6rcRgKVDC9bq2dUVQ/pVOeV8w+Gdll
GAsT1BPC0MXOjQFmotn4bwR4IcgMJtR7mbmCtmWEwGW2c28tnouxnKVFPXRnfRfk
+MznRgVSwWGCYqaabiq7YXNgCWXrLOVuQM17tFAxZj1t6tzmsCahJuV6wp46ydPQ
KV3JuCNXuitZiMVYjS6hyGFHsSsg880+ay9lyHuZjCvHofwd+2iDvhj/v1QAwsTb
53eE59MKqSHzU3sdcLe9mUkBonV81S7h8Ec690W+k+DB6VEUP6z4nMeSEw==
-----END CERTIFICATE-----