Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/565bd2b5-79dd-4341-a5bc-d68981cd9648.roa
File:                     565bd2b5-79dd-4341-a5bc-d68981cd9648.roa (raw, json)
Hash identifier:          B4o7BTnXpka8GjAmRB4+IIVl0W4M4xGMYMVi565R2B0=
Subject key identifier:   3C:1B:A5:C5:65:96:DD:97:3D:CA:EC:F8:29:DD:24:7B:E1:8C:F7:C6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       409485EC1DE5FD5B70E0AACD7B819F53A1F44F46
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/565bd2b5-79dd-4341-a5bc-d68981cd9648.roa
Signing time:             Sat 01 Nov 2025 00:20:57 +0000
ROA not before:           Sat 01 Nov 2025 00:20:57 +0000
ROA not after:            Sat 06 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.119.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:94:85:ec:1d:e5:fd:5b:70:e0:aa:cd:7b:81:9f:53:a1:f4:4f:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  1 00:20:57 2025 GMT
            Not After : Dec  6 23:59:59 2025 GMT
        Subject: serialNumber=300ed23c6f27c56326120a1e365b2402006695c4cb84eaa15f4daaec345c0db2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ae:1c:2f:60:86:8c:fd:22:fa:c3:d6:12:f6:
                    24:90:33:36:c5:f3:ca:b5:40:af:16:1b:7e:93:22:
                    67:ed:25:1b:ee:cd:e6:ce:0c:1b:94:27:88:10:d7:
                    31:45:59:61:38:f8:c2:46:3c:76:e3:f2:bd:aa:1e:
                    7a:ce:94:64:8a:ad:b2:fd:39:cb:a1:de:78:5e:ed:
                    06:74:64:e9:d9:cd:7c:d7:d4:5e:27:f5:b4:ff:fa:
                    c1:d8:cf:c1:af:63:02:fd:d1:80:09:77:ba:d7:b9:
                    f9:2e:c3:6e:ea:cd:47:b3:b0:25:14:8f:07:ee:8c:
                    d5:c4:dd:89:cc:b0:a5:8c:74:cd:52:1e:e1:9c:09:
                    ce:90:b1:da:1a:f3:aa:d6:a7:1f:19:a7:de:be:ca:
                    0a:ab:3d:cf:a2:85:ff:27:64:19:1d:20:38:5c:4a:
                    31:1b:c1:ab:69:f5:fa:ef:27:f1:9c:aa:ed:b7:d2:
                    54:ff:1d:72:d3:4c:24:ad:be:dc:4b:65:da:b1:40:
                    52:a6:e8:c0:75:93:83:7a:36:f7:0c:e4:90:bd:94:
                    1a:29:f2:f6:99:c5:cd:9f:eb:86:bc:55:a8:50:5e:
                    03:4f:5d:59:34:39:96:db:11:5e:45:36:52:ab:b8:
                    0e:9f:2c:92:5b:9b:46:a2:7d:49:cf:64:3c:04:f8:
                    f8:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:1B:A5:C5:65:96:DD:97:3D:CA:EC:F8:29:DD:24:7B:E1:8C:F7:C6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/565bd2b5-79dd-4341-a5bc-d68981cd9648.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.119.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1b:b0:69:59:86:b8:fe:85:ff:bd:da:fe:1e:c6:ab:75:ee:98:
         c8:63:e0:0d:b2:6d:e7:70:e5:45:22:31:17:64:43:d9:66:17:
         d3:6a:54:ec:90:a5:5e:ea:cc:53:7f:7b:a8:4d:27:cd:48:38:
         89:b6:f6:51:7e:e5:79:8f:de:05:68:4c:73:83:03:5c:e4:9f:
         32:bc:24:eb:16:e0:e5:c5:ff:da:fb:71:cb:1f:a3:18:71:c8:
         37:58:44:bd:13:8c:2b:7d:c0:82:44:4f:6b:b8:69:e9:17:9b:
         e7:3e:80:b8:fe:3e:41:bf:c3:2e:a3:77:a5:d6:6c:27:e8:d1:
         ec:e6:06:cf:8e:00:b5:6f:77:16:2d:7a:6b:73:11:e6:4e:9c:
         6c:14:75:af:36:66:eb:d2:fe:25:70:17:44:b9:e3:ed:66:cd:
         24:2a:c7:fb:d8:3f:a4:3a:04:2a:92:29:ff:9a:75:6b:59:59:
         05:cb:cc:65:04:2d:6c:cd:66:3f:1d:93:b6:2f:63:99:43:bb:
         65:e7:e2:1c:21:2e:49:cb:ce:3a:4b:e6:79:f7:88:3b:89:65:
         08:e0:34:12:e5:a4:16:1e:d9:f8:6d:05:49:2f:a9:97:37:31:
         9c:a4:11:1e:5d:db:33:f5:2e:08:db:fc:ad:d4:32:fa:71:61:
         24:0a:94:92
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQJSF7B3l/Vtw4KrNe4GfU6H0T0YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAxMDAyMDU3WhcNMjUxMjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMDBlZDIzYzZmMjdjNTYzMjYxMjBhMWUzNjViMjQwMjAw
NjY5NWM0Y2I4NGVhYTE1ZjRkYWFlYzM0NWMwZGIyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwrhwvYIaM/SL6w9YS9iSQMzbF88q1QK8WG36TImftJRvu
zebODBuUJ4gQ1zFFWWE4+MJGPHbj8r2qHnrOlGSKrbL9Ocuh3nhe7QZ0ZOnZzXzX
1F4n9bT/+sHYz8GvYwL90YAJd7rXufkuw27qzUezsCUUjwfujNXE3YnMsKWMdM1S
HuGcCc6Qsdoa86rWpx8Zp96+ygqrPc+ihf8nZBkdIDhcSjEbwatp9frvJ/Gcqu23
0lT/HXLTTCStvtxLZdqxQFKm6MB1k4N6NvcM5JC9lBop8vaZxc2f64a8VahQXgNP
XVk0OZbbEV5FNlKruA6fLJJbm0aifUnPZDwE+Pg9AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUPBulxWWW3Zc9yuz4Kd0ke+GM98YwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU2NWJkMmI1LTc5ZGQtNDM0MS1hNWJjLWQ2ODk4MWNkOTY0OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4dzANBgkqhkiG9w0BAQsFAAOCAQEAG7BpWYa4/oX/vdr+Hsarde6YyGPg
DbJt53DlRSIxF2RD2WYX02pU7JClXurMU397qE0nzUg4ibb2UX7leY/eBWhMc4MD
XOSfMrwk6xbg5cX/2vtxyx+jGHHIN1hEvROMK33AgkRPa7hp6Reb5z6AuP4+Qb/D
LqN3pdZsJ+jR7OYGz44AtW93Fi16a3MR5k6cbBR1rzZm69L+JXAXRLnj7WbNJCrH
+9g/pDoEKpIp/5p1a1lZBcvMZQQtbM1mPx2Tti9jmUO7ZefiHCEuScvOOkvmefeI
O4llCOA0EuWkFh7Z+G0FSS+plzcxnKQRHl3bM/UuCNv8rdQy+nFhJAqUkg==
-----END CERTIFICATE-----