Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6316716a-9487-4213-97b0-541f76036d84.roa
File:                     6316716a-9487-4213-97b0-541f76036d84.roa (raw, json)
Hash identifier:          Plz6WEETGs/dxKxmH1PmHeCjbDVxeh7yPFWB3c2MDF8=
Subject key identifier:   F6:E2:5B:05:64:90:65:47:68:13:D9:A0:98:5A:CE:34:5C:F9:08:99
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6936C68819070F0A25A4A051E2C8BE83EC8B36C1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6316716a-9487-4213-97b0-541f76036d84.roa
Signing time:             Sat 01 Nov 2025 00:51:40 +0000
ROA not before:           Sat 01 Nov 2025 00:51:40 +0000
ROA not after:            Sat 06 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.101.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:36:c6:88:19:07:0f:0a:25:a4:a0:51:e2:c8:be:83:ec:8b:36:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  1 00:51:40 2025 GMT
            Not After : Dec  6 23:59:59 2025 GMT
        Subject: serialNumber=1bdff85f03473a0f7d56a8f0c1571503bac11da5d282fb0dd85b5e1f112b52ec, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:17:43:48:d7:cd:a6:bc:26:07:29:32:d8:71:
                    0a:48:74:51:cd:e3:85:68:fa:cc:44:d5:87:67:23:
                    51:e3:1d:44:ab:47:0f:8f:9d:ed:64:32:57:11:90:
                    83:e3:97:20:c6:a4:70:78:83:0c:b8:5e:d8:dc:47:
                    3e:f4:54:14:19:08:32:59:17:ef:85:e0:67:3e:31:
                    5a:0d:17:c4:0a:f7:86:68:28:ac:5d:fc:c6:e6:86:
                    12:f1:b6:8b:05:61:02:08:f3:c4:65:26:0b:50:f4:
                    5a:bb:2d:ac:ec:0a:8c:af:78:d8:c6:a2:d6:14:8c:
                    e7:f7:22:c9:a4:90:0c:f5:c1:6e:d2:17:56:0d:a8:
                    48:d7:84:16:ec:83:71:df:cb:de:84:d5:2b:d8:ef:
                    cd:1b:26:c4:fc:06:02:a5:ae:52:d8:a3:cb:e1:25:
                    7c:65:c2:10:35:60:ba:6b:2c:f5:20:ac:9e:7a:16:
                    b6:c9:d7:c1:3c:10:15:6f:a3:ae:a3:d9:f4:c4:0e:
                    7d:ac:cb:32:69:bf:76:8f:bd:a5:dc:e8:38:e7:44:
                    62:3b:1f:af:09:c9:b3:bf:51:c9:2a:63:3a:ee:80:
                    d3:67:15:58:c5:a6:91:8b:10:db:77:cb:ea:97:cc:
                    02:dc:7f:a1:26:b1:62:6f:b9:7a:b4:ab:10:f1:4a:
                    7c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:E2:5B:05:64:90:65:47:68:13:D9:A0:98:5A:CE:34:5C:F9:08:99
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6316716a-9487-4213-97b0-541f76036d84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.101.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a3:1d:21:a8:7b:bd:80:53:3c:fd:89:8d:14:34:98:cc:f8:33:
         c4:06:48:05:0f:43:94:e0:36:c7:3d:ad:be:f0:56:b1:42:5d:
         cf:66:f3:5e:3e:8f:a1:2f:0b:9a:85:b5:2a:02:c2:00:e7:14:
         2e:7d:6d:b4:ca:df:eb:4c:61:bd:5b:14:cd:40:e5:cc:fb:88:
         21:88:b1:ac:4d:e8:c6:f1:9b:96:b8:10:cd:90:73:70:12:d0:
         4e:99:72:a3:31:6d:aa:91:a3:e8:11:d7:47:6e:9f:cf:ec:35:
         15:47:2b:72:fd:d6:4f:fa:84:eb:73:f5:43:ee:b9:52:2b:40:
         73:f2:c8:bd:b8:0f:e2:7d:48:a0:13:44:b4:f6:13:5c:31:6b:
         ce:38:c8:37:4b:42:1c:f5:44:f5:ee:77:02:c9:de:1c:4e:2e:
         2e:d7:6f:c7:fd:ee:4d:14:e9:43:bd:ed:0c:75:4d:09:4a:4d:
         0b:a9:0e:25:f4:2c:82:e0:0b:c5:d4:3d:4b:85:75:cf:00:56:
         1b:83:6f:79:7e:b6:b9:44:ee:27:f0:d9:83:d5:1f:0a:d3:9d:
         4c:8b:3a:ac:e1:91:ef:29:a5:3f:0e:ef:b2:b9:31:94:a9:87:
         8d:7a:0c:b8:bb:b3:bc:8c:25:ce:3a:2d:1e:2f:4e:ba:ac:52:
         e0:3b:8d:fb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUaTbGiBkHDwolpKBR4si+g+yLNsEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAxMDA1MTQwWhcNMjUxMjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYmRmZjg1ZjAzNDczYTBmN2Q1NmE4ZjBjMTU3MTUwM2Jh
YzExZGE1ZDI4MmZiMGRkODViNWUxZjExMmI1MmVjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCF0NI182mvCYHKTLYcQpIdFHN44Vo+sxE1YdnI1HjHUSr
Rw+Pne1kMlcRkIPjlyDGpHB4gwy4XtjcRz70VBQZCDJZF++F4Gc+MVoNF8QK94Zo
KKxd/MbmhhLxtosFYQII88RlJgtQ9Fq7LazsCoyveNjGotYUjOf3IsmkkAz1wW7S
F1YNqEjXhBbsg3Hfy96E1SvY780bJsT8BgKlrlLYo8vhJXxlwhA1YLprLPUgrJ56
FrbJ18E8EBVvo66j2fTEDn2syzJpv3aPvaXc6DjnRGI7H68JybO/UckqYzrugNNn
FVjFppGLENt3y+qXzALcf6EmsWJvuXq0qxDxSnwvAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU9uJbBWSQZUdoE9mgmFrONFz5CJkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYzMTY3MTZhLTk0ODctNDIxMy05N2IwLTU0MWY3NjAzNmQ4NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4ZTANBgkqhkiG9w0BAQsFAAOCAQEAox0hqHu9gFM8/YmNFDSYzPgzxAZI
BQ9DlOA2xz2tvvBWsUJdz2bzXj6PoS8LmoW1KgLCAOcULn1ttMrf60xhvVsUzUDl
zPuIIYixrE3oxvGblrgQzZBzcBLQTplyozFtqpGj6BHXR26fz+w1FUcrcv3WT/qE
63P1Q+65UitAc/LIvbgP4n1IoBNEtPYTXDFrzjjIN0tCHPVE9e53AsneHE4uLtdv
x/3uTRTpQ73tDHVNCUpNC6kOJfQsguALxdQ9S4V1zwBWG4NveX62uUTuJ/DZg9Uf
CtOdTIs6rOGR7ymlPw7vsrkxlKmHjXoMuLuzvIwlzjotHi9OuqxS4DuN+w==
-----END CERTIFICATE-----