Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6faaf4ca-5e33-4dd3-b129-514b40c8555d.roa
File:                     6faaf4ca-5e33-4dd3-b129-514b40c8555d.roa (raw, json)
Hash identifier:          9jmOtd7CCOvfsmvRsTGUN2MafF6kmNYamfDUvPKlW1U=
Subject key identifier:   CD:DE:2C:D2:1A:67:57:09:7D:88:A3:E8:B8:39:BB:11:A3:6B:90:BD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0665B1EC34863A4DF9EE2CE6743451F2541CE68A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6faaf4ca-5e33-4dd3-b129-514b40c8555d.roa
Signing time:             Sun 02 Nov 2025 00:41:17 +0000
ROA not before:           Sun 02 Nov 2025 00:41:17 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.126.0.0/16 maxlen: 16
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:65:b1:ec:34:86:3a:4d:f9:ee:2c:e6:74:34:51:f2:54:1c:e6:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:41:17 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=61c54dfea59052ab8124a785191b588a7c71aae52445e4eb7dc6439673711cd7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:47:02:56:a4:1a:df:7d:f2:cb:4c:ce:cb:6c:
                    7b:e7:40:d8:99:c4:6a:72:bc:78:4c:a9:e6:99:a5:
                    4e:2e:8c:7b:71:6e:0a:63:26:48:b8:6e:29:0d:a6:
                    a6:b2:8d:10:cb:f5:68:46:27:24:fa:17:74:dc:2a:
                    80:36:46:7d:2f:38:7d:fd:72:d9:68:c4:15:08:cb:
                    83:80:6d:bc:22:87:ff:f5:f5:bd:6b:b3:26:b3:bc:
                    3b:8b:95:e3:fc:31:7d:10:49:15:4e:32:40:2f:8e:
                    cb:c4:9b:52:7f:c8:0e:13:39:d1:8f:ce:8e:26:44:
                    d4:3b:5f:0a:ca:37:97:41:2b:01:5b:b3:cb:d7:45:
                    fd:0c:71:15:c9:dd:fe:7e:0d:32:69:c0:75:16:f7:
                    e9:e7:cb:29:15:00:0b:4e:23:ca:4a:61:e5:3b:3d:
                    7c:39:d4:16:1f:15:68:30:3c:8f:26:15:74:02:c0:
                    b5:13:f0:5d:a7:d4:87:2a:18:f4:ec:4e:fe:34:6d:
                    bf:01:cc:c5:56:fd:6c:66:9c:d8:66:12:98:5a:8b:
                    f0:da:b5:3c:2d:02:ce:a7:7a:f7:50:a1:7c:4a:ed:
                    21:90:7b:94:41:3f:71:9d:bd:0d:25:97:b0:ea:9a:
                    87:bf:5c:8e:4b:aa:d6:3c:ee:0d:1c:58:6a:5b:16:
                    68:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:DE:2C:D2:1A:67:57:09:7D:88:A3:E8:B8:39:BB:11:A3:6B:90:BD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6faaf4ca-5e33-4dd3-b129-514b40c8555d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.126.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4f:b8:62:67:a1:ef:bb:6d:da:e2:66:7c:9c:27:52:87:d0:e7:
         61:53:64:98:30:3d:f7:22:65:ed:a1:17:cd:09:67:43:22:3d:
         f3:fe:28:4a:4e:17:40:7a:1f:f4:b2:b3:4f:51:bc:a7:89:94:
         01:5d:a1:ac:1c:e2:6e:0f:cc:49:55:70:d0:b2:18:97:fb:dd:
         f5:67:55:67:ef:16:28:1f:00:94:31:c9:82:b5:d4:5d:38:9f:
         b2:d0:20:45:41:d7:39:ac:cb:7f:a5:3b:e3:70:ec:80:82:40:
         78:3f:70:ce:73:ef:4e:bb:13:a0:10:d0:5e:2a:95:1d:9e:38:
         7e:c2:87:84:dc:f2:92:2d:27:7c:8b:ec:dc:0a:57:26:24:36:
         ce:71:17:b2:b7:5d:34:1f:8d:aa:7e:14:f9:1b:71:8e:64:39:
         bd:e9:ee:8f:63:43:00:90:4a:31:4f:ee:c0:53:c1:2a:ec:2b:
         a8:e7:ca:10:df:67:65:3e:1c:9c:ef:78:41:61:e3:82:1e:c3:
         de:5c:9d:f7:49:43:ce:c1:9d:da:77:2a:3c:95:17:72:f4:33:
         3e:e1:88:30:31:64:d5:f3:08:ed:b2:8e:70:5c:9d:38:61:7f:
         7e:4a:56:9d:18:f4:1f:ee:6d:ac:c3:7d:ce:ea:1e:44:65:ca:
         8b:64:4d:ec
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBmWx7DSGOk357izmdDRR8lQc5oowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDA0MTE3WhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MWM1NGRmZWE1OTA1MmFiODEyNGE3ODUxOTFiNTg4YTdj
NzFhYWU1MjQ0NWU0ZWI3ZGM2NDM5NjczNzExY2Q3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDORwJWpBrfffLLTM7LbHvnQNiZxGpyvHhMqeaZpU4ujHtx
bgpjJki4bikNpqayjRDL9WhGJyT6F3TcKoA2Rn0vOH39ctloxBUIy4OAbbwih//1
9b1rsyazvDuLleP8MX0QSRVOMkAvjsvEm1J/yA4TOdGPzo4mRNQ7XwrKN5dBKwFb
s8vXRf0McRXJ3f5+DTJpwHUW9+nnyykVAAtOI8pKYeU7PXw51BYfFWgwPI8mFXQC
wLUT8F2n1IcqGPTsTv40bb8BzMVW/WxmnNhmEphai/DatTwtAs6nevdQoXxK7SGQ
e5RBP3GdvQ0ll7Dqmoe/XI5LqtY87g0cWGpbFmjtAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUzd4s0hpnVwl9iKPouDm7EaNrkL0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZmYWFmNGNhLTVlMzMtNGRkMy1iMTI5LTUxNGI0MGM4NTU1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4fjANBgkqhkiG9w0BAQsFAAOCAQEAT7hiZ6Hvu23a4mZ8nCdSh9DnYVNk
mDA99yJl7aEXzQlnQyI98/4oSk4XQHof9LKzT1G8p4mUAV2hrBzibg/MSVVw0LIY
l/vd9WdVZ+8WKB8AlDHJgrXUXTifstAgRUHXOazLf6U743DsgIJAeD9wznPvTrsT
oBDQXiqVHZ44fsKHhNzyki0nfIvs3ApXJiQ2znEXsrddNB+Nqn4U+RtxjmQ5venu
j2NDAJBKMU/uwFPBKuwrqOfKEN9nZT4cnO94QWHjgh7D3lyd90lDzsGd2ncqPJUX
cvQzPuGIMDFk1fMI7bKOcFydOGF/fkpWnRj0H+5trMN9zuoeRGXKi2RN7A==
-----END CERTIFICATE-----