Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/907d1ff6-b72d-4eb8-81e9-4b99b5824d76.roa
File:                     907d1ff6-b72d-4eb8-81e9-4b99b5824d76.roa (raw, json)
Hash identifier:          cr9EVjX+Qh7znSNo5j6CikbawEceF5Pmpa3AI5KB5Bs=
Subject key identifier:   E0:C8:8E:5C:82:53:5B:72:7F:A0:35:79:DF:22:C4:A3:19:C3:80:2E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       68C232B5323C88DF45ACE04D7ECCF2C1CD75D875
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/907d1ff6-b72d-4eb8-81e9-4b99b5824d76.roa
Signing time:             Sun 26 Oct 2025 00:10:06 +0000
ROA not before:           Sun 26 Oct 2025 00:10:06 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.187.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:c2:32:b5:32:3c:88:df:45:ac:e0:4d:7e:cc:f2:c1:cd:75:d8:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 00:10:06 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=6e999bf5ac148715a0e057c831f95605c967e3d768a26f1497ecbcbaf6912b7c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:50:79:53:74:4b:8d:41:63:76:4f:f9:88:58:
                    91:c5:c3:11:cd:0d:92:bf:b0:f8:93:1d:ba:fc:c4:
                    1a:d5:4f:aa:42:98:fb:d9:8a:9f:71:d8:8b:e9:b1:
                    7a:b1:0d:4a:85:75:4d:90:d1:00:bc:82:a4:1f:5b:
                    86:5c:76:eb:bf:51:fd:3f:97:d2:39:2c:63:3b:5e:
                    bf:d1:40:b0:29:f9:2e:52:69:cc:26:e6:1c:63:4f:
                    07:8b:df:d2:c9:eb:ef:52:ae:15:5c:73:3a:8f:0b:
                    05:69:5f:22:72:2c:c1:a5:4e:f1:93:26:51:eb:9e:
                    32:5a:68:fb:b4:ef:ac:4a:79:32:fe:e0:03:f7:ac:
                    f8:16:7c:5f:b1:b7:b5:c2:d8:2a:40:f5:61:80:ea:
                    41:f9:93:e4:53:93:2b:b7:f4:03:63:b1:21:00:02:
                    9e:37:4b:c4:95:86:6d:1a:03:75:90:5b:ba:c6:1e:
                    1c:4d:68:7b:75:0c:42:68:d7:fa:4d:1c:6a:6e:05:
                    d8:92:b1:a8:61:51:51:3c:57:d1:8e:d2:39:df:6a:
                    8f:79:57:04:fd:62:3e:4e:c1:8b:a6:30:32:4e:a7:
                    f1:e2:ad:a2:2c:23:12:50:fe:8f:59:70:51:d3:ca:
                    73:0a:da:36:a7:fe:23:e4:9e:b8:c8:ad:ae:5a:10:
                    35:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:C8:8E:5C:82:53:5B:72:7F:A0:35:79:DF:22:C4:A3:19:C3:80:2E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/907d1ff6-b72d-4eb8-81e9-4b99b5824d76.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.187.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         11:1a:2f:53:50:ab:80:dc:af:41:51:59:90:25:d6:14:90:c2:
         6f:87:5c:54:be:83:6d:70:6c:72:2e:80:ec:e2:45:66:b3:d5:
         22:47:0a:ae:c3:c9:56:5d:60:a7:36:02:c4:8f:ad:1e:99:c5:
         a1:3a:26:f4:84:f7:6e:06:c0:9f:59:f6:c9:32:27:71:0a:f9:
         9b:29:e1:d1:f2:72:42:7f:7c:a7:3d:5e:03:76:3b:ad:eb:b5:
         6a:c3:ae:39:de:be:02:6c:e3:93:72:bf:c7:c4:78:01:5c:2c:
         a7:85:23:dd:e3:26:43:59:0e:c8:64:ec:18:4c:cd:01:43:db:
         c3:a5:43:65:5d:07:74:71:b1:f2:4c:7a:d2:fe:4f:cf:fe:85:
         7b:1d:9e:98:51:2c:1c:dd:ec:52:30:a7:1e:39:57:13:73:b5:
         84:39:6b:d4:67:59:f0:a2:6b:33:0f:ae:38:95:fe:0e:15:6e:
         81:04:8e:da:b7:4d:69:3a:42:f3:46:a5:81:1a:6b:16:07:5b:
         0b:e2:68:1f:13:c7:d1:fd:f3:c9:31:00:5e:46:7b:ad:e0:95:
         d6:0c:be:c0:b1:34:f9:7d:5a:ff:63:1d:5e:ee:86:4f:c7:94:
         96:e2:19:fa:5b:8d:6d:20:15:cf:2f:b7:cb:0e:ee:24:d3:95:
         c6:3f:cc:d2
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUaMIytTI8iN9FrOBNfszywc112HUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDAxMDA2WhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZTk5OWJmNWFjMTQ4NzE1YTBlMDU3YzgzMWY5NTYwNWM5
NjdlM2Q3NjhhMjZmMTQ5N2VjYmNiYWY2OTEyYjdjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDUHlTdEuNQWN2T/mIWJHFwxHNDZK/sPiTHbr8xBrVT6pC
mPvZip9x2IvpsXqxDUqFdU2Q0QC8gqQfW4Zcduu/Uf0/l9I5LGM7Xr/RQLAp+S5S
acwm5hxjTweL39LJ6+9SrhVcczqPCwVpXyJyLMGlTvGTJlHrnjJaaPu076xKeTL+
4AP3rPgWfF+xt7XC2CpA9WGA6kH5k+RTkyu39ANjsSEAAp43S8SVhm0aA3WQW7rG
HhxNaHt1DEJo1/pNHGpuBdiSsahhUVE8V9GO0jnfao95VwT9Yj5OwYumMDJOp/Hi
raIsIxJQ/o9ZcFHTynMK2jan/iPknrjIra5aEDVHAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU4MiOXIJTW3J/oDV53yLEoxnDgC4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzkwN2QxZmY2LWI3MmQtNGViOC04MWU5LTRiOTliNTgyNGQ3Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4uzANBgkqhkiG9w0BAQsFAAOCAQEAERovU1CrgNyvQVFZkCXWFJDCb4dc
VL6DbXBsci6A7OJFZrPVIkcKrsPJVl1gpzYCxI+tHpnFoTom9IT3bgbAn1n2yTIn
cQr5mynh0fJyQn98pz1eA3Y7reu1asOuOd6+Amzjk3K/x8R4AVwsp4Uj3eMmQ1kO
yGTsGEzNAUPbw6VDZV0HdHGx8kx60v5Pz/6Fex2emFEsHN3sUjCnHjlXE3O1hDlr
1GdZ8KJrMw+uOJX+DhVugQSO2rdNaTpC80algRprFgdbC+JoHxPH0f3zyTEAXkZ7
reCV1gy+wLE0+X1a/2MdXu6GT8eUluIZ+luNbSAVzy+3yw7uJNOVxj/M0g==
-----END CERTIFICATE-----