Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c0f72a14-71a9-47a1-ad9c-1f9129079bfb.roa
File:                     c0f72a14-71a9-47a1-ad9c-1f9129079bfb.roa (raw, json)
Hash identifier:          5hGgRBV7s5qfZDDIkBbYJRmk7XZoP5EvAFYS9U9lVZU=
Subject key identifier:   79:E2:77:FF:47:24:32:D0:EB:A9:C4:13:B0:E7:46:25:DF:89:BB:73
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       20DA97D40542A9A05B0879F656BC7623B560DD50
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c0f72a14-71a9-47a1-ad9c-1f9129079bfb.roa
Signing time:             Sat 01 Nov 2025 00:30:59 +0000
ROA not before:           Sat 01 Nov 2025 00:30:59 +0000
ROA not after:            Sat 06 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.89.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:da:97:d4:05:42:a9:a0:5b:08:79:f6:56:bc:76:23:b5:60:dd:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  1 00:30:59 2025 GMT
            Not After : Dec  6 23:59:59 2025 GMT
        Subject: serialNumber=3cde7f520d4073726643b059e82aea78beb2c55a2b80e99010d9ac71297adf2b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:8a:a6:d0:bd:f9:61:34:6f:98:db:5f:ea:91:
                    9a:d2:17:0c:1d:e4:8e:6c:28:56:f7:2e:b8:cf:b7:
                    87:04:15:29:1f:66:f7:63:8f:22:97:00:30:08:05:
                    81:63:45:ca:dd:c7:ef:8d:76:31:35:1d:0e:5c:d6:
                    1d:e2:92:c7:a7:c2:c4:74:4e:3b:11:98:31:c8:6d:
                    98:1b:9a:39:bd:f6:8b:ed:2d:90:d8:ac:6e:bc:42:
                    bc:f1:21:e2:62:e9:89:15:25:ae:43:39:f6:1d:f9:
                    1e:4b:05:50:29:1e:e8:ab:9e:3a:0c:10:3e:31:b8:
                    c9:d2:57:57:77:6f:7a:11:31:bc:17:06:73:fc:9b:
                    67:c0:cf:f4:1e:8f:44:d4:26:13:8c:66:69:53:78:
                    32:10:fe:e9:6f:5c:4c:3c:d3:02:81:7e:f0:27:ff:
                    33:28:85:f2:8f:06:07:07:5b:30:fc:80:c8:3f:72:
                    21:eb:61:b0:12:bd:dc:c0:26:90:d7:cb:54:8a:44:
                    f3:eb:c5:7c:64:39:1e:3c:23:19:b1:25:d7:5e:83:
                    db:c5:a5:01:03:9d:57:46:e8:99:6d:74:50:4b:78:
                    55:d4:74:6c:72:e8:71:b4:e7:73:31:e9:0f:d0:3a:
                    59:0a:d8:5c:73:ec:b1:b5:44:d5:db:25:bb:c9:3a:
                    b7:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:E2:77:FF:47:24:32:D0:EB:A9:C4:13:B0:E7:46:25:DF:89:BB:73
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c0f72a14-71a9-47a1-ad9c-1f9129079bfb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.89.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4a:95:6b:e7:a8:f3:18:20:1a:f6:97:5f:97:0b:04:01:ef:62:
         13:28:73:37:76:0e:e5:62:ae:e0:78:58:a1:3b:da:2d:96:bb:
         15:20:89:5e:1d:85:3e:7c:b9:1c:98:5b:ce:e4:cd:7a:1f:a5:
         b6:d2:45:55:14:6c:11:52:74:07:d1:8b:09:54:4d:cc:e1:12:
         b3:0b:a0:90:49:81:ef:cc:7e:2f:24:64:e2:e4:fc:03:a4:14:
         2e:0b:49:4c:c5:f4:06:61:9d:1e:ba:22:83:c9:ca:0b:f5:2d:
         a9:6a:05:5f:84:0b:37:bd:49:62:6d:ef:31:80:fd:a6:42:37:
         aa:27:1f:ac:8f:b0:a4:59:3d:ef:61:bf:2f:5a:8f:c4:cf:58:
         b1:1e:6a:2c:44:e0:e1:75:1b:f8:83:84:74:b9:92:bb:d6:85:
         00:06:d6:79:99:22:fc:68:e0:f4:c7:f0:58:d1:4b:82:17:a0:
         a2:17:59:6c:7b:9f:9f:b0:1b:9e:4d:e7:57:b0:58:ad:64:2c:
         23:f4:ea:44:6d:f6:0c:32:7a:99:ce:5c:7e:a0:27:d8:dc:11:
         5e:87:6b:c7:98:c3:ab:63:3d:01:37:ad:12:c1:be:c2:f7:90:
         24:b5:27:6c:cd:18:af:40:cc:2b:2c:ba:a1:b0:f2:1a:1e:26:
         e7:80:9e:76
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUINqX1AVCqaBbCHn2Vrx2I7Vg3VAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAxMDAzMDU5WhcNMjUxMjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0AzY2RlN2Y1MjBkNDA3MzcyNjY0M2IwNTllODJhZWE3OGJl
YjJjNTVhMmI4MGU5OTAxMGQ5YWM3MTI5N2FkZjJiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+iqbQvflhNG+Y21/qkZrSFwwd5I5sKFb3LrjPt4cEFSkf
ZvdjjyKXADAIBYFjRcrdx++NdjE1HQ5c1h3iksenwsR0TjsRmDHIbZgbmjm99ovt
LZDYrG68QrzxIeJi6YkVJa5DOfYd+R5LBVApHuirnjoMED4xuMnSV1d3b3oRMbwX
BnP8m2fAz/Qej0TUJhOMZmlTeDIQ/ulvXEw80wKBfvAn/zMohfKPBgcHWzD8gMg/
ciHrYbASvdzAJpDXy1SKRPPrxXxkOR48IxmxJddeg9vFpQEDnVdG6JltdFBLeFXU
dGxy6HG053Mx6Q/QOlkK2Fxz7LG1RNXbJbvJOrehAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUeeJ3/0ckMtDrqcQTsOdGJd+Ju3MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MwZjcyYTE0LTcxYTktNDdhMS1hZDljLTFmOTEyOTA3OWJmYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4WTANBgkqhkiG9w0BAQsFAAOCAQEASpVr56jzGCAa9pdflwsEAe9iEyhz
N3YO5WKu4HhYoTvaLZa7FSCJXh2FPny5HJhbzuTNeh+lttJFVRRsEVJ0B9GLCVRN
zOESswugkEmB78x+LyRk4uT8A6QULgtJTMX0BmGdHroig8nKC/UtqWoFX4QLN71J
Ym3vMYD9pkI3qicfrI+wpFk972G/L1qPxM9YsR5qLETg4XUb+IOEdLmSu9aFAAbW
eZki/Gjg9MfwWNFLghegohdZbHufn7Abnk3nV7BYrWQsI/TqRG32DDJ6mc5cfqAn
2NwRXodrx5jDq2M9ATetEsG+wveQJLUnbM0Yr0DMKyy6obDyGh4m54Cedg==
-----END CERTIFICATE-----