Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03f9aa29-3019-4136-a7a6-f6d848d356b7.roa
File:                     03f9aa29-3019-4136-a7a6-f6d848d356b7.roa (raw, json)
Hash identifier:          LhGgqcD/sffovxuRnRiuQNL3OngxZEyV1orKv+8ebEY=
Subject key identifier:   B8:C9:DF:C3:EE:BF:59:86:6C:C4:78:EE:19:65:07:6C:1F:3F:2F:F3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6FC1CE22C972717E39502A283162DF350876234D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03f9aa29-3019-4136-a7a6-f6d848d356b7.roa
Signing time:             Sat 25 Oct 2025 00:21:29 +0000
ROA not before:           Sat 25 Oct 2025 00:21:29 +0000
ROA not after:            Sat 29 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.22.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:c1:ce:22:c9:72:71:7e:39:50:2a:28:31:62:df:35:08:76:23:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 25 00:21:29 2025 GMT
            Not After : Nov 29 23:59:59 2025 GMT
        Subject: serialNumber=1869129153219fbfd3af0a66a55b0e7f2f428fd5984fa99f43fd9a0c1f2ccc4f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:92:ff:0d:8a:00:1a:8a:40:84:82:77:23:a1:
                    cd:14:05:84:2e:e8:6a:9e:f6:c8:9d:69:5c:b4:09:
                    ed:db:9b:60:ca:04:1f:59:58:cd:15:47:6b:5a:93:
                    eb:1b:8f:4d:07:15:df:50:f9:00:3e:bf:c6:f0:a5:
                    1a:39:38:eb:f7:3a:60:bf:23:ad:e7:4b:ab:31:49:
                    ba:48:d7:ed:b0:9c:92:e2:4e:87:52:6d:83:2b:80:
                    8b:bd:91:e1:fd:69:1e:f8:ba:5b:2d:48:8c:51:78:
                    c9:0f:16:9b:f7:5d:2a:14:7b:3c:e4:f1:13:c7:88:
                    7b:08:15:69:16:62:48:47:37:ab:3e:e2:e9:35:1f:
                    cf:bd:b4:d8:11:44:c5:b4:e7:31:09:23:d8:09:32:
                    aa:db:57:88:21:6a:57:68:40:e5:15:d1:fc:e0:d5:
                    f3:79:2b:14:8b:af:a2:da:79:4a:3f:77:1a:a3:7c:
                    7d:63:e2:7d:29:00:d5:93:30:05:fd:af:cd:30:c8:
                    3e:6d:b7:ab:2c:c1:8a:e8:2e:96:37:b3:c4:10:3d:
                    5c:61:c4:75:67:c6:f5:5b:25:2a:4d:26:3a:4f:91:
                    61:ef:53:35:ff:d2:9d:af:54:be:28:47:c0:d3:c5:
                    b2:b0:21:5b:a2:58:3d:90:fc:b3:24:a7:59:6d:03:
                    66:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:C9:DF:C3:EE:BF:59:86:6C:C4:78:EE:19:65:07:6C:1F:3F:2F:F3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03f9aa29-3019-4136-a7a6-f6d848d356b7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.22.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         78:35:95:a9:45:66:40:a1:5e:e2:58:39:d0:01:52:b9:b4:75:
         58:e5:31:69:35:9d:1f:ef:5b:ac:b2:b8:12:d2:8e:2c:ee:e6:
         50:82:02:7b:0a:62:77:43:bd:5c:0c:7a:00:a7:68:09:d1:0c:
         4a:d5:4c:a0:34:8a:6e:81:85:fd:23:60:0f:3f:07:99:ef:bf:
         0b:82:c4:51:78:fb:2d:71:18:3b:7e:7a:b5:68:17:f1:84:1a:
         bb:1e:fb:41:2c:d5:c3:39:43:1c:45:8f:e7:a1:c3:2f:61:14:
         d0:d1:30:27:dc:d2:70:76:e4:bc:fb:f6:58:04:88:3b:d8:e7:
         90:e4:03:1c:bf:ed:ca:61:75:00:5f:82:7a:c4:a2:22:47:e8:
         f4:57:90:ec:4c:09:5a:28:ee:78:ac:d6:ae:c3:b6:8c:2b:81:
         96:14:48:0c:87:64:5b:f4:7d:c6:84:7e:40:89:13:f1:9b:90:
         64:47:26:bd:54:89:a7:42:d8:c0:20:11:91:a8:26:b5:4c:47:
         f7:3c:ca:aa:70:79:c6:12:de:69:ec:8b:45:3e:dc:f5:c2:76:
         8d:fc:0d:7c:ad:e5:e3:65:1f:6f:90:03:98:55:05:95:a9:22:
         81:3e:cf:4a:bd:74:a0:2a:9b:76:2a:c1:af:dc:32:07:97:b2:
         95:20:55:58
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUb8HOIslycX45UCooMWLfNQh2I00wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI1MDAyMTI5WhcNMjUxMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AxODY5MTI5MTUzMjE5ZmJmZDNhZjBhNjZhNTViMGU3ZjJm
NDI4ZmQ1OTg0ZmE5OWY0M2ZkOWEwYzFmMmNjYzRmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUkv8NigAaikCEgncjoc0UBYQu6Gqe9sidaVy0Ce3bm2DK
BB9ZWM0VR2tak+sbj00HFd9Q+QA+v8bwpRo5OOv3OmC/I63nS6sxSbpI1+2wnJLi
TodSbYMrgIu9keH9aR74ulstSIxReMkPFpv3XSoUezzk8RPHiHsIFWkWYkhHN6s+
4uk1H8+9tNgRRMW05zEJI9gJMqrbV4ghaldoQOUV0fzg1fN5KxSLr6LaeUo/dxqj
fH1j4n0pANWTMAX9r80wyD5tt6sswYroLpY3s8QQPVxhxHVnxvVbJSpNJjpPkWHv
UzX/0p2vVL4oR8DTxbKwIVuiWD2Q/LMkp1ltA2Y7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUuMnfw+6/WYZsxHjuGWUHbB8/L/MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAzZjlhYTI5LTMwMTktNDEzNi1hN2E2LWY2ZDg0OGQzNTZiNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQFjANBgkqhkiG9w0BAQsFAAOCAQEAeDWVqUVmQKFe4lg50AFSubR1WOUx
aTWdH+9brLK4EtKOLO7mUIICewpid0O9XAx6AKdoCdEMStVMoDSKboGF/SNgDz8H
me+/C4LEUXj7LXEYO356tWgX8YQaux77QSzVwzlDHEWP56HDL2EU0NEwJ9zScHbk
vPv2WASIO9jnkOQDHL/tymF1AF+CesSiIkfo9FeQ7EwJWijueKzWrsO2jCuBlhRI
DIdkW/R9xoR+QIkT8ZuQZEcmvVSJp0LYwCARkagmtUxH9zzKqnB5xhLeaeyLRT7c
9cJ2jfwNfK3l42Ufb5ADmFUFlakigT7PSr10oCqbdirBr9wyB5eylSBVWA==
-----END CERTIFICATE-----