Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14a8ea31-750a-4344-92cc-dd70e649ace2.roa
File:                     14a8ea31-750a-4344-92cc-dd70e649ace2.roa (raw, json)
Hash identifier:          ILs3vE41riR4n/z6PxYNwChj7w6xd240r9LaMMqSY5c=
Subject key identifier:   89:47:C5:DE:4E:9C:22:39:6D:C5:89:86:1C:F7:AC:4D:A2:6A:34:C4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       61476BF3B32B22947B65726D6BC16A13B85FC929
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14a8ea31-750a-4344-92cc-dd70e649ace2.roa
Signing time:             Wed 29 Oct 2025 00:30:48 +0000
ROA not before:           Wed 29 Oct 2025 00:30:48 +0000
ROA not after:            Wed 03 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.147.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:47:6b:f3:b3:2b:22:94:7b:65:72:6d:6b:c1:6a:13:b8:5f:c9:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 29 00:30:48 2025 GMT
            Not After : Dec  3 23:59:59 2025 GMT
        Subject: serialNumber=89ccca8ae0f4a78c9f010515bfa1a2a697067579e43116eea1975694a001905f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:e3:af:67:1e:c7:8a:19:e5:1e:15:75:c0:4a:
                    aa:3c:e5:e2:ed:ab:ff:38:16:75:6a:28:cc:bf:66:
                    93:14:de:93:8f:e2:8d:db:82:01:71:99:f1:d4:85:
                    ec:25:11:b1:7b:fd:1e:5a:03:09:a8:2c:19:32:a8:
                    bf:1a:2c:df:2c:5b:ee:55:e2:c3:78:a6:fb:c5:7b:
                    90:cd:cb:12:e9:ce:73:50:5e:dd:48:40:c4:aa:b0:
                    17:02:22:1c:2b:a3:c4:cd:bd:4a:74:74:ba:a4:36:
                    59:9a:8d:b3:20:02:80:33:9c:9e:3e:5f:cd:50:60:
                    06:b7:09:32:d1:c9:5b:31:6f:86:32:11:8b:51:22:
                    5d:8e:a2:eb:5b:7b:7e:55:b6:43:e6:10:8d:5c:c3:
                    49:9a:56:b8:f9:4a:eb:b1:9a:75:e8:89:bc:cd:0e:
                    67:c7:90:42:4b:94:82:b2:e6:f5:f5:04:c5:45:82:
                    b7:23:e8:e7:08:d3:36:32:34:8d:8b:e6:11:6e:d2:
                    d1:b6:8d:f5:dd:be:9e:e0:28:fc:72:2a:52:33:93:
                    61:3e:5d:93:f3:3e:df:ac:f6:ec:98:33:6c:c0:e1:
                    61:3b:65:b0:cb:7b:ac:67:5a:02:b6:cf:e1:67:22:
                    c9:5e:17:4f:1c:1a:62:ee:55:55:f6:62:ba:52:fd:
                    46:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:47:C5:DE:4E:9C:22:39:6D:C5:89:86:1C:F7:AC:4D:A2:6A:34:C4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14a8ea31-750a-4344-92cc-dd70e649ace2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.147.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         17:ec:8d:42:d2:e7:4d:00:96:1c:19:61:21:c2:84:75:e2:ed:
         82:b8:29:8d:16:16:47:56:4d:1b:66:e4:5a:ed:b5:51:84:d9:
         33:40:3e:f1:ae:48:d2:cf:87:ff:b0:fe:4f:39:f4:87:33:5c:
         5b:b5:fe:17:3a:28:47:87:b1:5b:5f:a8:67:17:38:05:b3:36:
         f2:4d:c0:1e:a4:b7:2e:03:b4:f5:e8:b0:d9:36:87:72:34:d6:
         48:d9:ba:45:9a:99:6e:8f:d6:d5:10:9b:22:41:b3:0e:ab:47:
         98:3f:d3:de:1e:89:60:5a:74:7c:f2:1b:0b:ff:f0:1c:cb:02:
         a0:bd:38:98:68:ce:66:1e:cd:a8:ef:01:59:f3:d2:0f:10:54:
         54:dc:e7:af:f6:47:ce:b0:cc:af:13:53:7b:c0:61:d3:08:2c:
         7c:ce:48:bd:06:75:1b:fc:ce:6c:a4:bf:84:73:71:12:d8:cb:
         d3:db:70:45:02:14:13:0a:40:be:d5:76:48:37:3a:43:22:67:
         a2:ca:36:31:fc:5e:86:2a:94:25:a0:05:8b:0c:15:85:77:bf:
         70:73:36:73:01:e0:52:e0:3c:9c:d8:66:c4:4d:b2:36:c9:a2:
         3b:e9:5a:9d:6e:a8:05:fe:f2:43:00:87:74:2b:77:c9:00:66:
         88:11:ef:28
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUYUdr87MrIpR7ZXJta8FqE7hfySkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI5MDAzMDQ4WhcNMjUxMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4OWNjY2E4YWUwZjRhNzhjOWYwMTA1MTViZmExYTJhNjk3
MDY3NTc5ZTQzMTE2ZWVhMTk3NTY5NGEwMDE5MDVmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCP469nHseKGeUeFXXASqo85eLtq/84FnVqKMy/ZpMU3pOP
4o3bggFxmfHUhewlEbF7/R5aAwmoLBkyqL8aLN8sW+5V4sN4pvvFe5DNyxLpznNQ
Xt1IQMSqsBcCIhwro8TNvUp0dLqkNlmajbMgAoAznJ4+X81QYAa3CTLRyVsxb4Yy
EYtRIl2Ooutbe35VtkPmEI1cw0maVrj5SuuxmnXoibzNDmfHkEJLlIKy5vX1BMVF
grcj6OcI0zYyNI2L5hFu0tG2jfXdvp7gKPxyKlIzk2E+XZPzPt+s9uyYM2zA4WE7
ZbDLe6xnWgK2z+FnIsleF08cGmLuVVX2YrpS/UYvAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUiUfF3k6cIjltxYmGHPesTaJqNMQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE0YThlYTMxLTc1MGEtNDM0NC05MmNjLWRkNzBlNjQ5YWNlMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQkzANBgkqhkiG9w0BAQsFAAOCAQEAF+yNQtLnTQCWHBlhIcKEdeLtgrgp
jRYWR1ZNG2bkWu21UYTZM0A+8a5I0s+H/7D+Tzn0hzNcW7X+FzooR4exW1+oZxc4
BbM28k3AHqS3LgO09eiw2TaHcjTWSNm6RZqZbo/W1RCbIkGzDqtHmD/T3h6JYFp0
fPIbC//wHMsCoL04mGjOZh7NqO8BWfPSDxBUVNznr/ZHzrDMrxNTe8Bh0wgsfM5I
vQZ1G/zObKS/hHNxEtjL09twRQIUEwpAvtV2SDc6QyJnoso2MfxehiqUJaAFiwwV
hXe/cHM2cwHgUuA8nNhmxE2yNsmiO+lanW6oBf7yQwCHdCt3yQBmiBHvKA==
-----END CERTIFICATE-----