Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28ec74f7-4ef7-41c1-9bf3-1ae45fdb5654.roa
File:                     28ec74f7-4ef7-41c1-9bf3-1ae45fdb5654.roa (raw, json)
Hash identifier:          W0EK44cOdVGvozVEnbZrR/K9T9ZoiOdV0wAsXFS+A3M=
Subject key identifier:   D9:B4:AC:10:2C:63:73:54:F0:68:00:80:A1:D5:2E:A1:33:3D:15:25
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       11A0216286B1416D683C29D1412D5EFB9D31542B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28ec74f7-4ef7-41c1-9bf3-1ae45fdb5654.roa
Signing time:             Sat 25 Oct 2025 00:10:07 +0000
ROA not before:           Sat 25 Oct 2025 00:10:07 +0000
ROA not after:            Sat 29 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.154.0.0/15 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:a0:21:62:86:b1:41:6d:68:3c:29:d1:41:2d:5e:fb:9d:31:54:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 25 00:10:07 2025 GMT
            Not After : Nov 29 23:59:59 2025 GMT
        Subject: serialNumber=5ce27ed0dd6399075edf70f9654cd0a91c172c2708a121391537e21e5bf986fb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:9e:c4:73:0e:ac:5e:a4:9b:7f:f8:12:e4:df:
                    a5:3d:9c:8e:6d:b2:aa:85:cf:f2:64:a2:49:ac:b6:
                    d8:f4:99:72:4f:a4:0d:06:9e:f0:ec:bb:64:dc:69:
                    ec:28:ac:a4:c3:9f:14:9a:db:96:da:2a:8a:5e:10:
                    78:5f:9a:8a:c5:be:93:ed:35:17:fa:a4:18:f5:a1:
                    d8:67:79:cd:9a:5f:a4:3c:60:51:0d:de:ef:10:e5:
                    ca:77:ba:19:65:e3:8c:c8:25:98:b7:aa:d3:78:59:
                    58:75:6c:32:1a:97:b5:e8:97:99:70:47:95:bb:15:
                    76:92:64:c2:11:af:39:5b:61:b2:84:6d:d1:e0:3c:
                    db:75:0d:2b:2c:48:1a:a4:97:52:57:60:51:21:cc:
                    44:de:05:79:3a:49:13:1d:58:01:0d:cc:92:40:4d:
                    19:cc:4d:fd:3d:c9:8d:66:3a:df:69:e9:04:45:83:
                    df:6e:c7:c3:69:78:19:1f:b6:d5:3b:ce:d9:7d:46:
                    4a:95:f6:a2:0b:d2:1a:7b:20:a2:c3:1b:69:0e:53:
                    4a:b8:41:f1:08:bc:f4:d0:07:de:a0:7f:71:83:77:
                    a5:bf:f6:b2:78:65:9f:24:49:f9:c9:c2:93:32:5d:
                    3f:ed:21:6b:6f:20:5b:77:d5:cf:a2:57:5b:f1:ea:
                    9d:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:B4:AC:10:2C:63:73:54:F0:68:00:80:A1:D5:2E:A1:33:3D:15:25
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28ec74f7-4ef7-41c1-9bf3-1ae45fdb5654.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.154.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         72:f1:ab:e1:6a:cf:9c:ee:ab:cf:d3:9a:23:cf:aa:5a:7d:26:
         c8:10:23:8f:05:94:de:cf:01:ce:a8:02:67:6c:75:13:2d:61:
         75:c7:35:50:34:55:ef:e5:35:2d:4d:06:66:b7:00:1a:16:ae:
         9a:31:a5:fb:81:99:23:74:6b:4a:5d:7f:6e:63:82:c7:27:2c:
         9d:c1:10:f4:3e:dd:a4:29:69:17:cb:a7:d8:d2:80:9b:3c:25:
         e6:12:d3:f0:f4:66:06:a4:9e:6e:31:90:cb:c9:8c:64:3d:40:
         f8:37:25:a2:11:94:18:d7:c7:d3:53:32:0c:0a:02:76:00:8a:
         08:29:5b:25:2a:8d:a2:f9:bb:6a:7a:cd:0c:45:52:c0:1f:8f:
         4c:3a:d0:ba:8a:c4:6b:35:a4:3e:fe:1e:dc:66:92:2f:13:9a:
         29:05:23:78:85:d7:f3:a9:df:9f:b2:2a:a4:6a:fa:52:6e:48:
         a6:9c:fb:b9:44:e6:8e:46:9a:bf:f9:4b:9f:99:dd:41:d1:d0:
         2f:8a:45:ff:a2:6a:f9:1b:1f:bc:50:57:01:47:c6:74:1a:67:
         0c:41:d4:3f:b1:b4:6e:d7:f1:5b:c9:0e:d9:9d:f3:51:de:b1:
         c0:4b:b8:ed:13:a6:4e:dd:06:46:de:31:e5:c7:42:b4:58:c0:
         f6:e8:23:c3
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUEaAhYoaxQW1oPCnRQS1e+50xVCswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI1MDAxMDA3WhcNMjUxMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A1Y2UyN2VkMGRkNjM5OTA3NWVkZjcwZjk2NTRjZDBhOTFj
MTcyYzI3MDhhMTIxMzkxNTM3ZTIxZTViZjk4NmZiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRnsRzDqxepJt/+BLk36U9nI5tsqqFz/Jkokmsttj0mXJP
pA0GnvDsu2TcaeworKTDnxSa25baKopeEHhfmorFvpPtNRf6pBj1odhnec2aX6Q8
YFEN3u8Q5cp3uhll44zIJZi3qtN4WVh1bDIal7Xol5lwR5W7FXaSZMIRrzlbYbKE
bdHgPNt1DSssSBqkl1JXYFEhzETeBXk6SRMdWAENzJJATRnMTf09yY1mOt9p6QRF
g99ux8NpeBkfttU7ztl9RkqV9qIL0hp7IKLDG2kOU0q4QfEIvPTQB96gf3GDd6W/
9rJ4ZZ8kSfnJwpMyXT/tIWtvIFt31c+iV1vx6p0PAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU2bSsECxjc1TwaACAodUuoTM9FSUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI4ZWM3NGY3LTRlZjctNDFjMS05YmYzLTFhZTQ1ZmRiNTY1NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEQmjANBgkqhkiG9w0BAQsFAAOCAQEAcvGr4WrPnO6rz9OaI8+qWn0myBAj
jwWU3s8BzqgCZ2x1Ey1hdcc1UDRV7+U1LU0GZrcAGhaumjGl+4GZI3RrSl1/bmOC
xycsncEQ9D7dpClpF8un2NKAmzwl5hLT8PRmBqSebjGQy8mMZD1A+DclohGUGNfH
01MyDAoCdgCKCClbJSqNovm7anrNDEVSwB+PTDrQuorEazWkPv4e3GaSLxOaKQUj
eIXX86nfn7IqpGr6Um5Ippz7uUTmjkaav/lLn5ndQdHQL4pF/6Jq+RsfvFBXAUfG
dBpnDEHUP7G0btfxW8kO2Z3zUd6xwEu47ROmTt0GRt4x5cdCtFjA9ugjww==
-----END CERTIFICATE-----