Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3fa4f6da-6073-4400-a522-35f62e2343ee.roa
File:                     3fa4f6da-6073-4400-a522-35f62e2343ee.roa (raw, json)
Hash identifier:          K3+EnaeShs0FOWJldQAf7R/5Ejh7v2dpcfTkyxZJr+s=
Subject key identifier:   A8:AE:96:47:34:35:F7:31:3F:6F:37:D0:E9:C9:E1:54:53:88:35:DF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0B3DD6645F670C10BD61380203B89BFE4265C2EA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3fa4f6da-6073-4400-a522-35f62e2343ee.roa
Signing time:             Tue 28 Oct 2025 00:01:05 +0000
ROA not before:           Tue 28 Oct 2025 00:01:05 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        71.16.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:3d:d6:64:5f:67:0c:10:bd:61:38:02:03:b8:9b:fe:42:65:c2:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:01:05 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=26a44c5321ca6446560eb50abddfd44998a9d49f9ed8e8648e336ed130112d4a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:99:60:d8:b7:1d:0a:e1:cb:c8:29:79:b4:fa:
                    88:26:95:34:65:a7:ac:0c:b2:24:4e:e0:b7:f3:8b:
                    d0:2d:46:a9:85:ea:ee:f3:f8:46:b3:5d:ca:5b:79:
                    28:0d:55:7b:fd:db:5a:84:f6:ed:b4:90:ba:9a:0b:
                    0b:1a:ee:37:8c:27:3f:3d:69:80:84:23:9e:8b:d5:
                    6f:a5:1c:d3:97:4c:3a:e9:02:49:70:5b:0b:2f:9a:
                    1e:b2:b5:8c:d0:a9:3e:ce:78:d3:7d:de:9c:96:d4:
                    c8:6f:b2:d8:7d:5a:48:c9:5f:c3:d4:90:42:4a:dd:
                    ba:14:b8:a3:e4:45:16:82:75:89:28:0a:51:19:80:
                    5b:54:8d:45:de:40:b3:6d:9d:f0:4f:f5:6e:1e:70:
                    5c:d2:6b:bb:0c:90:99:80:e6:82:1b:b0:dc:cc:c8:
                    0c:8f:af:c4:34:23:96:5f:77:e5:e9:ae:8f:8d:eb:
                    f1:0d:c0:b7:9f:5b:3c:88:80:e2:d8:a6:2c:49:a7:
                    d3:43:f2:10:9d:07:a0:2a:ed:51:81:5e:91:49:17:
                    7c:66:01:07:13:fd:56:fe:7a:83:96:bd:54:0c:c7:
                    23:70:e7:f6:66:36:5a:b7:c5:1e:fb:bb:c7:17:dc:
                    d7:9c:e3:63:37:8f:ec:c4:15:3e:f9:b0:21:b2:39:
                    a7:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:AE:96:47:34:35:F7:31:3F:6F:37:D0:E9:C9:E1:54:53:88:35:DF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3fa4f6da-6073-4400-a522-35f62e2343ee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  71.16.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d8:11:9b:b8:91:11:a8:3d:7c:d2:5b:3f:1f:e1:3c:7c:6a:1d:
         cb:89:3d:96:97:12:e5:31:b4:46:c9:10:34:4a:54:3a:9e:b9:
         fa:f8:9f:56:2a:e2:bd:93:26:a0:f0:4f:e5:82:09:03:2d:20:
         6e:e9:ea:4c:61:6a:e7:d7:7c:b6:5e:2e:23:2e:01:dc:86:f1:
         35:d4:87:2e:b2:74:1f:2d:8e:84:f4:37:82:d6:97:68:a8:05:
         d0:4e:7b:42:66:1d:52:81:3d:02:61:29:f8:cd:5a:87:cc:08:
         ac:d1:9b:ee:14:fc:9a:01:35:19:b2:ca:7b:60:1a:f0:2d:8b:
         3b:4d:7e:27:2c:dc:10:52:81:98:a6:bc:10:ba:6a:ce:be:f7:
         8a:0a:18:99:10:ec:c4:0b:f2:2c:ca:50:58:08:8e:db:af:6d:
         d0:0e:27:f8:ab:f0:39:0c:d6:e7:3a:02:aa:67:3a:75:eb:28:
         85:fc:51:05:5d:12:6b:ca:03:83:3f:08:39:7f:cd:0b:92:98:
         a0:25:05:0d:50:8c:e2:6a:5c:cb:f6:4d:92:a6:e0:41:66:0c:
         cb:7e:ac:ba:b5:d3:b9:a2:b6:aa:99:63:d7:db:5d:45:e0:e2:
         e9:68:af:e4:44:34:30:66:cd:42:9e:46:11:70:00:f7:d6:28:
         af:9e:3c:75
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUCz3WZF9nDBC9YTgCA7ib/kJlwuowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDAwMTA1WhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNmE0NGM1MzIxY2E2NDQ2NTYwZWI1MGFiZGRmZDQ0OTk4
YTlkNDlmOWVkOGU4NjQ4ZTMzNmVkMTMwMTEyZDRhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDtmWDYtx0K4cvIKXm0+ogmlTRlp6wMsiRO4Lfzi9AtRqmF
6u7z+EazXcpbeSgNVXv921qE9u20kLqaCwsa7jeMJz89aYCEI56L1W+lHNOXTDrp
AklwWwsvmh6ytYzQqT7OeNN93pyW1Mhvsth9WkjJX8PUkEJK3boUuKPkRRaCdYko
ClEZgFtUjUXeQLNtnfBP9W4ecFzSa7sMkJmA5oIbsNzMyAyPr8Q0I5Zfd+Xpro+N
6/ENwLefWzyIgOLYpixJp9ND8hCdB6Aq7VGBXpFJF3xmAQcT/Vb+eoOWvVQMxyNw
5/ZmNlq3xR77u8cX3Nec42M3j+zEFT75sCGyOafFAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUqK6WRzQ19zE/bzfQ6cnhVFOINd8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNmYTRmNmRhLTYwNzMtNDQwMC1hNTIyLTM1ZjYyZTIzNDNlZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBHEDANBgkqhkiG9w0BAQsFAAOCAQEA2BGbuJERqD180ls/H+E8fGody4k9
lpcS5TG0RskQNEpUOp65+vifVirivZMmoPBP5YIJAy0gbunqTGFq59d8tl4uIy4B
3IbxNdSHLrJ0Hy2OhPQ3gtaXaKgF0E57QmYdUoE9AmEp+M1ah8wIrNGb7hT8mgE1
GbLKe2Aa8C2LO01+JyzcEFKBmKa8ELpqzr73igoYmRDsxAvyLMpQWAiO269t0A4n
+KvwOQzW5zoCqmc6desohfxRBV0Sa8oDgz8IOX/NC5KYoCUFDVCM4mpcy/ZNkqbg
QWYMy36surXTuaK2qplj19tdReDi6Wiv5EQ0MGbNQp5GEXAA99Yor548dQ==
-----END CERTIFICATE-----