Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/44a4e9af-9ea7-4174-801a-8b7ec2707094.roa
File:                     44a4e9af-9ea7-4174-801a-8b7ec2707094.roa (raw, json)
Hash identifier:          sKL0gO8A9ywIZeEi7eEIDXx0Pz4q+JXnPqIgVlag8fI=
Subject key identifier:   59:41:82:4D:8F:DA:0F:C0:83:6F:12:CF:A3:78:78:5C:AD:84:A0:60
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2CCA5DE9DE96157CE00F7A935C778094B7B8F9BD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/44a4e9af-9ea7-4174-801a-8b7ec2707094.roa
Signing time:             Sat 25 Oct 2025 00:20:05 +0000
ROA not before:           Sat 25 Oct 2025 00:20:05 +0000
ROA not after:            Sat 29 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.119.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:ca:5d:e9:de:96:15:7c:e0:0f:7a:93:5c:77:80:94:b7:b8:f9:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 25 00:20:05 2025 GMT
            Not After : Nov 29 23:59:59 2025 GMT
        Subject: serialNumber=f1dfed0c175fc1f6a6d4b5f14375189636dbb78efd9f07fba01926339792970a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:e6:a7:8f:6d:d2:31:e8:76:10:1d:fa:6e:23:
                    b1:fe:bc:7a:2c:3f:51:46:b1:2d:f5:8a:e8:bb:f9:
                    0b:e9:b3:3d:91:e2:0c:85:dc:78:90:32:67:26:20:
                    c4:1a:d8:8d:06:9b:57:53:e7:aa:18:b3:53:10:c7:
                    3d:d5:13:f9:25:45:e4:d9:c9:42:5c:b4:01:52:6c:
                    71:99:34:46:07:97:1e:75:51:bd:a3:58:b4:65:50:
                    3a:42:78:5c:0a:bf:62:ef:c4:ef:a4:eb:fc:2a:6f:
                    1a:99:e0:6d:ee:37:e6:68:a3:96:d7:08:c4:ec:a0:
                    8b:47:8f:e9:86:78:c0:42:37:74:7e:dd:a6:1c:ff:
                    be:2c:55:72:6c:11:b4:86:58:cd:e5:5f:97:8d:1d:
                    bb:b5:3b:ba:6b:bf:74:c1:0a:66:d6:14:19:99:7a:
                    5a:f5:31:0a:1c:ff:7b:35:e7:67:59:49:6d:e5:c1:
                    27:a8:71:56:4e:02:be:8d:80:0f:34:72:ea:77:40:
                    b4:79:90:57:64:fd:6e:23:88:67:f9:79:d2:a4:5e:
                    d6:aa:0c:69:f5:03:dc:a0:b6:6c:3b:78:49:20:22:
                    53:d3:d6:75:32:52:b5:45:1d:97:a0:c7:49:93:27:
                    1c:a6:c1:65:d9:4c:45:bf:47:1e:e7:ea:9f:ec:dd:
                    1f:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:41:82:4D:8F:DA:0F:C0:83:6F:12:CF:A3:78:78:5C:AD:84:A0:60
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/44a4e9af-9ea7-4174-801a-8b7ec2707094.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.119.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d1:21:88:db:1b:c6:3c:89:da:a6:a0:cb:08:25:23:af:8b:0d:
         a2:0d:d6:24:62:87:44:76:4b:29:51:9f:f2:9d:00:89:bf:68:
         0c:2f:46:ad:b4:82:c9:23:c6:5f:1b:b1:e0:17:65:a1:49:91:
         01:83:21:7e:45:97:37:09:fd:4c:c0:ba:5b:00:4f:54:77:7e:
         75:f0:e1:bb:bd:6b:b1:61:cb:d0:6e:fc:ec:e1:7d:13:ec:98:
         dc:17:e1:27:47:c5:f8:92:fe:df:45:f8:59:f2:0d:2a:4d:04:
         9a:11:4b:50:f7:72:94:87:87:f6:fd:89:82:c0:be:21:b6:6d:
         51:69:ac:f8:80:e4:fa:41:38:a5:cc:21:f1:88:73:31:a4:2c:
         47:81:40:e3:03:4a:2a:e8:95:2a:a8:d3:3d:36:33:26:c5:98:
         9c:ef:43:6d:e5:08:c5:f3:cc:cb:d7:ed:63:de:8e:ac:14:d8:
         d9:82:56:1c:1c:c3:76:55:7f:ed:e6:3a:47:f4:16:94:b1:93:
         e0:54:bd:6b:f1:ee:15:f2:b3:ad:70:35:b6:da:29:23:45:a2:
         e0:a7:08:a8:45:d6:87:cb:0b:ee:32:ee:d5:64:d1:1e:5a:a7:
         a6:e9:e5:39:83:a4:5f:ab:4e:43:1e:bf:98:61:d2:74:df:2a:
         b3:4e:3f:61
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIULMpd6d6WFXzgD3qTXHeAlLe4+b0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI1MDAyMDA1WhcNMjUxMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMWRmZWQwYzE3NWZjMWY2YTZkNGI1ZjE0Mzc1MTg5NjM2
ZGJiNzhlZmQ5ZjA3ZmJhMDE5MjYzMzk3OTI5NzBhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDp5qePbdIx6HYQHfpuI7H+vHosP1FGsS31iui7+Qvpsz2R
4gyF3HiQMmcmIMQa2I0Gm1dT56oYs1MQxz3VE/klReTZyUJctAFSbHGZNEYHlx51
Ub2jWLRlUDpCeFwKv2LvxO+k6/wqbxqZ4G3uN+Zoo5bXCMTsoItHj+mGeMBCN3R+
3aYc/74sVXJsEbSGWM3lX5eNHbu1O7prv3TBCmbWFBmZelr1MQoc/3s152dZSW3l
wSeocVZOAr6NgA80cup3QLR5kFdk/W4jiGf5edKkXtaqDGn1A9ygtmw7eEkgIlPT
1nUyUrVFHZegx0mTJxymwWXZTEW/Rx7n6p/s3R87AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUWUGCTY/aD8CDbxLPo3h4XK2EoGAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ0YTRlOWFmLTllYTctNDE3NC04MDFhLThiN2VjMjcwNzA5NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQdzANBgkqhkiG9w0BAQsFAAOCAQEA0SGI2xvGPInapqDLCCUjr4sNog3W
JGKHRHZLKVGf8p0Aib9oDC9GrbSCySPGXxux4BdloUmRAYMhfkWXNwn9TMC6WwBP
VHd+dfDhu71rsWHL0G787OF9E+yY3BfhJ0fF+JL+30X4WfINKk0EmhFLUPdylIeH
9v2JgsC+IbZtUWms+IDk+kE4pcwh8YhzMaQsR4FA4wNKKuiVKqjTPTYzJsWYnO9D
beUIxfPMy9ftY96OrBTY2YJWHBzDdlV/7eY6R/QWlLGT4FS9a/HuFfKzrXA1ttop
I0Wi4KcIqEXWh8sL7jLu1WTRHlqnpunlOYOkX6tOQx6/mGHSdN8qs04/YQ==
-----END CERTIFICATE-----