Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4963540b-ec7a-49a7-9f72-11cb956c55de.roa
File:                     4963540b-ec7a-49a7-9f72-11cb956c55de.roa (raw, json)
Hash identifier:          m+lxHVrtlR7fLIPhX3WaDik9XV1oDiXmnCurF3tOBfk=
Subject key identifier:   7D:A3:29:DB:05:8E:82:0A:92:4C:CE:1E:75:AF:56:A8:B6:67:81:C7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1496688656F12D0E2AB7175AFBBC0656922AFC7C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4963540b-ec7a-49a7-9f72-11cb956c55de.roa
Signing time:             Tue 21 Oct 2025 00:10:53 +0000
ROA not before:           Tue 21 Oct 2025 00:10:53 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.120.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:96:68:86:56:f1:2d:0e:2a:b7:17:5a:fb:bc:06:56:92:2a:fc:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 21 00:10:53 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=1de0f584f0d096964b7d30fa98d7fcbeb4ab0f42f6da555e82bb51cc1d7fc2c7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:cc:62:64:1f:01:61:31:9f:e7:cc:94:c9:89:
                    8f:38:3b:39:96:56:18:bb:b2:8c:43:7d:17:2d:5b:
                    10:a8:56:67:24:c6:bf:d8:f4:21:c2:99:a1:13:0a:
                    bc:fa:be:2d:fc:e8:6e:b6:0c:fd:3f:67:7a:bf:5e:
                    df:d0:59:7a:60:3a:3a:6a:cb:4b:37:78:55:49:69:
                    65:79:95:31:d5:fa:43:41:b3:1a:75:cb:c6:84:e7:
                    23:c2:f1:34:75:63:f7:f9:c3:15:b4:fa:9c:5b:51:
                    8e:f6:99:69:27:f4:8f:50:ab:e0:80:7f:07:7e:f7:
                    ff:b3:df:25:6b:73:64:fd:d1:3d:02:a1:a2:10:71:
                    ff:62:5c:9f:aa:a7:94:5d:18:29:4c:28:0e:c4:26:
                    67:d2:67:71:58:51:1e:c5:12:2c:ed:a6:fb:04:6a:
                    4b:c4:16:48:87:bf:21:a2:c5:41:94:71:e8:3e:1b:
                    a3:ce:58:90:d2:ef:97:7b:89:54:b5:f4:33:a5:9e:
                    62:67:6d:64:64:9f:7a:c9:f9:16:68:c1:f6:56:8f:
                    c0:66:d9:25:97:36:51:8e:87:9a:40:57:94:6a:ae:
                    8c:4e:ce:60:98:27:cf:78:79:92:9c:48:21:27:50:
                    b8:92:e6:81:c8:ba:5b:3b:48:c9:73:56:d8:e4:cf:
                    cf:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:A3:29:DB:05:8E:82:0A:92:4C:CE:1E:75:AF:56:A8:B6:67:81:C7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4963540b-ec7a-49a7-9f72-11cb956c55de.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.120.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a4:ab:ea:b4:92:87:92:07:35:03:31:e8:01:ae:63:34:dc:ff:
         37:c4:15:63:de:cf:65:5e:18:31:bb:c6:89:4d:5e:08:4e:9a:
         57:5b:b7:80:c9:3c:3b:4e:88:b3:bb:97:dd:01:e8:da:97:c3:
         b6:b0:23:dd:74:e9:44:4d:3b:a0:6d:7e:dd:0d:8e:35:ea:4a:
         f0:92:c9:e3:ac:02:d7:b1:e5:81:56:a2:88:60:79:46:1f:18:
         6c:72:eb:82:83:67:3f:c8:95:aa:35:a0:ae:87:51:12:46:be:
         eb:a5:f5:68:85:46:52:2a:0d:71:27:15:df:c7:71:ad:d7:2c:
         82:21:5e:98:94:21:9d:fd:37:da:33:57:9d:fd:05:fd:fb:dd:
         61:7c:34:79:00:98:21:0b:6b:70:18:2c:20:73:5a:dd:ca:33:
         e2:f5:11:30:b0:29:f8:9c:ba:49:7b:74:88:2b:57:b4:01:47:
         15:9f:f6:82:d6:f1:19:62:a1:b9:ea:5b:4e:50:68:f4:64:59:
         7b:1f:72:93:d9:e2:ce:77:82:ed:3c:73:71:1d:7a:82:5b:7d:
         7c:f5:f1:f0:2f:ff:43:a7:fd:b5:e8:07:ba:ac:03:e7:9a:0d:
         9e:96:71:88:ba:78:d1:45:f6:59:10:65:20:49:cf:f9:71:f2:
         0f:6a:9c:f6
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFJZohlbxLQ4qtxda+7wGVpIq/HwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIxMDAxMDUzWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZGUwZjU4NGYwZDA5Njk2NGI3ZDMwZmE5OGQ3ZmNiZWI0
YWIwZjQyZjZkYTU1NWU4MmJiNTFjYzFkN2ZjMmM3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrzGJkHwFhMZ/nzJTJiY84OzmWVhi7soxDfRctWxCoVmck
xr/Y9CHCmaETCrz6vi386G62DP0/Z3q/Xt/QWXpgOjpqy0s3eFVJaWV5lTHV+kNB
sxp1y8aE5yPC8TR1Y/f5wxW0+pxbUY72mWkn9I9Qq+CAfwd+9/+z3yVrc2T90T0C
oaIQcf9iXJ+qp5RdGClMKA7EJmfSZ3FYUR7FEiztpvsEakvEFkiHvyGixUGUceg+
G6POWJDS75d7iVS19DOlnmJnbWRkn3rJ+RZowfZWj8Bm2SWXNlGOh5pAV5RqroxO
zmCYJ894eZKcSCEnULiS5oHIuls7SMlzVtjkz88PAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUfaMp2wWOggqSTM4eda9WqLZngccwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ5NjM1NDBiLWVjN2EtNDlhNy05ZjcyLTExY2I5NTZjNTVkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQeDANBgkqhkiG9w0BAQsFAAOCAQEApKvqtJKHkgc1AzHoAa5jNNz/N8QV
Y97PZV4YMbvGiU1eCE6aV1u3gMk8O06Is7uX3QHo2pfDtrAj3XTpRE07oG1+3Q2O
NepK8JLJ46wC17HlgVaiiGB5Rh8YbHLrgoNnP8iVqjWgrodREka+66X1aIVGUioN
cScV38dxrdcsgiFemJQhnf032jNXnf0F/fvdYXw0eQCYIQtrcBgsIHNa3coz4vUR
MLAp+Jy6SXt0iCtXtAFHFZ/2gtbxGWKhuepbTlBo9GRZex9yk9nizneC7TxzcR16
glt9fPXx8C//Q6f9tegHuqwD55oNnpZxiLp40UX2WRBlIEnP+XHyD2qc9g==
-----END CERTIFICATE-----