Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5831f36f-50de-43df-b1e3-ee6e835954e3.roa
File:                     5831f36f-50de-43df-b1e3-ee6e835954e3.roa (raw, json)
Hash identifier:          LSQmrFVQFQ/at/H+hvyakCQJvXaBxOQigv0VZOcdmIQ=
Subject key identifier:   77:CA:E3:16:F8:1C:5C:4E:42:34:2F:BD:6B:A3:F4:81:D8:93:BF:12
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       178D4B121FEED05A2898BA0CAB01E29C60103321
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5831f36f-50de-43df-b1e3-ee6e835954e3.roa
Signing time:             Sun 02 Nov 2025 00:40:51 +0000
ROA not before:           Sun 02 Nov 2025 00:40:51 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.66.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:8d:4b:12:1f:ee:d0:5a:28:98:ba:0c:ab:01:e2:9c:60:10:33:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:40:51 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=61ec3897ab77813dee150b08a0b159cff3c86c672af82eb41bebd151193b2bde, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:26:24:b3:5f:a2:4e:a9:0e:1d:f1:d8:dd:a9:
                    25:ab:f2:9b:53:ba:d6:ee:64:9c:9f:bc:bf:c4:e6:
                    e7:6f:a2:cd:85:41:9d:dc:21:40:e7:0b:94:15:82:
                    e8:80:7e:08:aa:38:5a:fa:ea:17:f9:ed:a2:ba:d7:
                    00:4f:b2:9d:9d:e3:6e:be:a2:a7:54:1e:6e:50:79:
                    87:fa:e8:2c:86:71:66:f0:c6:2a:67:fd:a9:e1:b0:
                    a0:2a:16:5e:78:8d:17:d4:21:d4:f4:3b:86:01:82:
                    47:d3:75:98:cd:fb:2b:d6:2f:1a:78:36:97:ba:6c:
                    97:3e:88:b1:11:8b:48:55:d9:3f:93:04:a0:8f:ff:
                    ac:87:c9:31:25:d7:2c:d1:c5:bf:88:32:f5:39:a3:
                    12:88:f4:5b:d1:94:f7:9c:1e:c5:80:0e:5b:1d:25:
                    dd:bf:1a:d8:87:e2:7d:19:4a:92:dc:c5:a4:ef:e1:
                    65:d2:6a:32:16:0a:2a:1a:f3:b4:47:be:ac:a0:c0:
                    19:8d:70:b7:c2:fa:19:c1:15:e6:df:95:27:c5:e5:
                    50:01:a2:14:b5:56:12:1e:a2:cb:e3:45:13:66:aa:
                    39:51:cf:08:13:d7:3e:d0:81:d8:d7:af:6c:3d:e2:
                    2b:1b:d9:3b:4a:90:be:1b:9d:28:4c:92:44:2d:ad:
                    92:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:CA:E3:16:F8:1C:5C:4E:42:34:2F:BD:6B:A3:F4:81:D8:93:BF:12
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5831f36f-50de-43df-b1e3-ee6e835954e3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.66.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ce:57:d2:b4:3b:ed:b6:3b:0f:27:e3:3b:5a:ba:92:bd:81:a5:
         5e:32:fa:66:04:0d:0a:91:7f:60:77:df:de:84:38:58:d7:a8:
         9a:48:b3:2f:0d:26:b8:0c:de:ee:6c:e9:de:8e:57:e4:f9:be:
         f3:ac:e6:ed:00:da:b2:16:d3:81:59:14:9b:9d:ec:6a:95:7f:
         74:5f:b3:e1:ad:b6:f4:71:f3:41:65:20:32:a7:a9:9b:a1:73:
         f8:38:62:26:a5:b8:f1:86:21:52:f2:72:96:e4:ab:b3:09:f4:
         35:3e:67:91:a0:73:4b:b4:00:10:76:77:46:66:9f:89:86:89:
         52:9b:46:dc:b9:73:2b:ef:c3:26:e0:70:8a:91:fd:64:3d:dd:
         b8:c1:7b:b2:bf:e4:df:95:98:76:4b:69:3e:12:1a:b8:7d:7f:
         b9:f4:f7:81:19:c7:53:64:29:b0:2c:71:6d:82:31:9b:f8:66:
         2e:e2:88:23:7d:65:3f:ef:2a:c0:bb:dc:9c:b7:c1:3b:07:62:
         3d:f3:e9:99:bc:38:cc:45:05:74:8b:d2:29:ab:bd:8f:5b:56:
         d5:75:7e:1c:a5:ae:df:5e:59:5b:b6:f5:33:55:d2:cb:33:a5:
         04:5d:54:7b:e9:f9:69:15:57:8b:05:fc:d3:a9:84:ce:3d:60:
         0e:ca:86:fb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUF41LEh/u0FoomLoMqwHinGAQMyEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDA0MDUxWhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MWVjMzg5N2FiNzc4MTNkZWUxNTBiMDhhMGIxNTljZmYz
Yzg2YzY3MmFmODJlYjQxYmViZDE1MTE5M2IyYmRlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUJiSzX6JOqQ4d8djdqSWr8ptTutbuZJyfvL/E5udvos2F
QZ3cIUDnC5QVguiAfgiqOFr66hf57aK61wBPsp2d426+oqdUHm5QeYf66CyGcWbw
xipn/anhsKAqFl54jRfUIdT0O4YBgkfTdZjN+yvWLxp4Npe6bJc+iLERi0hV2T+T
BKCP/6yHyTEl1yzRxb+IMvU5oxKI9FvRlPecHsWADlsdJd2/GtiH4n0ZSpLcxaTv
4WXSajIWCioa87RHvqygwBmNcLfC+hnBFebflSfF5VABohS1VhIeosvjRRNmqjlR
zwgT1z7QgdjXr2w94isb2TtKkL4bnShMkkQtrZI1AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUd8rjFvgcXE5CNC+9a6P0gdiTvxIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU4MzFmMzZmLTUwZGUtNDNkZi1iMWUzLWVlNmU4MzU5NTRlMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQQjANBgkqhkiG9w0BAQsFAAOCAQEAzlfStDvttjsPJ+M7WrqSvYGlXjL6
ZgQNCpF/YHff3oQ4WNeomkizLw0muAze7mzp3o5X5Pm+86zm7QDashbTgVkUm53s
apV/dF+z4a229HHzQWUgMqepm6Fz+DhiJqW48YYhUvJyluSrswn0NT5nkaBzS7QA
EHZ3RmafiYaJUptG3LlzK+/DJuBwipH9ZD3duMF7sr/k35WYdktpPhIauH1/ufT3
gRnHU2QpsCxxbYIxm/hmLuKII31lP+8qwLvcnLfBOwdiPfPpmbw4zEUFdIvSKau9
j1tW1XV+HKWu315ZW7b1M1XSyzOlBF1Ue+n5aRVXiwX806mEzj1gDsqG+w==
-----END CERTIFICATE-----