Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e4bae46-b367-48d0-8831-12876cafbdbd.roa
File:                     6e4bae46-b367-48d0-8831-12876cafbdbd.roa (raw, json)
Hash identifier:          VsVt131gp7aMTTRtICr1tlIySJ9Lh4Zl8XqlnQhlCNo=
Subject key identifier:   7A:BA:6C:93:8F:D1:89:79:21:0A:C6:7B:6F:B0:B6:52:A6:EC:5D:8D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       46538570C89C0525006BA771F137A7F78B2AA395
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e4bae46-b367-48d0-8831-12876cafbdbd.roa
Signing time:             Wed 05 Nov 2025 00:10:44 +0000
ROA not before:           Wed 05 Nov 2025 00:10:44 +0000
ROA not after:            Wed 10 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.64.0.0/17 maxlen: 17
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:53:85:70:c8:9c:05:25:00:6b:a7:71:f1:37:a7:f7:8b:2a:a3:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  5 00:10:44 2025 GMT
            Not After : Dec 10 23:59:59 2025 GMT
        Subject: serialNumber=d969554f7ef04f45b75ca362b8b94f9850c16202f72881db79263cf673703efd, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:7c:8c:38:c3:a6:67:a2:58:66:9b:87:92:37:
                    bc:29:d7:aa:f6:6d:40:ab:82:6f:fe:b5:cb:43:62:
                    f1:af:8f:94:2a:1e:fc:f9:5b:c3:cb:bf:57:8a:76:
                    61:d2:bd:e5:85:28:7e:d2:08:e1:a7:82:de:2d:93:
                    52:65:91:00:ec:26:a4:47:ca:e6:38:5a:63:80:83:
                    a5:dd:71:47:4a:f9:fe:9d:d7:e3:54:37:08:fd:8d:
                    8a:0b:6c:d8:70:5b:ab:35:53:e7:28:35:3b:c2:6b:
                    41:e4:13:fb:e3:12:a3:22:94:7b:7d:b5:9d:ff:38:
                    57:57:20:da:ca:2b:23:9a:b5:47:c7:f8:30:0c:fb:
                    c4:e3:33:43:7b:0a:d8:a2:ba:af:68:b2:65:14:b3:
                    a7:5a:c3:55:52:4c:47:92:03:20:a5:7f:2c:34:8d:
                    68:dd:4d:37:73:79:b0:28:9a:c4:06:b4:c7:0c:6a:
                    6c:31:5f:16:d6:03:24:f9:f5:c9:0f:11:e4:c3:85:
                    44:2a:1b:bb:c5:e6:29:e8:f0:8e:95:dc:7a:31:8e:
                    fa:fb:e7:5f:62:33:23:e5:50:de:ab:af:bc:2a:67:
                    0f:d1:ca:62:0f:58:6a:7f:ee:20:68:12:fd:72:78:
                    b6:66:4b:56:85:d1:95:ce:68:69:b2:a0:b9:d5:f6:
                    ff:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:BA:6C:93:8F:D1:89:79:21:0A:C6:7B:6F:B0:B6:52:A6:EC:5D:8D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e4bae46-b367-48d0-8831-12876cafbdbd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.64.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         67:a9:15:f5:02:98:e4:ae:b0:05:95:a9:2b:2e:13:8e:8e:90:
         88:92:54:83:fe:bc:f4:66:a4:79:9c:11:87:4d:f4:09:0b:12:
         81:d4:6d:36:8c:e4:27:69:03:11:de:33:26:9f:82:1b:93:79:
         13:d3:11:e2:d4:ab:ba:21:a3:ac:90:79:7e:bb:4c:5d:a0:48:
         14:b2:e0:d2:ae:11:f6:d6:ca:d2:ad:72:26:0e:8c:04:3e:88:
         15:ff:24:c5:2a:09:9e:08:e9:f7:4b:28:96:dd:53:ad:b8:3b:
         77:3e:0a:15:11:55:f9:d5:a8:d0:14:9d:2f:c1:3a:35:73:ad:
         5a:3d:78:6d:2c:96:db:80:92:48:ac:40:41:75:e5:98:f9:0d:
         26:0e:3b:e0:84:04:6e:2f:e5:8e:9d:4e:45:a4:bf:d6:f0:38:
         47:ae:e9:fa:f9:6a:c5:19:fd:d8:64:9d:a6:09:96:f8:ac:2b:
         98:c1:a9:e1:64:62:bf:36:38:a7:bc:3e:e4:0d:70:aa:08:7b:
         cd:ea:ff:a7:82:66:0c:44:3f:5b:ea:cd:31:71:3c:0f:a1:81:
         b6:6f:20:69:a1:5d:af:8c:76:ed:28:f5:db:9e:b1:67:91:e3:
         bd:d8:14:ec:97:ce:44:7b:35:08:09:2a:63:a6:0c:ef:c3:07:
         82:46:d7:3b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURlOFcMicBSUAa6dx8Ten94sqo5UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTA1MDAxMDQ0WhcNMjUxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BkOTY5NTU0ZjdlZjA0ZjQ1Yjc1Y2EzNjJiOGI5NGY5ODUw
YzE2MjAyZjcyODgxZGI3OTI2M2NmNjczNzAzZWZkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCofIw4w6Znolhmm4eSN7wp16r2bUCrgm/+tctDYvGvj5Qq
Hvz5W8PLv1eKdmHSveWFKH7SCOGngt4tk1JlkQDsJqRHyuY4WmOAg6XdcUdK+f6d
1+NUNwj9jYoLbNhwW6s1U+coNTvCa0HkE/vjEqMilHt9tZ3/OFdXINrKKyOatUfH
+DAM+8TjM0N7Ctiiuq9osmUUs6daw1VSTEeSAyClfyw0jWjdTTdzebAomsQGtMcM
amwxXxbWAyT59ckPEeTDhUQqG7vF5ino8I6V3Hoxjvr7519iMyPlUN6rr7wqZw/R
ymIPWGp/7iBoEv1yeLZmS1aF0ZXOaGmyoLnV9v8jAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUerpsk4/RiXkhCsZ7b7C2UqbsXY0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZlNGJhZTQ2LWIzNjctNDhkMC04ODMxLTEyODc2Y2FmYmRiZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcQQAAwDQYJKoZIhvcNAQELBQADggEBAGepFfUCmOSusAWVqSsuE46OkIiS
VIP+vPRmpHmcEYdN9AkLEoHUbTaM5CdpAxHeMyafghuTeRPTEeLUq7oho6yQeX67
TF2gSBSy4NKuEfbWytKtciYOjAQ+iBX/JMUqCZ4I6fdLKJbdU624O3c+ChURVfnV
qNAUnS/BOjVzrVo9eG0sltuAkkisQEF15Zj5DSYOO+CEBG4v5Y6dTkWkv9bwOEeu
6fr5asUZ/dhknaYJlvisK5jBqeFkYr82OKe8PuQNcKoIe83q/6eCZgxEP1vqzTFx
PA+hgbZvIGmhXa+Mdu0o9duesWeR473YFOyXzkR7NQgJKmOmDO/DB4JG1zs=
-----END CERTIFICATE-----