Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6f4424f1-a154-4dc3-838e-553cde0d6d3a.roa
File:                     6f4424f1-a154-4dc3-838e-553cde0d6d3a.roa (raw, json)
Hash identifier:          S2EjziHMQCE31iWgMM6EUMPp0a7GwqIaQEiwBnOkFR0=
Subject key identifier:   66:52:74:13:1E:46:B3:EA:42:AF:83:26:47:AF:4D:E6:CD:A3:E2:D6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4F0A9BA6D80D71E2C6FB85A8D4158187567E99DD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6f4424f1-a154-4dc3-838e-553cde0d6d3a.roa
Signing time:             Wed 22 Oct 2025 00:20:49 +0000
ROA not before:           Wed 22 Oct 2025 00:20:49 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.11.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:0a:9b:a6:d8:0d:71:e2:c6:fb:85:a8:d4:15:81:87:56:7e:99:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:20:49 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=a0f1e0fcfdb76ac86517190b6852b2e5740d5e14ff6c7cf96c11d61eaff26176, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:f1:b2:aa:c3:c8:bf:3a:df:42:f2:8a:7c:29:
                    73:b8:ec:2f:d2:e4:2b:13:d7:1e:c5:fb:5e:ad:d7:
                    a8:f0:ed:f7:63:74:9c:68:74:6b:d9:4e:3a:68:41:
                    b8:fc:47:13:58:55:32:fe:2d:d7:4d:c3:24:d5:cd:
                    55:32:04:7c:50:e5:2a:a4:49:83:8d:3f:4f:d6:fa:
                    14:71:a7:8d:d6:72:ee:14:0f:93:81:39:4d:fe:f9:
                    06:19:d0:e8:ce:8b:22:7a:f7:ae:c2:94:50:98:cb:
                    dc:d9:69:c0:b8:2c:69:a6:46:ba:29:fe:19:0b:e2:
                    05:c2:13:cb:9e:62:82:0d:86:42:97:77:1d:39:ac:
                    3b:87:c6:ff:05:d8:c4:dd:ba:8b:f8:19:f4:89:f9:
                    f4:c8:95:00:12:e3:21:e3:a2:95:b8:35:12:7a:3c:
                    64:1e:31:7f:a1:fa:ad:f6:11:ac:88:5a:53:7c:ae:
                    96:5d:74:f8:13:22:68:6d:cf:8c:8f:b9:05:d4:b9:
                    e0:c7:ce:0e:fa:9f:d8:d3:1b:c9:69:91:17:9d:9e:
                    e8:7e:63:89:c8:31:e1:c3:83:b2:97:61:26:77:fe:
                    82:f8:cb:00:78:c1:f6:ce:f8:5d:fd:95:dd:66:41:
                    68:67:59:b8:48:29:94:92:fb:0b:26:0f:4a:df:fe:
                    2b:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:52:74:13:1E:46:B3:EA:42:AF:83:26:47:AF:4D:E6:CD:A3:E2:D6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6f4424f1-a154-4dc3-838e-553cde0d6d3a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.11.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         af:c6:6e:a3:60:73:ca:a4:69:7c:8a:ef:2d:f4:d7:32:51:00:
         6b:d7:91:60:0a:82:b2:13:31:a8:b2:f3:7e:0e:b1:84:31:07:
         8c:07:e8:6b:f0:61:7b:13:e6:5c:fb:b3:87:97:f0:be:e0:02:
         84:a8:c3:27:8e:12:8b:4c:f5:23:d9:1e:a7:59:fe:68:26:77:
         92:e5:85:4f:d8:30:ea:c5:d5:e5:05:d4:1e:78:87:ac:65:a8:
         34:ef:68:69:c8:fd:78:0e:3c:9a:6e:1c:83:62:89:74:d4:80:
         16:c8:1d:cf:05:cd:62:10:de:dc:1b:d2:43:d5:bd:eb:e6:84:
         cd:48:96:9f:ad:4f:25:d6:da:d3:43:43:cb:79:e1:db:46:cf:
         f5:03:15:6f:3f:93:a5:bf:72:f2:c1:cb:cc:8d:81:4d:bc:a6:
         ec:91:d1:7c:62:66:e2:d5:f4:58:2d:80:e6:3a:d7:49:22:b4:
         55:6f:94:1f:d4:ce:be:eb:1a:5a:4a:66:26:06:a7:09:a4:93:
         20:28:26:95:50:28:ea:ff:b7:08:b7:d8:8a:73:1b:78:d8:3b:
         33:ed:ff:8c:1a:1f:e1:50:9d:a2:3a:7c:5c:4c:ad:51:36:a4:
         39:b8:fc:55:25:6b:91:58:ce:48:1b:67:84:ad:fe:50:70:b6:
         64:d6:59:2a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTwqbptgNceLG+4Wo1BWBh1Z+md0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAyMDQ5WhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMGYxZTBmY2ZkYjc2YWM4NjUxNzE5MGI2ODUyYjJlNTc0
MGQ1ZTE0ZmY2YzdjZjk2YzExZDYxZWFmZjI2MTc2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCb8bKqw8i/Ot9C8op8KXO47C/S5CsT1x7F+16t16jw7fdj
dJxodGvZTjpoQbj8RxNYVTL+LddNwyTVzVUyBHxQ5SqkSYONP0/W+hRxp43Wcu4U
D5OBOU3++QYZ0OjOiyJ6967ClFCYy9zZacC4LGmmRrop/hkL4gXCE8ueYoINhkKX
dx05rDuHxv8F2MTduov4GfSJ+fTIlQAS4yHjopW4NRJ6PGQeMX+h+q32EayIWlN8
rpZddPgTImhtz4yPuQXUueDHzg76n9jTG8lpkRednuh+Y4nIMeHDg7KXYSZ3/oL4
ywB4wfbO+F39ld1mQWhnWbhIKZSS+wsmD0rf/itJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUZlJ0Ex5Gs+pCr4MmR69N5s2j4tYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZmNDQyNGYxLWExNTQtNGRjMy04MzhlLTU1M2NkZTBkNmQzYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQCzANBgkqhkiG9w0BAQsFAAOCAQEAr8Zuo2BzyqRpfIrvLfTXMlEAa9eR
YAqCshMxqLLzfg6xhDEHjAfoa/BhexPmXPuzh5fwvuAChKjDJ44Si0z1I9kep1n+
aCZ3kuWFT9gw6sXV5QXUHniHrGWoNO9oacj9eA48mm4cg2KJdNSAFsgdzwXNYhDe
3BvSQ9W96+aEzUiWn61PJdba00NDy3nh20bP9QMVbz+Tpb9y8sHLzI2BTbym7JHR
fGJm4tX0WC2A5jrXSSK0VW+UH9TOvusaWkpmJganCaSTICgmlVAo6v+3CLfYinMb
eNg7M+3/jBof4VCdojp8XEytUTakObj8VSVrkVjOSBtnhK3+UHC2ZNZZKg==
-----END CERTIFICATE-----