Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7bfdfc37-13e7-4b3d-b083-7c1d8cf07ad8.roa
File:                     7bfdfc37-13e7-4b3d-b083-7c1d8cf07ad8.roa (raw, json)
Hash identifier:          jZWrO9/UZaHGQhw+0c82aQku6VsK6dJVkLbAiQ88s+I=
Subject key identifier:   41:DA:AE:BE:6D:6D:47:7E:55:01:48:DD:A7:22:85:61:5C:BE:BF:17
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0CDAC2D879321346496B44F5F7A64A32C6EE132E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7bfdfc37-13e7-4b3d-b083-7c1d8cf07ad8.roa
Signing time:             Sat 25 Oct 2025 00:10:11 +0000
ROA not before:           Sat 25 Oct 2025 00:10:11 +0000
ROA not after:            Sat 29 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.53.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:da:c2:d8:79:32:13:46:49:6b:44:f5:f7:a6:4a:32:c6:ee:13:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 25 00:10:11 2025 GMT
            Not After : Nov 29 23:59:59 2025 GMT
        Subject: serialNumber=4be53e9fd5ee67fa208fd2e63a0843592d57f529257736bfac9b1e822bdfd4b7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:23:60:de:3d:ff:9e:f7:94:59:e6:ba:e5:eb:
                    dc:f2:2a:cc:55:ff:93:82:28:86:27:5c:e0:a2:36:
                    19:5d:a8:8b:f1:fe:b0:06:05:9b:80:0b:f6:fb:59:
                    91:c4:0a:82:fb:99:d0:2d:dd:69:94:f0:51:b4:bb:
                    0a:69:33:e9:4d:5b:1b:05:f9:37:f2:d9:df:f6:41:
                    bb:48:25:dc:91:79:b0:87:d6:38:5b:14:2f:9b:e1:
                    55:4e:65:57:87:5c:25:bb:8c:c5:bd:c3:21:ef:05:
                    4b:40:84:21:4f:44:92:38:e9:70:1b:e2:96:8b:79:
                    39:5f:cd:31:e0:9d:1d:6d:8f:8a:1a:a6:1d:60:3c:
                    f7:5f:75:92:7b:a8:2a:0d:88:d9:1c:78:1d:33:9d:
                    40:ed:11:e3:37:49:c4:2c:1e:6d:92:05:2f:2b:3d:
                    0c:15:24:12:72:c4:0e:db:ec:44:03:06:9c:7f:8c:
                    f4:db:1e:b2:0b:ee:60:97:11:d7:2c:ad:a7:49:fa:
                    f8:71:68:ec:c8:66:8f:6a:cc:52:c7:f3:86:6b:a7:
                    bb:bc:8b:8b:c1:a2:2e:7b:b9:b6:e5:5f:12:84:1a:
                    93:ba:c7:40:f9:1f:db:df:84:0f:30:21:8c:b3:74:
                    8d:1c:e8:0a:31:50:75:db:a1:ed:63:6b:00:28:97:
                    6b:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:DA:AE:BE:6D:6D:47:7E:55:01:48:DD:A7:22:85:61:5C:BE:BF:17
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7bfdfc37-13e7-4b3d-b083-7c1d8cf07ad8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.53.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         16:0e:6b:5b:15:f7:c4:ab:0a:7f:be:95:5d:9d:de:a3:52:13:
         f6:d9:04:0c:4f:32:4b:93:6d:db:f9:2b:b4:63:eb:67:90:64:
         86:6e:7d:bb:3c:96:f9:bf:d0:61:28:fc:8c:5e:e4:db:2b:57:
         34:c8:88:60:1b:98:f2:81:da:f0:b2:f7:ab:a3:71:f3:d6:d8:
         64:d6:7a:88:6d:8c:6d:7b:74:b7:b7:f2:e3:74:7e:83:43:0f:
         ad:a7:cd:23:47:08:01:dd:79:8f:5a:e2:d9:7e:e1:23:cb:ab:
         1b:9b:4d:8c:32:30:1f:88:62:e7:0d:bf:a6:01:c9:1a:c6:77:
         de:e2:f8:25:19:d0:22:40:37:94:0c:36:c5:21:39:7c:92:3f:
         6b:26:df:b3:fe:34:48:66:84:29:08:5e:5e:1f:0e:85:5b:f4:
         0c:80:39:58:93:87:f8:5a:f7:c2:8b:2e:f0:79:13:4c:68:ae:
         b1:35:6e:52:d3:ec:0a:17:c8:e0:77:74:5b:de:7f:3b:0b:0b:
         47:63:bf:40:bb:35:8e:47:fd:1e:98:78:5e:a6:a1:35:ee:80:
         4c:ef:e2:43:b7:91:f0:14:a2:9f:53:05:e0:fc:f2:9e:39:a0:
         66:a0:30:1d:3f:b8:e8:4a:ea:6c:65:14:96:71:83:8a:cc:64:
         cd:93:b9:a4
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUDNrC2HkyE0ZJa0T196ZKMsbuEy4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI1MDAxMDExWhcNMjUxMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0YmU1M2U5ZmQ1ZWU2N2ZhMjA4ZmQyZTYzYTA4NDM1OTJk
NTdmNTI5MjU3NzM2YmZhYzliMWU4MjJiZGZkNGI3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSI2DePf+e95RZ5rrl69zyKsxV/5OCKIYnXOCiNhldqIvx
/rAGBZuAC/b7WZHECoL7mdAt3WmU8FG0uwppM+lNWxsF+Tfy2d/2QbtIJdyRebCH
1jhbFC+b4VVOZVeHXCW7jMW9wyHvBUtAhCFPRJI46XAb4paLeTlfzTHgnR1tj4oa
ph1gPPdfdZJ7qCoNiNkceB0znUDtEeM3ScQsHm2SBS8rPQwVJBJyxA7b7EQDBpx/
jPTbHrIL7mCXEdcsradJ+vhxaOzIZo9qzFLH84Zrp7u8i4vBoi57ubblXxKEGpO6
x0D5H9vfhA8wIYyzdI0c6AoxUHXboe1jawAol2t7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUQdquvm1tR35VAUjdpyKFYVy+vxcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdiZmRmYzM3LTEzZTctNGIzZC1iMDgzLTdjMWQ4Y2YwN2FkOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQNTANBgkqhkiG9w0BAQsFAAOCAQEAFg5rWxX3xKsKf76VXZ3eo1IT9tkE
DE8yS5Nt2/krtGPrZ5Bkhm59uzyW+b/QYSj8jF7k2ytXNMiIYBuY8oHa8LL3q6Nx
89bYZNZ6iG2MbXt0t7fy43R+g0MPrafNI0cIAd15j1ri2X7hI8urG5tNjDIwH4hi
5w2/pgHJGsZ33uL4JRnQIkA3lAw2xSE5fJI/aybfs/40SGaEKQheXh8OhVv0DIA5
WJOH+Fr3wosu8HkTTGiusTVuUtPsChfI4Hd0W95/OwsLR2O/QLs1jkf9Hph4Xqah
Ne6ATO/iQ7eR8BSin1MF4PzynjmgZqAwHT+46ErqbGUUlnGDisxkzZO5pA==
-----END CERTIFICATE-----