Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7c748147-8998-4672-8c3d-5171a4d8afff.roa
File:                     7c748147-8998-4672-8c3d-5171a4d8afff.roa (raw, json)
Hash identifier:          pi/frMAn53kABPFup2aHScjtUeuxgoan62jNYrikSKU=
Subject key identifier:   BF:C8:0D:9C:73:4C:BA:C4:6E:80:60:00:4D:BA:CC:A9:1A:5D:9C:C3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       467BB4B1FBEFB66A6F601C20571BAEF77670E912
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7c748147-8998-4672-8c3d-5171a4d8afff.roa
Signing time:             Sun 26 Oct 2025 00:01:00 +0000
ROA not before:           Sun 26 Oct 2025 00:01:00 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.52.0.0/14 maxlen: 14
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:7b:b4:b1:fb:ef:b6:6a:6f:60:1c:20:57:1b:ae:f7:76:70:e9:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 00:01:00 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=2b19b64c276378bc9eb690a27db4ae5f3b99ef12e1b520c2240ed646db89efe5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:da:5a:28:5b:ef:59:4b:80:41:53:f0:22:2b:
                    e6:fd:ea:eb:6f:93:f8:24:18:d5:a5:57:0d:e2:81:
                    17:4f:d7:bc:c4:df:b3:c2:f9:8c:96:88:de:ce:8a:
                    8e:8d:39:b7:2f:2c:22:59:01:73:5e:39:13:70:ed:
                    06:b7:5d:38:84:a8:57:a2:7e:fb:2f:e7:fd:38:3b:
                    55:e0:ec:d9:4c:ad:19:df:95:2a:f3:04:3f:1e:89:
                    01:72:4f:45:02:2a:fc:22:5f:69:95:c1:c2:3a:36:
                    12:2f:80:ce:11:a3:38:61:1f:4e:39:8f:aa:58:b7:
                    11:58:99:06:d1:4f:84:e3:92:cf:a1:d8:f7:84:47:
                    49:51:83:ca:a4:e7:d5:fb:b0:3e:5d:2b:30:af:d3:
                    ad:fb:a8:12:1e:3e:10:9b:59:77:e1:af:bf:47:44:
                    a1:7b:3b:93:bd:2a:1a:3d:d4:88:6e:e7:7b:dd:f8:
                    d6:89:e1:f5:5d:da:d2:d7:b0:74:5a:a3:2b:4b:b7:
                    89:fe:d8:02:0a:49:09:84:ae:7a:d7:eb:11:d7:44:
                    a8:60:3e:8f:f6:7f:08:37:75:c3:d8:1b:75:28:c5:
                    83:b0:e0:c6:79:4c:bf:6a:b0:05:e7:e8:73:4b:f7:
                    89:28:6a:7d:f1:57:e2:6d:e0:9b:42:59:a3:7b:0f:
                    83:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:C8:0D:9C:73:4C:BA:C4:6E:80:60:00:4D:BA:CC:A9:1A:5D:9C:C3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7c748147-8998-4672-8c3d-5171a4d8afff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.52.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         38:45:f6:4b:76:08:f2:2f:7e:de:56:3f:88:20:91:23:61:f3:
         14:f2:b9:e7:c0:46:e5:ed:b3:25:70:a9:51:5b:de:73:7d:a7:
         4f:ff:92:b7:68:81:8b:6e:87:a1:4d:84:20:af:f9:12:0a:27:
         a0:8c:07:f1:bb:47:ac:0e:dc:20:2e:ed:4e:39:e3:b5:47:14:
         c6:97:59:db:13:dc:ad:0d:c0:cd:47:0d:be:da:72:6a:ad:e3:
         f1:17:a6:d1:78:80:fb:ba:45:07:ef:9a:ad:0d:48:f8:6f:2c:
         09:c8:44:94:a3:58:59:b3:26:87:bc:70:f5:46:18:b5:b6:b3:
         87:9e:65:cb:47:26:ce:66:4a:5c:1b:02:43:10:15:db:7b:d5:
         47:2e:f1:46:50:0f:7b:d4:9b:e7:ec:94:59:8c:9f:6c:bf:3d:
         a1:c8:ac:ca:35:45:ee:2a:f5:e0:43:b7:4b:5d:ce:21:4b:04:
         c1:e6:0d:54:3f:c0:ee:f4:61:f0:1d:2c:94:79:45:79:cb:eb:
         f4:f5:ad:39:41:5c:da:33:9f:ba:5c:d2:a0:20:db:a7:82:49:
         b5:e2:c6:e8:26:9c:0c:64:bc:f4:d7:08:63:99:13:70:6f:0b:
         6a:12:96:7f:6c:58:61:84:3a:5a:ce:62:e7:21:3f:3d:01:2e:
         47:38:19:52
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIURnu0sfvvtmpvYBwgVxuu93Zw6RIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDAwMTAwWhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYjE5YjY0YzI3NjM3OGJjOWViNjkwYTI3ZGI0YWU1ZjNi
OTllZjEyZTFiNTIwYzIyNDBlZDY0NmRiODllZmU1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCr2looW+9ZS4BBU/AiK+b96utvk/gkGNWlVw3igRdP17zE
37PC+YyWiN7Oio6NObcvLCJZAXNeORNw7Qa3XTiEqFeifvsv5/04O1Xg7NlMrRnf
lSrzBD8eiQFyT0UCKvwiX2mVwcI6NhIvgM4RozhhH045j6pYtxFYmQbRT4Tjks+h
2PeER0lRg8qk59X7sD5dKzCv0637qBIePhCbWXfhr79HRKF7O5O9Kho91Ihu53vd
+NaJ4fVd2tLXsHRaoytLt4n+2AIKSQmErnrX6xHXRKhgPo/2fwg3dcPYG3UoxYOw
4MZ5TL9qsAXn6HNL94koan3xV+Jt4JtCWaN7D4NTAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUv8gNnHNMusRugGAATbrMqRpdnMMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdjNzQ4MTQ3LTg5OTgtNDY3Mi04YzNkLTUxNzFhNGQ4YWZmZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwIQNDANBgkqhkiG9w0BAQsFAAOCAQEAOEX2S3YI8i9+3lY/iCCRI2HzFPK5
58BG5e2zJXCpUVvec32nT/+St2iBi26HoU2EIK/5EgonoIwH8btHrA7cIC7tTjnj
tUcUxpdZ2xPcrQ3AzUcNvtpyaq3j8Rem0XiA+7pFB++arQ1I+G8sCchElKNYWbMm
h7xw9UYYtbazh55ly0cmzmZKXBsCQxAV23vVRy7xRlAPe9Sb5+yUWYyfbL89ocis
yjVF7ir14EO3S13OIUsEweYNVD/A7vRh8B0slHlFecvr9PWtOUFc2jOfulzSoCDb
p4JJteLG6CacDGS89NcIY5kTcG8LahKWf2xYYYQ6Ws5i5yE/PQEuRzgZUg==
-----END CERTIFICATE-----