Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a00a5225-7aba-45f5-ab16-fd62fe46ec1a.roa
File:                     a00a5225-7aba-45f5-ab16-fd62fe46ec1a.roa (raw, json)
Hash identifier:          QZk61XebzIyH0yOsSWjSUKi5uCvKYWBdb9e00XzMgP4=
Subject key identifier:   22:64:91:3A:54:84:94:8E:F3:9B:E0:7E:34:73:C7:C1:3E:13:12:4B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       728DD3F70C9A78E3659EDDD53F4B72E67E37D6D7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a00a5225-7aba-45f5-ab16-fd62fe46ec1a.roa
Signing time:             Sat 25 Oct 2025 00:10:10 +0000
ROA not before:           Sat 25 Oct 2025 00:10:10 +0000
ROA not after:            Sat 29 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.53.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:8d:d3:f7:0c:9a:78:e3:65:9e:dd:d5:3f:4b:72:e6:7e:37:d6:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 25 00:10:10 2025 GMT
            Not After : Nov 29 23:59:59 2025 GMT
        Subject: serialNumber=44f6909ad8d24b0a8019af7cc8f58ac7a90234b39c9aced12c33cc5e04562e93, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e0:e6:35:80:f5:78:6a:f6:d6:ae:d9:d9:a0:
                    1d:14:11:0a:35:cc:c7:a4:38:9e:5b:3d:a4:af:76:
                    f6:04:4a:fa:4b:a7:a6:65:a7:ef:3d:f6:97:9e:a8:
                    01:40:0e:07:41:4b:77:4a:0b:ab:f6:44:75:81:27:
                    82:8a:97:cd:a4:0d:b2:fd:f0:08:41:da:52:ab:42:
                    72:18:4b:7f:cc:2b:88:71:24:0b:e9:b8:95:b8:ff:
                    1a:8e:3a:1d:3e:44:68:71:c8:c5:5c:f8:85:8d:1b:
                    10:16:a3:5a:b4:02:4c:cf:f9:73:a8:e4:94:d6:06:
                    a7:17:06:53:80:65:ff:dc:0b:ae:d1:0b:5e:49:17:
                    2e:6c:a7:5c:bd:ed:dc:8d:7b:5a:c6:75:e8:39:07:
                    c2:fc:13:8a:1b:89:df:5b:ed:54:b9:f4:19:00:3a:
                    75:53:21:ea:76:40:6f:de:b5:5b:38:7e:e2:d4:96:
                    1b:de:26:aa:24:bd:e1:ee:ff:70:72:8b:fe:c5:2d:
                    a7:05:a9:4f:12:8f:43:6e:97:41:c9:fd:4a:f9:d6:
                    a5:0b:dd:74:2b:cc:33:92:c3:57:89:3d:b2:1c:22:
                    e6:4b:54:14:e6:6f:95:f9:5b:c2:b9:8f:dd:ef:b1:
                    4e:4a:d9:12:62:5a:90:1a:16:82:5f:09:07:4e:0f:
                    7a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:64:91:3A:54:84:94:8E:F3:9B:E0:7E:34:73:C7:C1:3E:13:12:4B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a00a5225-7aba-45f5-ab16-fd62fe46ec1a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.53.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         98:b3:06:78:b7:af:38:81:02:2d:cf:6b:00:32:8f:4d:91:e0:
         5f:b9:0a:92:e9:4d:83:bc:98:1c:15:d6:6f:54:66:e4:93:da:
         4d:fe:f7:65:70:53:d0:fd:e7:23:6f:74:aa:df:66:12:aa:40:
         40:bd:ed:b2:c3:6d:3f:b9:50:31:4b:ad:3e:76:6d:19:ed:42:
         55:8e:59:2f:b0:ba:07:12:2c:0c:df:a7:06:35:9d:b9:39:f7:
         90:11:57:c1:ac:14:2b:74:3e:06:89:a6:4e:01:85:bd:43:ae:
         fd:ef:9e:e6:1d:88:61:e2:db:d7:d8:4c:79:89:4a:03:ab:2f:
         67:c8:a8:0d:a7:8a:1a:4f:bc:4f:4d:a2:89:44:a9:82:cf:fa:
         2c:fa:6d:58:8d:2e:a6:bb:52:ea:bb:9c:81:e1:1a:7c:98:1f:
         a0:a0:83:5e:17:a3:f5:f5:bd:ed:09:1b:ba:2a:d9:a4:bf:ea:
         d6:29:02:db:ce:59:87:fd:60:b1:8d:83:bf:18:84:67:e6:63:
         18:7b:e0:df:d0:ae:21:f3:67:d7:d6:c5:6a:5f:88:2c:73:b0:
         e8:db:c1:55:b2:df:3f:52:3f:06:db:f5:0b:8d:fc:a0:02:8e:
         db:d8:3c:51:8a:2f:b1:7d:25:a7:d6:bb:25:01:b9:1e:2d:95:
         82:15:ab:ee
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUco3T9wyaeONlnt3VP0ty5n431tcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI1MDAxMDEwWhcNMjUxMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NGY2OTA5YWQ4ZDI0YjBhODAxOWFmN2NjOGY1OGFjN2E5
MDIzNGIzOWM5YWNlZDEyYzMzY2M1ZTA0NTYyZTkzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDC4OY1gPV4avbWrtnZoB0UEQo1zMekOJ5bPaSvdvYESvpL
p6Zlp+899peeqAFADgdBS3dKC6v2RHWBJ4KKl82kDbL98AhB2lKrQnIYS3/MK4hx
JAvpuJW4/xqOOh0+RGhxyMVc+IWNGxAWo1q0AkzP+XOo5JTWBqcXBlOAZf/cC67R
C15JFy5sp1y97dyNe1rGdeg5B8L8E4obid9b7VS59BkAOnVTIep2QG/etVs4fuLU
lhveJqokveHu/3Byi/7FLacFqU8Sj0Nul0HJ/Ur51qUL3XQrzDOSw1eJPbIcIuZL
VBTmb5X5W8K5j93vsU5K2RJiWpAaFoJfCQdOD3qBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUImSROlSElI7zm+B+NHPHwT4TEkswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EwMGE1MjI1LTdhYmEtNDVmNS1hYjE2LWZkNjJmZTQ2ZWMxYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQNTANBgkqhkiG9w0BAQsFAAOCAQEAmLMGeLevOIECLc9rADKPTZHgX7kK
kulNg7yYHBXWb1Rm5JPaTf73ZXBT0P3nI290qt9mEqpAQL3tssNtP7lQMUutPnZt
Ge1CVY5ZL7C6BxIsDN+nBjWduTn3kBFXwawUK3Q+BommTgGFvUOu/e+e5h2IYeLb
19hMeYlKA6svZ8ioDaeKGk+8T02iiUSpgs/6LPptWI0uprtS6rucgeEafJgfoKCD
Xhej9fW97QkbuirZpL/q1ikC285Zh/1gsY2DvxiEZ+ZjGHvg39CuIfNn19bFal+I
LHOw6NvBVbLfP1I/Btv1C438oAKO29g8UYovsX0lp9a7JQG5Hi2VghWr7g==
-----END CERTIFICATE-----