Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0ee5aa8d-429e-4193-96bb-7d20581f3ad2.roa
File:                     0ee5aa8d-429e-4193-96bb-7d20581f3ad2.roa (raw, json)
Hash identifier:          7SCmKLqmyV1bgy45RnxzWVTz6WYYsy65Wo0fwU1MSK4=
Subject key identifier:   F2:FD:9D:7F:F2:1D:F0:A2:D8:B2:45:C5:0C:30:3F:98:B0:E0:B1:CD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6782B6F08874147B65FAFD1906DFA0AE668D3634
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0ee5aa8d-429e-4193-96bb-7d20581f3ad2.roa
Signing time:             Mon 06 Oct 2025 16:38:23 +0000
ROA not before:           Mon 06 Oct 2025 16:38:23 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        50.16.160.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:82:b6:f0:88:74:14:7b:65:fa:fd:19:06:df:a0:ae:66:8d:36:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 16:38:23 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=192a07c1a405a945a24898793a74e13246fc1d8a3e1225222ba170e8accdaa8d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c0:a7:58:0a:2b:b0:04:c9:d6:ba:62:e0:73:
                    70:ec:2f:c9:93:43:6d:84:87:32:32:f4:78:5c:4d:
                    6a:38:ea:44:48:73:4f:69:84:af:b4:99:d1:a2:a9:
                    4e:fb:38:60:e5:ea:7b:1e:10:79:ef:ca:86:ad:31:
                    8a:25:72:da:42:fd:a1:bb:2b:49:c5:04:93:21:06:
                    74:c4:f7:49:91:95:33:94:73:ff:5f:ed:5c:a4:e1:
                    d2:f5:39:59:ad:bc:d6:b1:81:7d:f8:b6:8c:76:6f:
                    46:1d:5a:9e:c5:9e:98:82:88:13:80:ab:aa:b5:40:
                    4d:74:96:af:58:20:c8:0b:de:6b:ee:10:5e:8f:db:
                    74:0a:88:02:3b:2c:6e:8a:b5:3a:36:fc:a9:ee:61:
                    c1:33:5c:56:78:e9:a6:34:f1:e1:5b:49:3e:8d:d8:
                    62:75:6f:44:07:0d:42:34:bb:37:7f:7e:27:8a:63:
                    39:14:c3:80:81:d4:7e:d5:54:5e:43:a9:9c:66:06:
                    59:83:ac:57:6f:28:8f:75:b2:b7:ba:35:3c:ec:a7:
                    6c:9e:f3:e5:33:5f:db:d7:de:5c:c6:68:e3:53:b2:
                    9d:8e:c3:ac:cd:50:a4:e7:63:bb:c2:94:83:49:6e:
                    b5:fa:ca:04:a5:fc:77:16:66:b5:f7:73:03:fe:17:
                    7f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:FD:9D:7F:F2:1D:F0:A2:D8:B2:45:C5:0C:30:3F:98:B0:E0:B1:CD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0ee5aa8d-429e-4193-96bb-7d20581f3ad2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  50.16.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         52:c1:b3:9b:8f:15:46:61:ef:d4:4a:08:b9:29:d1:f6:b4:1d:
         d7:bd:05:40:ae:01:78:d6:96:f0:5a:ea:c3:57:0e:ad:18:e6:
         46:bd:19:31:86:00:58:b7:5c:6b:e9:96:4b:ef:12:42:e2:ff:
         2a:7b:df:53:bb:4f:c9:3f:46:d8:11:2c:0b:aa:3e:b1:a9:6f:
         75:e9:e0:58:e4:3a:fd:66:26:33:f5:ff:d1:54:4a:5f:26:03:
         e0:4d:58:76:98:0b:f2:8d:46:07:73:95:15:f7:14:da:02:66:
         f5:a2:4d:4d:db:ba:db:45:7f:31:c0:29:06:24:d9:41:06:7a:
         ff:6c:7e:74:42:00:f8:53:bd:e8:ab:4e:30:63:80:f8:12:80:
         11:15:2d:59:11:ed:4b:a9:cb:c7:b3:b3:f8:af:56:73:ac:70:
         46:d8:21:78:35:50:0c:b3:6e:5c:08:59:ae:09:c1:47:91:bd:
         50:98:e9:8d:90:04:d3:b2:9f:17:74:b1:14:00:3f:09:7d:fe:
         69:b8:28:58:f5:dd:aa:6e:88:23:60:d9:88:93:2d:6c:50:58:
         61:5d:97:cd:33:86:5a:4e:83:87:d3:df:cd:e3:bf:c3:78:a1:
         8e:25:c5:b3:37:5b:26:18:e6:f4:1f:2b:61:2e:29:eb:27:d6:
         3d:d0:bb:c5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZ4K28Ih0FHtl+v0ZBt+grmaNNjQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTYzODIzWhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxOTJhMDdjMWE0MDVhOTQ1YTI0ODk4NzkzYTc0ZTEzMjQ2
ZmMxZDhhM2UxMjI1MjIyYmExNzBlOGFjY2RhYThkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+wKdYCiuwBMnWumLgc3DsL8mTQ22EhzIy9HhcTWo46kRI
c09phK+0mdGiqU77OGDl6nseEHnvyoatMYolctpC/aG7K0nFBJMhBnTE90mRlTOU
c/9f7Vyk4dL1OVmtvNaxgX34tox2b0YdWp7FnpiCiBOAq6q1QE10lq9YIMgL3mvu
EF6P23QKiAI7LG6KtTo2/KnuYcEzXFZ46aY08eFbST6N2GJ1b0QHDUI0uzd/fieK
YzkUw4CB1H7VVF5DqZxmBlmDrFdvKI91sre6NTzsp2ye8+UzX9vX3lzGaONTsp2O
w6zNUKTnY7vClINJbrX6ygSl/HcWZrX3cwP+F38jAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8v2df/Id8KLYskXFDDA/mLDgsc0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBlZTVhYThkLTQyOWUtNDE5My05NmJiLTdkMjA1ODFmM2FkMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQyEKAwDQYJKoZIhvcNAQELBQADggEBAFLBs5uPFUZh79RKCLkp0fa0Hde9
BUCuAXjWlvBa6sNXDq0Y5ka9GTGGAFi3XGvplkvvEkLi/yp731O7T8k/RtgRLAuq
PrGpb3Xp4FjkOv1mJjP1/9FUSl8mA+BNWHaYC/KNRgdzlRX3FNoCZvWiTU3buttF
fzHAKQYk2UEGev9sfnRCAPhTveirTjBjgPgSgBEVLVkR7Uupy8ezs/ivVnOscEbY
IXg1UAyzblwIWa4JwUeRvVCY6Y2QBNOynxd0sRQAPwl9/mm4KFj13apuiCNg2YiT
LWxQWGFdl80zhlpOg4fT383jv8N4oY4lxbM3WyYY5vQfK2EuKesn1j3Qu8U=
-----END CERTIFICATE-----