Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/10e8eaff-a969-4014-aee5-0177cbb5381e.roa
File:                     10e8eaff-a969-4014-aee5-0177cbb5381e.roa (raw, json)
Hash identifier:          bnI+LW1QNcI+QYxgoe/bta4x9aXafBNL4KWv82JgVsg=
Subject key identifier:   A9:70:00:BE:31:D9:70:F6:79:B0:A3:C4:E9:82:C7:27:E7:20:75:6E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3A7B529D0C6FB5A3A0E53CCE61830462E575D761
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/10e8eaff-a969-4014-aee5-0177cbb5381e.roa
Signing time:             Fri 17 Oct 2025 00:51:56 +0000
ROA not before:           Fri 17 Oct 2025 00:51:56 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.162.0.0/15 maxlen: 15
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:7b:52:9d:0c:6f:b5:a3:a0:e5:3c:ce:61:83:04:62:e5:75:d7:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 17 00:51:56 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=60477a73af7af079114cb420ef86b43a76c55b8680a4dbe3e031ba961c7db94e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:bc:d1:39:c3:a5:1c:28:42:da:c2:52:19:74:
                    be:00:27:9b:0a:32:b3:a9:aa:cd:b9:0f:e7:7f:ba:
                    30:87:65:05:2e:27:35:0f:df:5d:1d:1a:44:8f:a1:
                    f7:e9:e8:13:41:53:ce:e7:16:d1:8c:d9:13:f4:c4:
                    54:d4:be:7d:fc:dc:05:60:f8:ad:6e:43:e5:a5:ba:
                    60:55:39:6a:9a:b6:fb:57:7e:52:2b:f6:d2:13:4a:
                    62:43:de:19:98:fc:c1:86:4e:4f:fc:ab:20:d6:49:
                    6b:41:88:75:f2:93:ba:49:72:8d:22:3f:97:b1:90:
                    38:a7:ac:32:ec:3f:3e:79:b8:46:c5:3d:4e:fc:85:
                    30:db:e6:9d:5b:99:72:76:37:80:73:0b:4a:ab:b3:
                    40:cd:08:19:ef:1a:d6:37:ee:3c:24:d2:32:0e:1a:
                    60:0c:fc:13:46:65:08:25:0d:bf:bc:44:0f:5c:07:
                    f2:dd:7c:e1:d2:28:ad:61:7b:6b:21:71:b3:91:e4:
                    26:e7:0b:61:58:32:bd:d1:d3:8d:98:42:2e:e3:02:
                    66:b1:e8:83:2a:ad:f6:3d:a7:a4:ee:90:12:e5:57:
                    14:66:09:9a:d7:f6:c9:85:d7:00:a7:ff:ac:1e:e1:
                    76:6c:b0:0f:2b:f7:96:5c:68:9e:ba:14:49:90:20:
                    26:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:70:00:BE:31:D9:70:F6:79:B0:A3:C4:E9:82:C7:27:E7:20:75:6E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/10e8eaff-a969-4014-aee5-0177cbb5381e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.162.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         4e:40:b6:73:51:9c:6b:b1:6a:9d:a7:4b:87:96:03:61:d0:1f:
         61:ab:8c:93:57:61:f3:1b:37:aa:b8:93:e2:c3:e5:87:58:25:
         ef:55:ab:8a:7b:c4:bf:71:9d:36:6b:1a:f5:d0:36:77:32:c6:
         c2:d7:80:b9:fb:af:42:0f:6f:d7:66:85:bf:81:80:69:d0:9d:
         ab:e4:b9:fd:6e:91:f1:c6:7a:25:f2:27:92:0c:bd:d2:3e:fa:
         c2:8b:1a:c6:11:3b:80:a4:b5:80:62:b6:8b:9c:6b:76:d5:5b:
         b6:1f:a0:a8:f3:c8:59:ce:49:a5:58:23:d5:17:61:d7:c6:90:
         a2:c4:c3:bf:31:57:e5:9d:c8:ac:8c:c1:fc:90:c0:94:88:14:
         66:ec:ea:0e:67:fe:d0:85:88:bf:52:8c:5e:f2:cc:75:9d:67:
         0d:a5:5f:23:bc:9d:33:7c:8c:89:8a:71:65:56:53:65:72:15:
         cb:f4:7d:35:3c:f4:60:9c:0b:de:f4:b6:e9:c2:ea:1c:8b:9d:
         10:ff:09:93:03:88:c6:4b:d0:f2:d4:2d:2b:b6:0a:05:42:96:
         82:68:8d:8f:59:b8:df:fa:67:db:fe:96:62:ae:79:72:82:14:
         b3:04:c0:f0:bd:4f:dd:77:94:d0:89:2c:da:db:de:d9:de:5e:
         0d:24:ef:0f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUOntSnQxvtaOg5TzOYYMEYuV112EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE3MDA1MTU2WhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MDQ3N2E3M2FmN2FmMDc5MTE0Y2I0MjBlZjg2YjQzYTc2
YzU1Yjg2ODBhNGRiZTNlMDMxYmE5NjFjN2RiOTRlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCXvNE5w6UcKELawlIZdL4AJ5sKMrOpqs25D+d/ujCHZQUu
JzUP310dGkSPoffp6BNBU87nFtGM2RP0xFTUvn383AVg+K1uQ+WlumBVOWqatvtX
flIr9tITSmJD3hmY/MGGTk/8qyDWSWtBiHXyk7pJco0iP5exkDinrDLsPz55uEbF
PU78hTDb5p1bmXJ2N4BzC0qrs0DNCBnvGtY37jwk0jIOGmAM/BNGZQglDb+8RA9c
B/LdfOHSKK1he2shcbOR5CbnC2FYMr3R042YQi7jAmax6IMqrfY9p6TukBLlVxRm
CZrX9smF1wCn/6we4XZssA8r95ZcaJ66FEmQICZLAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUqXAAvjHZcPZ5sKPE6YLHJ+cgdW4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzEwZThlYWZmLWE5NjktNDAxNC1hZWU1LTAxNzdjYmI1MzgxZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEQojANBgkqhkiG9w0BAQsFAAOCAQEATkC2c1Gca7FqnadLh5YDYdAfYauM
k1dh8xs3qriT4sPlh1gl71WrinvEv3GdNmsa9dA2dzLGwteAufuvQg9v12aFv4GA
adCdq+S5/W6R8cZ6JfInkgy90j76wosaxhE7gKS1gGK2i5xrdtVbth+gqPPIWc5J
pVgj1Rdh18aQosTDvzFX5Z3IrIzB/JDAlIgUZuzqDmf+0IWIv1KMXvLMdZ1nDaVf
I7ydM3yMiYpxZVZTZXIVy/R9NTz0YJwL3vS26cLqHIudEP8JkwOIxkvQ8tQtK7YK
BUKWgmiNj1m43/pn2/6WYq55coIUswTA8L1P3XeU0Iks2tve2d5eDSTvDw==
-----END CERTIFICATE-----