Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1fc2c70b-2c53-4001-8560-44ed39824c11.roa
File:                     1fc2c70b-2c53-4001-8560-44ed39824c11.roa (raw, json)
Hash identifier:          OASRbvvwXKSgLd+fXvQaUBlJjNiwLcryYqPD1bCvXnw=
Subject key identifier:   09:E1:43:FE:60:EB:E6:71:99:91:2A:8A:DB:D8:03:97:5B:6E:4D:73
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       609BDFB6A8DDBFB5259CF9BF00065029346B835B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1fc2c70b-2c53-4001-8560-44ed39824c11.roa
Signing time:             Sat 27 Sep 2025 00:02:24 +0000
ROA not before:           Sat 27 Sep 2025 00:02:24 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.133.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:9b:df:b6:a8:dd:bf:b5:25:9c:f9:bf:00:06:50:29:34:6b:83:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 27 00:02:24 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=3a70b92116d54b42c022dd94e2ecec736cb39c1bcd8becdf71a1914a226f419a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:77:64:03:31:52:c8:04:14:17:56:eb:b8:34:
                    3b:19:b8:d3:5a:2d:cc:71:2e:7d:df:9d:34:1a:c4:
                    95:35:7a:35:18:d8:5c:7f:fe:18:36:e0:6e:81:4d:
                    ea:78:ae:24:2e:b7:8c:0e:3f:d8:00:53:83:ce:51:
                    e3:6f:56:cb:f1:20:28:5c:6c:76:82:ee:62:a9:8e:
                    55:ea:7b:b6:c9:fa:4b:a9:79:79:a0:1c:ce:21:5f:
                    49:8d:75:62:1b:58:fe:7f:84:f9:f8:9d:a8:79:4a:
                    1a:b1:cc:70:91:60:1c:1c:d7:62:89:90:92:86:ed:
                    d5:2f:5a:9f:76:47:e4:cf:51:2d:5b:87:35:71:82:
                    75:bb:68:60:63:df:1f:d5:0e:02:4b:82:aa:68:b2:
                    0a:98:fc:23:c4:6a:6b:a1:72:6f:3e:e6:81:a1:3d:
                    2a:96:43:d8:9b:d7:eb:c6:31:99:32:a2:34:9f:90:
                    45:a3:e7:c5:51:ec:ec:b9:84:76:dc:36:58:00:06:
                    cb:dd:8c:65:35:9b:ed:e9:64:87:b2:75:1d:a4:ce:
                    c5:65:c0:f7:81:9e:67:59:da:4b:25:eb:c6:73:5d:
                    a3:db:3b:a9:d0:ba:fa:c8:37:3f:f1:d4:f8:a5:45:
                    65:00:39:f3:b6:c0:3c:c4:d7:bc:d0:fc:38:20:69:
                    01:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:E1:43:FE:60:EB:E6:71:99:91:2A:8A:DB:D8:03:97:5B:6E:4D:73
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1fc2c70b-2c53-4001-8560-44ed39824c11.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.133.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         84:1b:63:ca:57:55:10:1c:a4:5a:85:4a:8a:a2:76:ab:47:12:
         9c:e6:2c:ba:25:25:6a:98:82:f0:31:86:d4:41:a6:1c:6d:f5:
         ed:3f:28:42:e4:96:5d:1b:ee:94:85:ed:50:e0:8f:05:95:b5:
         2a:24:63:76:f3:42:3f:1f:32:ba:04:53:0c:11:d3:62:3b:08:
         4d:b6:13:65:c9:81:8d:21:48:b2:0c:b0:a6:ee:12:b6:4f:4e:
         ce:3c:7c:22:b4:3d:65:ab:7a:c5:3d:36:7b:b9:3b:5e:a5:ae:
         a3:d2:a1:b0:94:4d:bf:b9:a0:fa:4f:cb:88:52:17:8c:c5:17:
         c8:6e:bc:53:e1:b1:cb:a4:84:61:f2:30:5a:8a:8c:b1:f6:43:
         d0:9d:6f:c5:84:4b:4e:95:ac:fd:86:a9:65:c1:38:86:37:1d:
         5d:97:a9:89:7a:8b:a4:e9:6b:da:64:59:2e:86:78:10:46:8d:
         33:b7:4a:84:d2:14:2d:e9:27:b7:1b:c3:11:33:21:3d:7d:5d:
         8f:74:15:36:20:a0:5a:9e:7c:ac:48:c3:fc:37:36:04:23:a2:
         ef:b5:c7:aa:d5:ca:3b:6c:b6:12:ca:c6:a6:e8:d9:08:c6:55:
         e8:a8:25:9a:05:56:fe:83:f6:59:14:c2:9b:4d:1d:05:4b:23:
         2f:c4:d9:b5
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUYJvftqjdv7UlnPm/AAZQKTRrg1swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI3MDAwMjI0WhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYTcwYjkyMTE2ZDU0YjQyYzAyMmRkOTRlMmVjZWM3MzZj
YjM5YzFiY2Q4YmVjZGY3MWExOTE0YTIyNmY0MTlhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcd2QDMVLIBBQXVuu4NDsZuNNaLcxxLn3fnTQaxJU1ejUY
2Fx//hg24G6BTep4riQut4wOP9gAU4POUeNvVsvxIChcbHaC7mKpjlXqe7bJ+kup
eXmgHM4hX0mNdWIbWP5/hPn4nah5ShqxzHCRYBwc12KJkJKG7dUvWp92R+TPUS1b
hzVxgnW7aGBj3x/VDgJLgqposgqY/CPEamuhcm8+5oGhPSqWQ9ib1+vGMZkyojSf
kEWj58VR7Oy5hHbcNlgABsvdjGU1m+3pZIeydR2kzsVlwPeBnmdZ2ksl68ZzXaPb
O6nQuvrINz/x1PilRWUAOfO2wDzE17zQ/DggaQE/AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUCeFD/mDr5nGZkSqK29gDl1tuTXMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFmYzJjNzBiLTJjNTMtNDAwMS04NTYwLTQ0ZWQzOTgyNGMxMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQhTANBgkqhkiG9w0BAQsFAAOCAQEAhBtjyldVEBykWoVKiqJ2q0cSnOYs
uiUlapiC8DGG1EGmHG317T8oQuSWXRvulIXtUOCPBZW1KiRjdvNCPx8yugRTDBHT
YjsITbYTZcmBjSFIsgywpu4Stk9Ozjx8IrQ9Zat6xT02e7k7XqWuo9KhsJRNv7mg
+k/LiFIXjMUXyG68U+Gxy6SEYfIwWoqMsfZD0J1vxYRLTpWs/YapZcE4hjcdXZep
iXqLpOlr2mRZLoZ4EEaNM7dKhNIULekntxvDETMhPX1dj3QVNiCgWp58rEjD/Dc2
BCOi77XHqtXKO2y2EsrGpujZCMZV6KglmgVW/oP2WRTCm00dBUsjL8TZtQ==
-----END CERTIFICATE-----