Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3fa4f6da-6073-4400-a522-35f62e2343ee.roa
File:                     3fa4f6da-6073-4400-a522-35f62e2343ee.roa (raw, json)
Hash identifier:          UcgAjG2BYXwJfbw/I1U4VwJTRBP8/XRZDQwDtC3XdX8=
Subject key identifier:   E7:E1:B6:57:ED:47:34:DB:4E:03:92:A9:9B:9C:BF:D7:22:C9:2B:F7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7F46415D0F9861A1099DB8279980344E09E6EE21
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3fa4f6da-6073-4400-a522-35f62e2343ee.roa
Signing time:             Fri 03 Oct 2025 00:42:16 +0000
ROA not before:           Fri 03 Oct 2025 00:42:16 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        71.16.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:46:41:5d:0f:98:61:a1:09:9d:b8:27:99:80:34:4e:09:e6:ee:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:42:16 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=6f703fcc8ab667aab589299449ee778d5940ae4dd37e3e7e5238776b2cc224e0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ec:2f:42:c7:e4:36:9a:92:1f:d5:77:31:6d:
                    91:f0:41:7b:11:7e:98:e3:8c:ae:b5:15:2a:0c:c2:
                    ca:3b:3a:3a:1a:e5:3d:d6:e2:dc:ca:87:da:59:fa:
                    76:ba:ec:5f:d9:dd:94:f0:37:0a:1b:ea:c1:85:f8:
                    30:e1:7b:3d:03:2e:48:c1:e1:2f:e1:fa:9f:e5:a8:
                    dd:98:1f:15:ec:f3:6c:55:e5:b4:3e:24:db:6f:44:
                    63:62:ac:e6:da:23:40:76:1f:8e:3f:16:53:e4:6d:
                    11:a2:ac:f8:e2:9b:4e:fe:b1:c6:2d:f0:6b:a8:6a:
                    ac:12:4c:9b:15:6a:a0:17:61:2d:e4:59:22:42:b1:
                    83:d3:db:04:87:57:c4:61:0e:dc:31:df:7d:ba:03:
                    90:58:92:81:46:67:5d:fa:f6:ef:9d:81:28:81:9a:
                    3f:20:f2:a7:02:e5:5c:33:77:14:1e:89:5a:3b:39:
                    cd:99:a7:b0:bb:b2:15:aa:73:84:5f:44:3e:48:d7:
                    ab:ab:bc:c0:d8:06:6c:0e:c3:08:1d:44:0d:f3:83:
                    62:be:6f:17:8c:af:e8:9c:31:82:d5:fa:82:14:9a:
                    11:5e:57:f1:a3:d2:50:4c:0d:98:ff:49:18:b1:f5:
                    97:ed:36:31:4a:ea:a9:53:c9:05:d7:46:a4:0f:51:
                    6c:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:E1:B6:57:ED:47:34:DB:4E:03:92:A9:9B:9C:BF:D7:22:C9:2B:F7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3fa4f6da-6073-4400-a522-35f62e2343ee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  71.16.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         89:62:c9:e7:9a:91:4c:9c:df:68:a3:c8:1b:72:c7:58:c2:f0:
         0f:c7:af:14:47:59:ed:27:02:5d:9f:09:7b:d2:48:f2:ee:dd:
         83:58:18:44:ee:fa:3e:15:da:fc:26:58:4e:78:b1:d7:f3:20:
         95:a5:d5:0b:59:b9:f4:0c:74:e7:81:47:10:b1:0b:b5:f5:84:
         b6:f9:df:36:7a:7f:a3:6a:3c:97:7f:73:67:72:d6:1d:79:f2:
         bc:c3:21:da:88:cb:66:92:e1:44:d7:04:33:e3:cb:68:14:1f:
         e1:0b:f1:fa:cb:df:e5:0f:26:81:0f:84:46:16:12:12:e1:3e:
         e4:95:ee:99:fb:ec:87:f6:51:37:3d:75:db:c3:1a:a6:37:32:
         f8:25:97:41:31:72:e6:9b:03:4c:d9:c6:8d:07:30:3a:83:7f:
         b8:d8:01:8a:35:46:96:d6:ff:0b:09:c9:ac:4b:e4:df:cb:26:
         a3:e4:8d:a0:8d:39:f1:46:ce:0d:bb:65:52:2d:b7:8a:09:80:
         97:77:7f:85:ea:d4:6b:6b:4a:1b:36:b9:32:62:03:c1:1b:d3:
         6d:15:36:80:26:c5:4e:dd:10:2f:ea:b5:4f:4b:01:df:3e:ac:
         13:52:a8:77:2c:9a:b6:61:11:25:c3:66:c3:e1:98:b4:b7:9c:
         3f:9a:3f:ce
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUf0ZBXQ+YYaEJnbgnmYA0Tgnm7iEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDA0MjE2WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZjcwM2ZjYzhhYjY2N2FhYjU4OTI5OTQ0OWVlNzc4ZDU5
NDBhZTRkZDM3ZTNlN2U1MjM4Nzc2YjJjYzIyNGUwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDA7C9Cx+Q2mpIf1XcxbZHwQXsRfpjjjK61FSoMwso7Ojoa
5T3W4tzKh9pZ+na67F/Z3ZTwNwob6sGF+DDhez0DLkjB4S/h+p/lqN2YHxXs82xV
5bQ+JNtvRGNirObaI0B2H44/FlPkbRGirPjim07+scYt8GuoaqwSTJsVaqAXYS3k
WSJCsYPT2wSHV8RhDtwx3326A5BYkoFGZ1369u+dgSiBmj8g8qcC5VwzdxQeiVo7
Oc2Zp7C7shWqc4RfRD5I16urvMDYBmwOwwgdRA3zg2K+bxeMr+icMYLV+oIUmhFe
V/Gj0lBMDZj/SRix9ZftNjFK6qlTyQXXRqQPUWx9AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU5+G2V+1HNNtOA5Kpm5y/1yLJK/cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNmYTRmNmRhLTYwNzMtNDQwMC1hNTIyLTM1ZjYyZTIzNDNlZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBHEDANBgkqhkiG9w0BAQsFAAOCAQEAiWLJ55qRTJzfaKPIG3LHWMLwD8ev
FEdZ7ScCXZ8Je9JI8u7dg1gYRO76PhXa/CZYTnix1/MglaXVC1m59Ax054FHELEL
tfWEtvnfNnp/o2o8l39zZ3LWHXnyvMMh2ojLZpLhRNcEM+PLaBQf4Qvx+svf5Q8m
gQ+ERhYSEuE+5JXumfvsh/ZRNz1128Mapjcy+CWXQTFy5psDTNnGjQcwOoN/uNgB
ijVGltb/CwnJrEvk38smo+SNoI058UbODbtlUi23igmAl3d/herUa2tKGza5MmID
wRvTbRU2gCbFTt0QL+q1T0sB3z6sE1KodyyatmERJcNmw+GYtLecP5o/zg==
-----END CERTIFICATE-----