Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4448c9ac-4024-4f85-a898-bad42919a19c.roa
File:                     4448c9ac-4024-4f85-a898-bad42919a19c.roa (raw, json)
Hash identifier:          jnOaOv2KH3TfLrJpG0bOK8s/d8on4W/Bo6f35pRAwUo=
Subject key identifier:   DF:64:7D:3D:FB:CD:8A:E1:32:CA:48:B1:09:1C:56:9D:B3:65:85:40
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3B2A9A17A0E41F8D4429949A4BEF942CD9556C9D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4448c9ac-4024-4f85-a898-bad42919a19c.roa
Signing time:             Tue 30 Sep 2025 00:11:57 +0000
ROA not before:           Tue 30 Sep 2025 00:11:57 +0000
ROA not after:            Tue 04 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.153.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:2a:9a:17:a0:e4:1f:8d:44:29:94:9a:4b:ef:94:2c:d9:55:6c:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 30 00:11:57 2025 GMT
            Not After : Nov  4 23:59:59 2025 GMT
        Subject: serialNumber=f6df57c80a16dc10feaef3f9197e64a3af38ab7336529a9ad0d219411615535b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:04:e1:d4:e3:92:da:45:af:c3:ac:cd:de:5c:
                    24:60:d7:e2:d6:49:f5:52:ef:91:80:ce:b3:67:8a:
                    be:54:dd:ab:f5:f4:bf:1f:77:a9:92:78:62:48:b9:
                    ee:35:e8:5d:03:33:fb:af:b9:08:db:bf:f9:a3:d3:
                    c9:49:ed:2a:89:9c:5c:6f:8c:97:f3:f1:4c:52:96:
                    46:b9:7f:9c:68:d1:59:7e:9c:2d:c1:ea:de:62:6a:
                    af:25:29:99:48:e3:ed:7c:5c:09:d5:8a:c8:29:e3:
                    72:ad:aa:fb:e0:fa:55:2e:8e:85:f6:e7:2a:78:22:
                    f9:a3:40:d5:d3:fd:d2:e6:16:23:fc:0b:2d:f5:0a:
                    4c:7e:22:9f:6e:07:74:72:b6:69:ce:d4:31:fc:90:
                    a0:e0:b0:20:b8:7b:f0:d3:a0:cf:f6:1c:fa:23:77:
                    57:d1:04:02:44:21:94:85:70:0d:ea:59:a6:3d:33:
                    29:29:4e:27:9b:4f:f3:76:d2:b7:9c:e4:3c:9e:dd:
                    e1:79:71:0d:ee:72:9a:ef:a2:ed:8f:fb:72:cd:93:
                    18:08:40:3f:99:5a:e6:00:66:d7:be:16:e6:bd:47:
                    5f:d4:3c:2b:dc:91:30:e1:25:64:70:7c:f9:27:d1:
                    4d:df:9f:da:e2:cb:73:fe:af:ab:15:52:bf:a4:5d:
                    83:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:64:7D:3D:FB:CD:8A:E1:32:CA:48:B1:09:1C:56:9D:B3:65:85:40
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4448c9ac-4024-4f85-a898-bad42919a19c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.153.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7d:e3:2c:50:db:c4:fa:ef:9e:82:fb:4a:e2:cd:09:43:79:a5:
         37:dd:a0:25:e8:8a:20:84:13:3e:e2:7b:be:78:d7:9f:d2:36:
         77:6b:62:86:83:93:fa:42:12:f6:ff:54:15:2a:05:1a:63:42:
         25:c1:90:2b:e9:0d:bd:78:ad:17:95:77:0e:31:f9:9d:33:e4:
         42:cc:63:29:79:3b:06:54:69:5f:c0:a5:0f:68:62:63:e1:93:
         54:c5:18:6a:29:1d:40:5b:44:70:6b:df:7c:b3:dd:86:d1:01:
         c7:63:ce:47:8e:49:19:51:63:b1:06:ee:bb:8d:fa:03:02:0c:
         78:67:44:4e:26:ac:76:f9:83:8e:88:f8:05:81:ff:55:38:ee:
         51:28:70:7a:a4:46:58:21:49:bd:9e:5a:9a:a1:60:eb:a4:06:
         c7:ad:52:35:cb:84:ee:dd:f7:e2:0a:57:4c:12:b4:22:4a:81:
         f8:1e:14:ad:ef:c0:76:47:de:ac:95:3a:39:d4:71:b5:00:de:
         81:00:fa:d6:99:33:71:26:85:62:80:f6:42:78:ff:36:61:be:
         88:cb:48:66:f7:f4:e4:2d:76:be:61:26:77:ff:79:01:b8:b8:
         c5:57:a6:52:03:15:47:79:56:a2:3a:f4:13:00:81:40:e6:8f:
         aa:8e:61:35
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUOyqaF6DkH41EKZSaS++ULNlVbJ0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTMwMDAxMTU3WhcNMjUxMTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNmRmNTdjODBhMTZkYzEwZmVhZWYzZjkxOTdlNjRhM2Fm
MzhhYjczMzY1MjlhOWFkMGQyMTk0MTE2MTU1MzViMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2BOHU45LaRa/DrM3eXCRg1+LWSfVS75GAzrNnir5U3av1
9L8fd6mSeGJIue416F0DM/uvuQjbv/mj08lJ7SqJnFxvjJfz8UxSlka5f5xo0Vl+
nC3B6t5iaq8lKZlI4+18XAnVisgp43Ktqvvg+lUujoX25yp4IvmjQNXT/dLmFiP8
Cy31Ckx+Ip9uB3RytmnO1DH8kKDgsCC4e/DToM/2HPojd1fRBAJEIZSFcA3qWaY9
MykpTiebT/N20rec5Dye3eF5cQ3ucprvou2P+3LNkxgIQD+ZWuYAZte+Fua9R1/U
PCvckTDhJWRwfPkn0U3fn9riy3P+r6sVUr+kXYOlAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU32R9PfvNiuEyykixCRxWnbNlhUAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ0NDhjOWFjLTQwMjQtNGY4NS1hODk4LWJhZDQyOTE5YTE5Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQmTANBgkqhkiG9w0BAQsFAAOCAQEAfeMsUNvE+u+egvtK4s0JQ3mlN92g
JeiKIIQTPuJ7vnjXn9I2d2tihoOT+kIS9v9UFSoFGmNCJcGQK+kNvXitF5V3DjH5
nTPkQsxjKXk7BlRpX8ClD2hiY+GTVMUYaikdQFtEcGvffLPdhtEBx2POR45JGVFj
sQbuu436AwIMeGdETiasdvmDjoj4BYH/VTjuUShweqRGWCFJvZ5amqFg66QGx61S
NcuE7t334gpXTBK0IkqB+B4Ure/AdkferJU6OdRxtQDegQD61pkzcSaFYoD2Qnj/
NmG+iMtIZvf05C12vmEmd/95Abi4xVemUgMVR3lWojr0EwCBQOaPqo5hNQ==
-----END CERTIFICATE-----