Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5786c35c-d782-4e4c-8df1-c27d84b33db9.roa
File:                     5786c35c-d782-4e4c-8df1-c27d84b33db9.roa (raw, json)
Hash identifier:          4e+kdpbd9/ZWr1D0f6JdaK9SKy1j0YB25r+gebvAKZs=
Subject key identifier:   F9:07:30:89:34:0D:E9:5D:F8:46:86:0D:98:74:5C:32:09:14:43:7C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       747262FCD74E0326442BF2E5DAC8D089C697AC34
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5786c35c-d782-4e4c-8df1-c27d84b33db9.roa
Signing time:             Tue 30 Sep 2025 00:11:55 +0000
ROA not before:           Tue 30 Sep 2025 00:11:55 +0000
ROA not after:            Tue 04 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.144.0.0/16 maxlen: 16
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:72:62:fc:d7:4e:03:26:44:2b:f2:e5:da:c8:d0:89:c6:97:ac:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 30 00:11:55 2025 GMT
            Not After : Nov  4 23:59:59 2025 GMT
        Subject: serialNumber=0fec5e347f3adbdffcc4aeb26aeb5a0badaa742498dc8249597f45ed73123657, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:73:70:ad:3d:47:ea:39:61:e8:34:c8:0e:d6:
                    8c:3b:37:fa:be:3e:57:96:aa:f7:6f:49:cb:14:fd:
                    79:94:5a:22:ae:53:bb:ec:60:e8:b0:b9:21:ec:7a:
                    3d:3c:4b:e8:1b:cf:32:58:ba:9b:4a:b3:ec:5d:1f:
                    47:d0:ad:d8:72:80:e5:b1:67:c0:fd:4a:a8:36:98:
                    8e:07:fe:c7:00:2f:87:44:88:53:0c:2c:1a:51:9d:
                    c1:38:6d:dd:b4:15:eb:12:bd:96:a8:cb:12:a5:64:
                    2f:4c:68:a9:44:96:83:e9:8b:f3:28:cb:56:94:75:
                    14:44:52:69:e8:00:cc:82:e5:49:c0:68:e9:90:02:
                    7d:00:86:a5:49:63:42:1b:00:c0:3d:dd:df:c1:dd:
                    38:db:60:9f:1d:3f:3b:a7:b7:07:6e:a6:02:ef:74:
                    b5:04:a5:da:c8:56:fe:9c:b1:e3:13:25:a0:b7:02:
                    0c:93:8a:26:2c:12:13:90:7a:88:3d:ca:e3:17:2a:
                    f4:81:64:04:ff:48:95:bd:27:d8:23:b6:f9:76:f4:
                    ce:38:e9:8b:8a:1c:49:e8:a9:ba:cd:5c:f4:4f:88:
                    bb:ce:ee:c4:70:18:cd:8a:26:a5:b9:c9:d7:e1:49:
                    8a:c2:d7:e5:10:1e:0f:a5:02:3a:0b:8d:0d:68:d6:
                    ef:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:07:30:89:34:0D:E9:5D:F8:46:86:0D:98:74:5C:32:09:14:43:7C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5786c35c-d782-4e4c-8df1-c27d84b33db9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.144.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         79:4c:31:4f:d4:45:43:1c:f4:c6:f1:25:76:d0:e3:5a:88:77:
         52:5d:97:eb:69:a7:d0:c1:11:9d:00:50:c9:20:dc:89:aa:20:
         2d:4e:21:c6:ef:9b:17:88:88:c6:b6:ee:5f:51:33:81:d1:3c:
         26:bb:94:9f:f9:a1:39:f9:50:eb:cd:c6:a5:48:5f:a6:cc:6f:
         2f:33:36:a4:11:5a:1e:12:00:9b:bb:dd:17:3a:8d:84:8d:1b:
         e0:ad:0d:3b:48:a5:c0:c6:ad:2d:b7:57:23:ae:c9:d9:1c:dd:
         63:2a:94:7d:0a:11:71:76:90:5e:09:7c:fc:7e:68:4d:e5:71:
         c5:e3:42:5a:76:52:cc:d6:93:b7:28:69:57:72:42:8b:d8:56:
         bc:75:ac:b8:ee:fc:fc:4a:36:53:89:6c:63:21:f1:04:d4:85:
         15:6c:31:4e:ee:ac:72:89:6d:61:cf:66:37:f6:ca:80:5b:a0:
         f6:06:74:e5:7c:fc:31:3d:65:53:54:94:4e:0a:2b:7b:d8:42:
         d1:6d:fe:6c:cc:af:e0:63:45:a5:b1:27:7b:7c:28:da:77:ab:
         f6:52:9b:c6:b8:60:1b:8f:b3:54:9c:e3:fd:53:fd:81:ea:63:
         46:7e:ff:a5:22:7a:2d:6f:7e:14:66:85:52:b2:23:14:45:b4:
         05:0d:a0:59
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdHJi/NdOAyZEK/Ll2sjQicaXrDQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTMwMDAxMTU1WhcNMjUxMTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZmVjNWUzNDdmM2FkYmRmZmNjNGFlYjI2YWViNWEwYmFk
YWE3NDI0OThkYzgyNDk1OTdmNDVlZDczMTIzNjU3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDic3CtPUfqOWHoNMgO1ow7N/q+PleWqvdvScsU/XmUWiKu
U7vsYOiwuSHsej08S+gbzzJYuptKs+xdH0fQrdhygOWxZ8D9Sqg2mI4H/scAL4dE
iFMMLBpRncE4bd20FesSvZaoyxKlZC9MaKlEloPpi/Moy1aUdRREUmnoAMyC5UnA
aOmQAn0AhqVJY0IbAMA93d/B3TjbYJ8dPzuntwdupgLvdLUEpdrIVv6cseMTJaC3
AgyTiiYsEhOQeog9yuMXKvSBZAT/SJW9J9gjtvl29M446YuKHEnoqbrNXPRPiLvO
7sRwGM2KJqW5ydfhSYrC1+UQHg+lAjoLjQ1o1u9BAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU+QcwiTQN6V34RoYNmHRcMgkUQ3wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU3ODZjMzVjLWQ3ODItNGU0Yy04ZGYxLWMyN2Q4NGIzM2RiOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQkDANBgkqhkiG9w0BAQsFAAOCAQEAeUwxT9RFQxz0xvEldtDjWoh3Ul2X
62mn0MERnQBQySDciaogLU4hxu+bF4iIxrbuX1EzgdE8JruUn/mhOflQ683GpUhf
psxvLzM2pBFaHhIAm7vdFzqNhI0b4K0NO0ilwMatLbdXI67J2RzdYyqUfQoRcXaQ
Xgl8/H5oTeVxxeNCWnZSzNaTtyhpV3JCi9hWvHWsuO78/Eo2U4lsYyHxBNSFFWwx
Tu6scoltYc9mN/bKgFug9gZ05Xz8MT1lU1SUTgore9hC0W3+bMyv4GNFpbEne3wo
2ner9lKbxrhgG4+zVJzj/VP9gepjRn7/pSJ6LW9+FGaFUrIjFEW0BQ2gWQ==
-----END CERTIFICATE-----