Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5e218b04-dfaf-4fdb-9e82-bad8d7e36def.roa
File:                     5e218b04-dfaf-4fdb-9e82-bad8d7e36def.roa (raw, json)
Hash identifier:          zZEBqkzlnOW1NCehYTniwMvvqD9Kyr6U/QXyax2nsqQ=
Subject key identifier:   8B:75:1F:EC:59:EC:7C:F9:13:66:EE:0A:7B:02:CF:6A:55:29:C3:D2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3854172EBFDE282A71A398B1A03E41CEE886D38E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5e218b04-dfaf-4fdb-9e82-bad8d7e36def.roa
Signing time:             Tue 30 Sep 2025 00:11:14 +0000
ROA not before:           Tue 30 Sep 2025 00:11:14 +0000
ROA not after:            Tue 04 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.206.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:54:17:2e:bf:de:28:2a:71:a3:98:b1:a0:3e:41:ce:e8:86:d3:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 30 00:11:14 2025 GMT
            Not After : Nov  4 23:59:59 2025 GMT
        Subject: serialNumber=edce990f9af1eb539a273b1f4611039e6cd8297e85cc766d3c4527ba2a812038, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:71:8a:f7:bc:cb:63:60:e3:38:c9:67:05:ad:
                    c1:dd:f0:6e:71:43:7e:7c:b3:3a:c3:c8:d0:e9:68:
                    b0:31:05:a6:3f:a2:10:3f:60:22:a2:19:13:29:a7:
                    a7:12:dd:f1:e4:ce:d3:c7:96:26:d3:44:30:32:05:
                    cd:f0:f8:4d:ca:16:ff:fb:d9:22:63:72:6c:cb:a9:
                    b5:12:6f:8e:0e:20:e1:df:39:cf:be:41:bf:97:0f:
                    7f:82:b3:23:46:29:df:af:38:6c:4d:e6:e1:eb:3f:
                    39:50:ff:6e:b4:db:dd:98:33:e7:d5:eb:17:ba:dc:
                    b2:ac:a4:09:19:11:bf:94:03:5b:5e:2b:e4:2f:17:
                    ff:94:9b:3c:5e:a0:2e:60:3a:72:e0:16:10:7f:80:
                    43:4e:90:2b:fe:68:8f:4d:17:61:f6:ee:b8:6e:ef:
                    68:09:d3:3e:cb:60:46:d7:21:ba:73:71:e0:0f:3e:
                    42:02:0d:71:d8:50:bf:26:5a:fc:31:0f:fb:59:54:
                    f1:05:18:fe:0f:ff:9b:71:64:a2:ca:61:f7:75:f2:
                    6c:7f:d1:2e:7f:ea:96:5d:09:cc:f6:24:c3:29:1e:
                    ce:d8:c4:1c:78:0e:0c:35:07:97:dc:9a:b5:53:ec:
                    93:fa:77:47:df:16:91:f5:fb:b1:f8:86:b2:61:13:
                    bb:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:75:1F:EC:59:EC:7C:F9:13:66:EE:0A:7B:02:CF:6A:55:29:C3:D2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5e218b04-dfaf-4fdb-9e82-bad8d7e36def.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.206.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b0:e3:51:42:1c:e1:6f:a7:93:28:22:51:ce:af:54:c4:9a:85:
         fc:c6:8e:5d:9c:cd:65:6b:24:45:bd:85:8e:1a:7c:86:e8:2c:
         f3:9d:40:4d:e8:5e:d1:ba:0f:df:48:cb:4e:2e:22:1a:68:fd:
         e5:09:d5:67:b0:2a:26:3d:dd:11:52:a1:88:9a:ea:dd:52:23:
         45:05:75:20:f7:94:1d:98:29:68:ad:ee:cb:dd:e6:cb:99:1b:
         8e:58:ae:3c:eb:08:70:2c:20:b5:2f:0c:66:f1:dd:15:c6:b7:
         22:7e:0a:57:ea:d8:65:c0:83:09:c9:f8:2a:e4:bb:c0:ba:c9:
         af:b0:e5:e6:ae:74:da:e1:63:1f:5a:f1:0c:c1:da:5c:20:19:
         e3:d9:01:98:90:63:70:44:35:47:14:d4:7a:fe:9f:f3:59:b3:
         48:a6:f5:5c:63:8e:71:65:48:71:e3:ed:61:84:f7:44:fe:cf:
         61:8c:9a:b9:1a:f8:c1:cd:91:f0:a3:9c:b8:05:8d:49:8e:83:
         d9:4c:0c:ca:ad:74:9c:0d:1f:4f:83:a2:d6:f1:82:e8:fa:b7:
         16:20:52:19:4d:4d:5a:f8:82:37:bd:c1:45:14:49:70:52:8f:
         da:0e:53:f8:37:7d:55:8d:08:e5:5a:70:a8:f7:b8:ce:6a:e9:
         b9:22:2b:74
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUOFQXLr/eKCpxo5ixoD5BzuiG044wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTMwMDAxMTE0WhcNMjUxMTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZGNlOTkwZjlhZjFlYjUzOWEyNzNiMWY0NjExMDM5ZTZj
ZDgyOTdlODVjYzc2NmQzYzQ1MjdiYTJhODEyMDM4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAcYr3vMtjYOM4yWcFrcHd8G5xQ358szrDyNDpaLAxBaY/
ohA/YCKiGRMpp6cS3fHkztPHlibTRDAyBc3w+E3KFv/72SJjcmzLqbUSb44OIOHf
Oc++Qb+XD3+CsyNGKd+vOGxN5uHrPzlQ/260292YM+fV6xe63LKspAkZEb+UA1te
K+QvF/+UmzxeoC5gOnLgFhB/gENOkCv+aI9NF2H27rhu72gJ0z7LYEbXIbpzceAP
PkICDXHYUL8mWvwxD/tZVPEFGP4P/5txZKLKYfd18mx/0S5/6pZdCcz2JMMpHs7Y
xBx4Dgw1B5fcmrVT7JP6d0ffFpH1+7H4hrJhE7tdAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUi3Uf7FnsfPkTZu4KewLPalUpw9IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVlMjE4YjA0LWRmYWYtNGZkYi05ZTgyLWJhZDhkN2UzNmRlZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQzjANBgkqhkiG9w0BAQsFAAOCAQEAsONRQhzhb6eTKCJRzq9UxJqF/MaO
XZzNZWskRb2Fjhp8hugs851ATehe0boP30jLTi4iGmj95QnVZ7AqJj3dEVKhiJrq
3VIjRQV1IPeUHZgpaK3uy93my5kbjliuPOsIcCwgtS8MZvHdFca3In4KV+rYZcCD
Ccn4KuS7wLrJr7Dl5q502uFjH1rxDMHaXCAZ49kBmJBjcEQ1RxTUev6f81mzSKb1
XGOOcWVIcePtYYT3RP7PYYyauRr4wc2R8KOcuAWNSY6D2UwMyq10nA0fT4Oi1vGC
6Pq3FiBSGU1NWviCN73BRRRJcFKP2g5T+Dd9VY0I5VpwqPe4zmrpuSIrdA==
-----END CERTIFICATE-----