Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/60a6c9ac-1221-4a4d-87e6-239a3fe2d1f4.roa
File:                     60a6c9ac-1221-4a4d-87e6-239a3fe2d1f4.roa (raw, json)
Hash identifier:          m9R1z6MvH5jEUzqFqT1Eeqwlmk1j4pVRizyxdX3idMo=
Subject key identifier:   4A:69:E7:6C:81:89:84:34:64:D1:12:0A:27:45:8D:81:57:43:D9:B3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       025E12669351E68CA8E83B64DFCD6EED106DCF12
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/60a6c9ac-1221-4a4d-87e6-239a3fe2d1f4.roa
Signing time:             Tue 30 Sep 2025 00:12:25 +0000
ROA not before:           Tue 30 Sep 2025 00:12:25 +0000
ROA not after:            Tue 04 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.219.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:5e:12:66:93:51:e6:8c:a8:e8:3b:64:df:cd:6e:ed:10:6d:cf:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 30 00:12:25 2025 GMT
            Not After : Nov  4 23:59:59 2025 GMT
        Subject: serialNumber=19bac1d1b01209f3d9fe37dd43166131f273055a9e7f281ceb528dc3c1688d53, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d7:a9:01:a1:3e:e1:08:07:f2:d9:0d:a2:9a:
                    44:56:27:ef:b7:b9:cb:2d:e6:12:b2:ab:4e:43:ed:
                    54:09:db:66:06:5e:08:d5:7a:8b:c0:a3:c8:10:d2:
                    9e:5e:98:29:31:38:c5:02:fb:c7:ef:34:07:2e:58:
                    61:77:8a:92:a2:56:e2:1c:e8:64:9e:25:32:be:6c:
                    8a:85:a2:24:62:ae:2c:52:86:e3:5c:22:d7:6d:44:
                    84:d0:da:73:57:ac:08:f4:4b:b2:d1:ca:60:6f:b1:
                    12:35:82:3d:0e:e0:ac:ed:f4:1f:89:12:01:70:5b:
                    51:1b:16:b4:05:4c:db:0d:3d:81:1c:48:94:94:53:
                    1c:a8:0e:a9:9e:62:5c:a1:c2:d9:f7:b3:59:fb:07:
                    ee:0e:e0:9c:3d:93:56:b5:9d:67:62:27:81:05:3e:
                    9f:04:f1:65:ed:28:15:37:54:ef:3c:38:54:63:5d:
                    97:d9:7b:16:9d:af:a0:a6:c7:7e:b0:32:9a:a0:80:
                    27:9d:2d:1b:26:a9:f8:cf:a1:67:c5:a0:78:73:8f:
                    19:fb:84:36:3c:38:21:18:a0:d8:37:b5:5b:13:18:
                    0d:43:fb:3d:86:1a:7d:09:3a:50:48:1b:45:5f:91:
                    a4:84:a4:9e:c7:ad:c8:04:dc:71:c6:c7:e8:e8:fe:
                    78:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:69:E7:6C:81:89:84:34:64:D1:12:0A:27:45:8D:81:57:43:D9:B3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/60a6c9ac-1221-4a4d-87e6-239a3fe2d1f4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.219.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9f:a4:00:fa:92:cb:f1:9f:30:b1:10:15:36:35:69:58:6e:c1:
         18:00:e6:18:29:42:42:c1:9d:04:3e:5b:da:f0:43:de:7e:2b:
         01:4d:b3:91:c5:c6:aa:2f:05:22:c9:5f:23:6c:9d:08:0b:6e:
         9d:2f:1e:e2:7a:13:b1:cb:1d:ee:85:cf:a5:55:f1:b8:cf:97:
         02:8b:bc:97:38:ab:7d:3f:f5:a3:92:06:ce:32:fc:a7:da:87:
         d7:99:ec:af:a5:19:65:e7:37:9a:b9:bb:a1:1f:a6:6a:59:5a:
         1a:d7:a3:24:38:44:c2:c6:c1:ef:3a:91:3c:eb:cc:e4:2a:4f:
         33:a0:45:51:4b:9b:53:6b:18:8e:7c:85:60:46:ee:74:a4:cf:
         f5:8d:2c:f8:44:01:13:da:8d:55:69:1c:81:9e:63:c4:6a:3f:
         04:20:85:e1:ef:58:56:a7:2c:9e:65:c4:81:dc:77:d5:3d:d1:
         78:9a:ce:6d:62:05:8e:f4:59:39:51:82:cb:83:b3:4e:ec:9f:
         61:bf:56:47:2a:03:e7:e6:91:cd:d8:e2:84:e0:b3:3e:80:0e:
         3e:ac:9e:03:aa:2b:c1:bf:4b:ee:9e:f9:de:ad:bb:ff:26:ae:
         dd:f2:a9:f0:29:5a:4d:41:7c:75:99:3f:23:05:4e:dd:30:34:
         63:de:8e:5a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUAl4SZpNR5oyo6Dtk381u7RBtzxIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTMwMDAxMjI1WhcNMjUxMTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxOWJhYzFkMWIwMTIwOWYzZDlmZTM3ZGQ0MzE2NjEzMWYy
NzMwNTVhOWU3ZjI4MWNlYjUyOGRjM2MxNjg4ZDUzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCX16kBoT7hCAfy2Q2imkRWJ++3ucst5hKyq05D7VQJ22YG
XgjVeovAo8gQ0p5emCkxOMUC+8fvNAcuWGF3ipKiVuIc6GSeJTK+bIqFoiRirixS
huNcItdtRITQ2nNXrAj0S7LRymBvsRI1gj0O4Kzt9B+JEgFwW1EbFrQFTNsNPYEc
SJSUUxyoDqmeYlyhwtn3s1n7B+4O4Jw9k1a1nWdiJ4EFPp8E8WXtKBU3VO88OFRj
XZfZexadr6Cmx36wMpqggCedLRsmqfjPoWfFoHhzjxn7hDY8OCEYoNg3tVsTGA1D
+z2GGn0JOlBIG0VfkaSEpJ7HrcgE3HHGx+jo/njvAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUSmnnbIGJhDRk0RIKJ0WNgVdD2bMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYwYTZjOWFjLTEyMjEtNGE0ZC04N2U2LTIzOWEzZmUyZDFmNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQ2zANBgkqhkiG9w0BAQsFAAOCAQEAn6QA+pLL8Z8wsRAVNjVpWG7BGADm
GClCQsGdBD5b2vBD3n4rAU2zkcXGqi8FIslfI2ydCAtunS8e4noTscsd7oXPpVXx
uM+XAou8lzirfT/1o5IGzjL8p9qH15nsr6UZZec3mrm7oR+mallaGtejJDhEwsbB
7zqRPOvM5CpPM6BFUUubU2sYjnyFYEbudKTP9Y0s+EQBE9qNVWkcgZ5jxGo/BCCF
4e9YVqcsnmXEgdx31T3ReJrObWIFjvRZOVGCy4OzTuyfYb9WRyoD5+aRzdjihOCz
PoAOPqyeA6orwb9L7p753q27/yau3fKp8ClaTUF8dZk/IwVO3TA0Y96OWg==
-----END CERTIFICATE-----