Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65cdfd95-c81c-4b77-853a-f07eb2a03649.roa
File:                     65cdfd95-c81c-4b77-853a-f07eb2a03649.roa (raw, json)
Hash identifier:          wVt51WWmMN52+ES7iCegyU6see2ShDIrV/QN/rGGWCs=
Subject key identifier:   DF:8C:F1:EF:CC:92:B8:A5:0D:17:50:54:4A:05:F6:7D:B9:8B:26:77
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       11FC1A41148EFD65823A7B6A9C302CAF4C54499A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65cdfd95-c81c-4b77-853a-f07eb2a03649.roa
Signing time:             Wed 01 Oct 2025 00:01:17 +0000
ROA not before:           Wed 01 Oct 2025 00:01:17 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.204.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:fc:1a:41:14:8e:fd:65:82:3a:7b:6a:9c:30:2c:af:4c:54:49:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:01:17 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=4e4d4c2f55997fcc2fb4e69916be53b311df655825f0fe08f7056fbfba0ae70e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:8c:bf:f0:16:67:3e:08:4f:34:26:2e:a8:90:
                    db:ef:37:71:7d:53:8c:ba:ba:d0:8a:de:46:a4:d9:
                    9c:2d:42:11:49:0c:a8:cc:f6:9d:84:e8:2e:25:e6:
                    80:2d:5f:d7:43:b1:34:9e:94:56:68:c9:a0:45:bd:
                    b6:ad:f6:87:96:48:f1:2a:80:09:1c:d8:f7:be:79:
                    04:4b:d1:8c:f0:21:92:47:ad:15:0d:a4:11:7b:86:
                    da:49:d8:bd:02:ad:30:54:d0:a4:78:9e:e8:3a:c3:
                    6d:f7:ba:e1:26:60:a3:70:20:92:ff:76:56:92:d6:
                    0d:0c:1e:1a:df:06:6b:82:70:c6:06:03:71:45:d1:
                    fc:35:26:e0:3a:ae:65:d2:e7:29:54:bc:3c:1f:44:
                    16:52:5e:dd:f3:44:c3:49:14:01:7f:34:89:f4:1b:
                    a5:1b:8f:ab:0e:b1:80:58:61:92:c9:a9:4e:71:97:
                    e0:c9:ce:8c:6e:51:e8:3f:62:f6:b0:47:00:af:fc:
                    24:6b:07:3d:8a:e7:8c:bf:c3:65:fe:68:e1:61:95:
                    77:ce:db:6e:ef:eb:79:95:a1:85:93:9c:36:bf:e0:
                    19:a7:94:e7:bf:70:f9:f2:ef:21:a0:5b:c7:50:58:
                    58:61:0f:83:08:01:4d:5e:07:22:e6:24:33:da:13:
                    8f:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:8C:F1:EF:CC:92:B8:A5:0D:17:50:54:4A:05:F6:7D:B9:8B:26:77
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65cdfd95-c81c-4b77-853a-f07eb2a03649.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.204.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5a:ae:7b:b6:5e:bf:14:78:07:ca:d0:3b:94:11:8d:f5:47:ab:
         23:7d:a1:48:18:3b:9c:e5:1c:fa:ea:42:7c:75:2f:f2:4f:6b:
         10:1f:f6:88:20:85:09:b6:bd:e9:e4:4d:96:92:90:4c:d6:7f:
         68:81:ff:b9:f3:0c:ca:49:7e:2d:23:4c:c2:94:03:6a:90:87:
         55:71:28:4f:6a:fc:d2:60:e4:b7:a2:92:a7:68:c7:2d:bb:aa:
         da:6b:86:f5:c6:eb:ae:c9:e2:83:da:83:b8:38:31:81:2b:a3:
         5a:0f:38:05:c0:9e:58:96:39:0b:0f:c2:f3:f0:f4:9b:ef:49:
         03:9f:db:4b:ad:aa:c8:1d:12:04:e2:ad:46:ef:eb:2d:f0:34:
         0f:9d:25:20:ee:32:8b:58:0a:46:bf:fe:28:a9:33:a5:23:1c:
         84:4e:0d:ab:7c:40:c7:98:be:fe:44:b1:8f:98:13:ca:c4:82:
         e5:cb:04:07:33:01:9d:1b:fc:8c:58:63:5e:62:09:f1:9b:ae:
         4e:a4:6c:2d:01:0a:76:b2:80:77:77:5c:56:78:40:54:8b:bd:
         d0:b7:59:89:b1:cc:e2:25:fe:ef:bb:c9:8f:e4:e9:f7:d9:e0:
         db:82:68:f2:ce:cf:77:85:60:99:fe:07:18:ef:f0:8a:90:36:
         3c:9d:c9:94
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUEfwaQRSO/WWCOntqnDAsr0xUSZowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDAwMTE3WhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZTRkNGMyZjU1OTk3ZmNjMmZiNGU2OTkxNmJlNTNiMzEx
ZGY2NTU4MjVmMGZlMDhmNzA1NmZiZmJhMGFlNzBlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWjL/wFmc+CE80Ji6okNvvN3F9U4y6utCK3kak2ZwtQhFJ
DKjM9p2E6C4l5oAtX9dDsTSelFZoyaBFvbat9oeWSPEqgAkc2Pe+eQRL0YzwIZJH
rRUNpBF7htpJ2L0CrTBU0KR4nug6w233uuEmYKNwIJL/dlaS1g0MHhrfBmuCcMYG
A3FF0fw1JuA6rmXS5ylUvDwfRBZSXt3zRMNJFAF/NIn0G6Ubj6sOsYBYYZLJqU5x
l+DJzoxuUeg/YvawRwCv/CRrBz2K54y/w2X+aOFhlXfO227v63mVoYWTnDa/4Bmn
lOe/cPny7yGgW8dQWFhhD4MIAU1eByLmJDPaE48xAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU34zx78ySuKUNF1BUSgX2fbmLJncwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY1Y2RmZDk1LWM4MWMtNGI3Ny04NTNhLWYwN2ViMmEwMzY0OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQzDANBgkqhkiG9w0BAQsFAAOCAQEAWq57tl6/FHgHytA7lBGN9UerI32h
SBg7nOUc+upCfHUv8k9rEB/2iCCFCba96eRNlpKQTNZ/aIH/ufMMykl+LSNMwpQD
apCHVXEoT2r80mDkt6KSp2jHLbuq2muG9cbrrsnig9qDuDgxgSujWg84BcCeWJY5
Cw/C8/D0m+9JA5/bS62qyB0SBOKtRu/rLfA0D50lIO4yi1gKRr/+KKkzpSMchE4N
q3xAx5i+/kSxj5gTysSC5csEBzMBnRv8jFhjXmIJ8ZuuTqRsLQEKdrKAd3dcVnhA
VIu90LdZibHM4iX+77vJj+Tp99ng24Jo8s7Pd4Vgmf4HGO/wipA2PJ3JlA==
-----END CERTIFICATE-----