Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6eeda78f-8b49-4200-b55a-88078b060f3c.roa
File:                     6eeda78f-8b49-4200-b55a-88078b060f3c.roa (raw, json)
Hash identifier:          p8nswNR6U/5R0yPKNIG3ORY6Wt2sIhFLUca5aXrXDps=
Subject key identifier:   BF:F4:CE:AB:C2:55:04:F4:61:8B:46:71:73:44:A1:29:10:F3:61:4C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3E43C96AB618D74B741301CA1328AD5194622337
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6eeda78f-8b49-4200-b55a-88078b060f3c.roa
Signing time:             Fri 03 Oct 2025 00:02:17 +0000
ROA not before:           Fri 03 Oct 2025 00:02:17 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        164.168.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:43:c9:6a:b6:18:d7:4b:74:13:01:ca:13:28:ad:51:94:62:23:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:02:17 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=16ee1533caea06cb98b84a9d4048c9391ef23e7ed1c44f795c10625fffa8197e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:4c:1d:7d:7e:43:c1:24:be:8b:c2:85:fd:70:
                    ad:2c:77:43:04:5e:d2:f9:d7:4f:02:95:cd:3d:bc:
                    db:c0:27:be:61:04:24:88:37:b3:6b:1f:bd:5b:c0:
                    4b:28:6f:da:21:5e:ea:90:2a:e3:38:9c:a4:71:c4:
                    12:3b:f5:9b:80:41:cb:36:f5:ad:df:68:a0:3d:e1:
                    18:d9:2a:85:62:2d:20:7a:90:4c:3d:b6:f4:0c:66:
                    76:ee:c5:b9:6b:14:db:4b:f9:e2:d9:34:06:e3:fe:
                    ab:d5:dd:39:8e:10:2d:50:ab:c8:9f:cd:ff:53:b8:
                    40:2f:fc:39:1a:73:c8:db:f6:f4:99:d0:10:d2:82:
                    25:d8:ff:fb:80:4f:10:7e:41:08:66:9c:3c:7b:61:
                    de:cc:b3:ab:89:ee:1c:fd:39:0d:d7:fc:c3:66:31:
                    e4:9e:f0:1e:8f:30:24:04:f4:f1:3f:3e:ba:e3:01:
                    fe:83:33:d4:dc:ce:1b:5a:fc:96:11:de:71:b8:56:
                    b0:9e:7b:3c:15:02:e9:1a:60:fb:88:38:1c:7e:9b:
                    a6:ee:99:db:cd:ce:e7:ff:7c:74:eb:27:15:cc:4b:
                    29:61:5f:2f:f7:f2:0b:ef:68:be:24:59:14:f5:33:
                    ad:2b:67:eb:d4:49:ca:21:3e:48:29:d8:c7:2b:5a:
                    f7:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:F4:CE:AB:C2:55:04:F4:61:8B:46:71:73:44:A1:29:10:F3:61:4C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6eeda78f-8b49-4200-b55a-88078b060f3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.168.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         45:bf:07:05:70:0d:35:2f:b2:2a:5c:e0:18:6f:ac:af:de:7d:
         c3:5f:80:73:ea:fd:f9:c4:00:21:41:a5:ca:5e:07:14:0f:54:
         db:8b:34:8a:b1:ed:8c:7c:73:23:3e:fe:a9:46:21:d4:fb:f8:
         65:62:64:91:9e:69:bb:e2:3d:e0:5a:51:71:ee:ce:c0:18:86:
         1d:e1:67:f8:7f:f2:9c:d8:25:5a:d2:04:2e:3f:5c:3c:32:3d:
         c9:39:4f:82:ec:a4:d6:1a:d9:08:ea:4b:0d:6b:99:05:13:b7:
         ed:fa:74:56:ab:84:13:ec:0d:f7:e4:aa:c1:c4:df:2f:95:ec:
         b9:0c:33:d5:f8:7e:39:86:af:45:52:70:13:2b:3f:70:4f:34:
         3c:96:15:f4:eb:0f:1f:de:d3:95:f8:f0:c6:82:f2:67:79:68:
         df:6e:53:26:58:5c:65:60:6d:e6:5e:92:1b:5a:88:67:99:d0:
         3b:68:09:ef:03:a1:5c:b1:0f:49:16:7d:78:6e:65:02:f8:f2:
         6f:81:c8:10:ea:fc:c6:35:0f:d4:96:ec:0d:62:73:72:ba:8d:
         82:6c:95:4b:15:0a:bf:74:34:69:9e:eb:31:66:b7:e9:da:fe:
         10:86:9d:a0:85:1c:d5:83:32:a3:5a:18:eb:ab:3a:fa:a2:0b:
         71:27:cc:fd
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUPkPJarYY10t0EwHKEyitUZRiIzcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDAwMjE3WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNmVlMTUzM2NhZWEwNmNiOThiODRhOWQ0MDQ4YzkzOTFl
ZjIzZTdlZDFjNDRmNzk1YzEwNjI1ZmZmYTgxOTdlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJTB19fkPBJL6LwoX9cK0sd0MEXtL5108Clc09vNvAJ75h
BCSIN7NrH71bwEsob9ohXuqQKuM4nKRxxBI79ZuAQcs29a3faKA94RjZKoViLSB6
kEw9tvQMZnbuxblrFNtL+eLZNAbj/qvV3TmOEC1Qq8ifzf9TuEAv/Dkac8jb9vSZ
0BDSgiXY//uATxB+QQhmnDx7Yd7Ms6uJ7hz9OQ3X/MNmMeSe8B6PMCQE9PE/Prrj
Af6DM9Tczhta/JYR3nG4VrCeezwVAukaYPuIOBx+m6bumdvNzuf/fHTrJxXMSylh
Xy/38gvvaL4kWRT1M60rZ+vUScohPkgp2McrWvfxAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUv/TOq8JVBPRhi0Zxc0ShKRDzYUwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZlZWRhNzhmLThiNDktNDIwMC1iNTVhLTg4MDc4YjA2MGYzYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCkqDANBgkqhkiG9w0BAQsFAAOCAQEARb8HBXANNS+yKlzgGG+sr959w1+A
c+r9+cQAIUGlyl4HFA9U24s0irHtjHxzIz7+qUYh1Pv4ZWJkkZ5pu+I94FpRce7O
wBiGHeFn+H/ynNglWtIELj9cPDI9yTlPguyk1hrZCOpLDWuZBRO37fp0VquEE+wN
9+SqwcTfL5XsuQwz1fh+OYavRVJwEys/cE80PJYV9OsPH97TlfjwxoLyZ3lo325T
JlhcZWBt5l6SG1qIZ5nQO2gJ7wOhXLEPSRZ9eG5lAvjyb4HIEOr8xjUP1JbsDWJz
crqNgmyVSxUKv3Q0aZ7rMWa36dr+EIadoIUc1YMyo1oY66s6+qILcSfM/Q==
-----END CERTIFICATE-----