Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8991f83e-ff4c-4d8b-9498-4f1f3ce1b454.roa
File:                     8991f83e-ff4c-4d8b-9498-4f1f3ce1b454.roa (raw, json)
Hash identifier:          6WY6kFD1+xPEsWQfXb23I9lSKKniumJW3YB0T4v84lI=
Subject key identifier:   CB:B5:18:D6:00:B2:01:D3:B2:9A:BF:17:2A:9E:38:9C:29:8F:FA:4E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4A4438232FC4DFF6632251413D61D429F0194EE8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8991f83e-ff4c-4d8b-9498-4f1f3ce1b454.roa
Signing time:             Wed 01 Oct 2025 00:01:20 +0000
ROA not before:           Wed 01 Oct 2025 00:01:20 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.21.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:44:38:23:2f:c4:df:f6:63:22:51:41:3d:61:d4:29:f0:19:4e:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:01:20 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=5d988466884c84f2c0bdcadbc3ac3b8a2ca6a4bebc86b414cb0860151f2095ca, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:bd:3c:57:6d:5e:00:e9:28:d9:df:71:a6:8a:
                    e4:57:cb:c3:97:7c:f9:c4:9d:ac:26:b7:1b:3f:ab:
                    9c:d6:9a:58:ff:22:01:8b:78:6d:de:c2:1d:7c:9a:
                    e0:c6:a5:01:57:11:68:10:d9:5e:36:12:3f:cf:a6:
                    60:ef:39:5d:8a:1e:a4:f1:fb:87:fb:77:9c:f4:f3:
                    51:80:22:b7:3f:9c:8a:b4:f1:2b:ec:9a:bb:29:86:
                    36:e4:68:fa:68:42:9f:15:78:69:8d:54:19:93:4a:
                    bd:ff:63:6e:6b:4f:58:16:45:e3:e3:c6:8b:80:1f:
                    90:b4:c3:46:24:08:1a:04:2c:d9:e3:5b:ed:ac:45:
                    74:50:a5:ef:6a:71:f8:67:44:93:b8:c0:bf:da:df:
                    d4:8b:ce:73:78:c5:af:97:dd:91:ae:b3:87:a7:e0:
                    29:29:90:47:14:8d:58:8b:b2:5c:0b:e3:2a:97:f7:
                    44:65:1e:01:38:62:c5:6b:a1:69:b7:7e:60:77:84:
                    96:99:0d:b4:5f:5f:8f:17:f2:c2:5f:37:9c:08:14:
                    52:78:c3:a1:5f:82:0f:91:35:5c:df:9d:7c:8a:db:
                    5f:c7:77:cd:e7:d2:6f:d9:34:aa:24:43:eb:b3:d7:
                    63:89:6f:df:9f:1f:18:76:1d:28:3e:b2:e9:e6:d3:
                    72:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:B5:18:D6:00:B2:01:D3:B2:9A:BF:17:2A:9E:38:9C:29:8F:FA:4E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8991f83e-ff4c-4d8b-9498-4f1f3ce1b454.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.21.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         40:1e:4c:17:6d:f6:ad:ff:d2:b2:c3:c7:c9:79:5b:72:cc:42:
         25:00:b6:33:1c:34:b8:01:c8:1f:fa:13:9e:f9:41:2a:1b:98:
         f1:66:10:fd:96:04:3d:ff:9d:31:06:87:08:bf:52:a0:83:59:
         76:e8:fe:f7:47:61:cc:59:a7:89:0b:95:7f:4f:55:c7:78:18:
         2c:16:39:51:36:09:62:c7:ec:62:57:5d:ff:80:ee:d8:cc:4f:
         15:11:34:02:dd:f4:d8:d0:1b:bf:ab:a8:05:09:21:ff:b3:ff:
         b3:db:4d:85:e6:17:eb:ac:aa:4c:05:5e:46:26:f5:50:f7:35:
         59:d0:c4:a6:de:5d:b5:a8:7c:2d:e8:63:a2:cb:49:c1:ab:4b:
         cf:96:0b:b1:e1:a1:ff:9d:b4:34:b2:76:0e:16:7f:1e:b8:58:
         e1:23:67:d3:79:19:07:1e:d1:7a:fa:fa:35:c8:1c:62:a4:d5:
         eb:ea:3c:2e:91:bb:a7:ab:d1:1a:33:0b:0e:0e:ae:85:5f:07:
         6f:6a:e9:4e:8a:ac:79:c4:26:3b:ee:59:6b:14:28:4b:67:47:
         ba:0b:81:0a:cf:91:e1:de:c7:a5:63:4b:d2:1a:b8:a0:a7:37:
         68:b0:12:56:e0:92:43:af:8d:fd:46:7a:23:6f:52:ff:4e:7d:
         a2:c4:6d:d1
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUSkQ4Iy/E3/ZjIlFBPWHUKfAZTugwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDAwMTIwWhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZDk4ODQ2Njg4NGM4NGYyYzBiZGNhZGJjM2FjM2I4YTJj
YTZhNGJlYmM4NmI0MTRjYjA4NjAxNTFmMjA5NWNhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCRvTxXbV4A6SjZ33GmiuRXy8OXfPnEnawmtxs/q5zWmlj/
IgGLeG3ewh18muDGpQFXEWgQ2V42Ej/PpmDvOV2KHqTx+4f7d5z081GAIrc/nIq0
8SvsmrsphjbkaPpoQp8VeGmNVBmTSr3/Y25rT1gWRePjxouAH5C0w0YkCBoELNnj
W+2sRXRQpe9qcfhnRJO4wL/a39SLznN4xa+X3ZGus4en4CkpkEcUjViLslwL4yqX
90RlHgE4YsVroWm3fmB3hJaZDbRfX48X8sJfN5wIFFJ4w6Ffgg+RNVzfnXyK21/H
d83n0m/ZNKokQ+uz12OJb9+fHxh2HSg+sunm03J5AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUy7UY1gCyAdOymr8XKp44nCmP+k4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg5OTFmODNlLWZmNGMtNGQ4Yi05NDk4LTRmMWYzY2UxYjQ1NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQFTANBgkqhkiG9w0BAQsFAAOCAQEAQB5MF232rf/SssPHyXlbcsxCJQC2
Mxw0uAHIH/oTnvlBKhuY8WYQ/ZYEPf+dMQaHCL9SoINZduj+90dhzFmniQuVf09V
x3gYLBY5UTYJYsfsYldd/4Du2MxPFRE0At302NAbv6uoBQkh/7P/s9tNheYX66yq
TAVeRib1UPc1WdDEpt5dtah8LehjostJwatLz5YLseGh/520NLJ2DhZ/HrhY4SNn
03kZBx7Revr6NcgcYqTV6+o8LpG7p6vRGjMLDg6uhV8Hb2rpToqsecQmO+5ZaxQo
S2dHuguBCs+R4d7HpWNL0hq4oKc3aLASVuCSQ6+N/UZ6I29S/059osRt0Q==
-----END CERTIFICATE-----