Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a842743f-2a64-4da9-99c9-7f095e35b425.roa
File:                     a842743f-2a64-4da9-99c9-7f095e35b425.roa (raw, json)
Hash identifier:          5jP7DZDzCt0ZFCbT4PPOeRI616v17AHSs1SkYYpzG+M=
Subject key identifier:   4D:1B:AF:F7:79:C3:76:9D:A7:FE:85:43:E9:CE:95:B4:3E:34:43:86
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       13D51DB0D0F284B2D2DC2F9D94A839D0F3C6D37A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a842743f-2a64-4da9-99c9-7f095e35b425.roa
Signing time:             Tue 30 Sep 2025 00:23:04 +0000
ROA not before:           Tue 30 Sep 2025 00:23:04 +0000
ROA not after:            Tue 04 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.99.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:d5:1d:b0:d0:f2:84:b2:d2:dc:2f:9d:94:a8:39:d0:f3:c6:d3:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 30 00:23:04 2025 GMT
            Not After : Nov  4 23:59:59 2025 GMT
        Subject: serialNumber=2fc2cd4fe046bd1c6725c5fd8ba100946a8eedd4d03ad4f5d162ace8b403be82, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:90:af:2a:3f:bb:ae:6a:a3:8e:01:1a:23:e4:
                    90:ad:c5:d8:80:53:a8:96:5a:71:30:b5:a7:92:76:
                    ff:ad:26:f9:3c:cf:c9:cf:fb:96:47:fe:b2:43:0b:
                    56:47:44:5d:26:7c:75:c0:a9:55:c3:c5:8d:ed:09:
                    22:3c:ae:a4:07:1f:8d:f8:31:3b:9c:f9:58:53:b9:
                    36:04:7a:dd:40:72:c8:30:80:99:af:c5:b2:da:15:
                    c6:92:f7:be:8e:61:41:65:e4:b6:cf:76:a0:60:44:
                    b2:d0:3a:dc:1f:ae:e4:2d:ca:00:ae:b6:b3:ea:25:
                    56:53:2d:4f:c2:c1:4d:e1:ce:f3:3e:6a:1d:2c:9a:
                    03:06:74:91:10:2e:f8:b0:22:22:a1:4e:96:ef:e4:
                    a7:a1:de:40:cb:f3:0e:7a:d4:a6:29:28:3c:5c:ac:
                    ba:95:eb:b0:7a:a4:0b:4d:c6:0c:53:0c:75:84:c0:
                    be:46:6a:4f:68:28:df:7c:00:0a:ec:13:d5:9e:eb:
                    2b:20:23:20:3d:47:68:ba:64:9f:73:51:56:08:aa:
                    b3:bd:f4:07:bb:7e:36:fc:d6:0c:48:d6:90:b2:88:
                    85:30:d3:08:63:2a:7f:74:58:d9:d4:37:6f:d2:95:
                    e0:98:8b:b7:68:ac:c4:2a:08:b8:71:5f:84:49:18:
                    7b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:1B:AF:F7:79:C3:76:9D:A7:FE:85:43:E9:CE:95:B4:3E:34:43:86
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a842743f-2a64-4da9-99c9-7f095e35b425.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.99.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         22:be:07:22:01:ee:2a:31:34:82:c3:62:95:02:85:98:f6:07:
         3f:0b:34:46:39:20:ab:ba:cd:4b:df:05:2d:6d:6f:99:26:43:
         93:65:ec:dd:34:4c:05:b2:a7:ba:71:ce:ed:0b:20:d2:fa:88:
         77:b6:16:5c:2e:32:39:c5:19:2d:73:89:54:c6:0c:ba:21:85:
         68:4e:1e:15:96:bf:43:cb:9d:5c:18:69:13:f2:ed:8d:0f:2e:
         4e:4c:22:14:3a:d4:a0:ef:86:3e:8d:c1:ac:5d:d4:58:20:fa:
         88:97:e4:66:64:29:ef:f7:0e:4a:21:37:9e:0d:4c:49:96:b2:
         79:ee:3f:58:d9:cd:ec:97:4f:fc:fe:e7:da:33:c1:96:1a:41:
         65:f8:e3:71:a0:be:74:d3:3e:13:7c:90:5b:c7:91:6e:08:5f:
         2a:c7:51:ef:7b:99:c3:09:9c:cb:b3:92:da:25:06:27:09:4e:
         59:9e:c8:91:97:7f:9f:33:f2:0f:2a:92:a2:4e:30:2f:6b:7b:
         b4:01:54:22:2d:31:ba:ec:cf:dc:71:34:84:56:a7:3d:5a:a9:
         91:69:fb:16:15:3e:8c:41:a6:70:0f:4d:f2:fb:83:8f:58:48:
         ad:1a:0f:40:e5:e1:f6:86:94:04:ad:e3:ae:0f:38:66:24:9b:
         5e:16:b3:a9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUE9UdsNDyhLLS3C+dlKg50PPG03owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTMwMDAyMzA0WhcNMjUxMTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZmMyY2Q0ZmUwNDZiZDFjNjcyNWM1ZmQ4YmExMDA5NDZh
OGVlZGQ0ZDAzYWQ0ZjVkMTYyYWNlOGI0MDNiZTgyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCVkK8qP7uuaqOOARoj5JCtxdiAU6iWWnEwtaeSdv+tJvk8
z8nP+5ZH/rJDC1ZHRF0mfHXAqVXDxY3tCSI8rqQHH434MTuc+VhTuTYEet1Acsgw
gJmvxbLaFcaS976OYUFl5LbPdqBgRLLQOtwfruQtygCutrPqJVZTLU/CwU3hzvM+
ah0smgMGdJEQLviwIiKhTpbv5Keh3kDL8w561KYpKDxcrLqV67B6pAtNxgxTDHWE
wL5Gak9oKN98AArsE9We6ysgIyA9R2i6ZJ9zUVYIqrO99Ae7fjb81gxI1pCyiIUw
0whjKn90WNnUN2/SleCYi7dorMQqCLhxX4RJGHtnAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUTRuv93nDdp2n/oVD6c6VtD40Q4YwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E4NDI3NDNmLTJhNjQtNGRhOS05OWM5LTdmMDk1ZTM1YjQyNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQYzANBgkqhkiG9w0BAQsFAAOCAQEAIr4HIgHuKjE0gsNilQKFmPYHPws0
Rjkgq7rNS98FLW1vmSZDk2Xs3TRMBbKnunHO7Qsg0vqId7YWXC4yOcUZLXOJVMYM
uiGFaE4eFZa/Q8udXBhpE/LtjQ8uTkwiFDrUoO+GPo3BrF3UWCD6iJfkZmQp7/cO
SiE3ng1MSZayee4/WNnN7JdP/P7n2jPBlhpBZfjjcaC+dNM+E3yQW8eRbghfKsdR
73uZwwmcy7OS2iUGJwlOWZ7IkZd/nzPyDyqSok4wL2t7tAFUIi0xuuzP3HE0hFan
PVqpkWn7FhU+jEGmcA9N8vuDj1hIrRoPQOXh9oaUBK3jrg84ZiSbXhazqQ==
-----END CERTIFICATE-----