Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b5930f9b-ab36-45e8-a904-5574a9426761.roa
File:                     b5930f9b-ab36-45e8-a904-5574a9426761.roa (raw, json)
Hash identifier:          mrW6Srvl4se684kDv1dxPrz/ir1isobCZVvpLovr0kM=
Subject key identifier:   78:E9:6D:CD:20:8C:6E:64:CE:DD:43:06:BB:2C:84:55:F6:DB:72:22
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       10640B22F87F958FCC67DCC5A63426787A6E60C1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b5930f9b-ab36-45e8-a904-5574a9426761.roa
Signing time:             Sat 18 Oct 2025 00:20:50 +0000
ROA not before:           Sat 18 Oct 2025 00:20:50 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.187.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:64:0b:22:f8:7f:95:8f:cc:67:dc:c5:a6:34:26:78:7a:6e:60:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 18 00:20:50 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=3d3bf28e6f3b8dc75e4a19d8c69e36104fa54edbc95091d32b08952b2eb24b8f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b6:98:f2:8a:ea:1d:6d:71:6f:e5:78:45:b9:
                    f4:69:2f:f0:b7:01:7b:2b:e8:61:07:a6:35:6b:a2:
                    19:a7:31:13:4a:29:b5:3d:d5:96:52:f9:b6:0d:2d:
                    d3:84:0d:96:39:ba:b9:b2:6d:3e:17:97:45:93:82:
                    40:4c:e6:a0:a7:f6:41:2d:79:86:81:91:e6:64:e7:
                    d0:aa:56:74:8d:2f:79:c8:df:9c:ac:f0:24:9c:f5:
                    36:82:23:75:ec:76:9b:65:6b:d9:20:da:ec:69:bc:
                    3f:c9:72:07:c0:b5:b6:ab:d4:e8:ad:dc:e2:f1:d4:
                    fc:3b:95:08:db:99:86:a8:85:ac:03:5d:6f:7e:c4:
                    e4:ab:3e:63:8f:2e:58:0c:96:15:7a:c9:e3:c3:7c:
                    59:a5:81:69:e3:7d:64:15:77:d9:4d:49:59:6d:a0:
                    b8:3b:eb:89:3a:b2:02:bc:9c:1c:27:bb:bc:48:e7:
                    23:3e:5b:99:e4:39:c1:85:0c:20:f5:f1:1d:20:81:
                    cb:02:3c:23:d9:14:10:61:2e:8c:e5:32:76:80:e7:
                    03:3d:15:27:0c:a4:a3:61:d2:b7:94:7d:78:ce:63:
                    66:77:9a:2f:7b:25:55:dc:43:9b:45:fc:2f:1c:26:
                    6c:af:f9:c0:e4:f0:d4:6f:2a:a5:21:27:00:d7:63:
                    db:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:E9:6D:CD:20:8C:6E:64:CE:DD:43:06:BB:2C:84:55:F6:DB:72:22
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b5930f9b-ab36-45e8-a904-5574a9426761.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.187.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c9:35:1c:90:58:e4:9b:1e:de:f1:80:7e:7b:0a:f9:e5:8b:92:
         c6:37:55:03:43:09:8b:9c:df:2c:eb:ed:d0:83:19:b0:25:e0:
         2b:5c:1b:f9:57:3a:e5:e2:f9:ac:14:36:2f:72:de:bf:81:c7:
         63:8f:9e:14:ac:f7:1c:68:91:91:f2:f9:8a:be:ae:0e:ba:41:
         19:8a:0e:8d:a3:b0:40:45:28:ec:2c:ec:7d:c5:85:58:33:3d:
         15:44:eb:43:76:af:78:89:1e:96:26:51:7e:cb:73:14:2a:21:
         63:4c:22:7f:76:5f:ef:22:d1:a1:fd:05:9f:b5:da:21:62:32:
         50:b5:62:31:55:87:7b:22:4a:b3:06:0b:b7:22:50:be:4a:e2:
         3e:33:a7:2b:31:1b:9b:30:77:20:9f:87:cf:59:e1:0b:54:cd:
         60:0e:07:b9:52:37:bd:49:15:e4:a2:89:c6:e5:30:ca:3c:82:
         8b:70:ec:2c:c1:05:d5:53:9b:0f:7d:f0:d9:ec:23:83:1f:54:
         3c:a4:29:cb:32:40:1a:69:83:a0:b4:be:1c:72:18:fd:f4:60:
         56:ba:bb:3b:73:57:74:a8:b0:0b:6f:d9:10:62:09:78:fe:26:
         15:e6:0c:f2:90:19:89:b1:50:8a:c3:b5:f2:ae:5f:8d:27:5b:
         b5:57:65:2c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUEGQLIvh/lY/MZ9zFpjQmeHpuYMEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE4MDAyMDUwWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzZDNiZjI4ZTZmM2I4ZGM3NWU0YTE5ZDhjNjllMzYxMDRm
YTU0ZWRiYzk1MDkxZDMyYjA4OTUyYjJlYjI0YjhmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrtpjyiuodbXFv5XhFufRpL/C3AXsr6GEHpjVrohmnMRNK
KbU91ZZS+bYNLdOEDZY5urmybT4Xl0WTgkBM5qCn9kEteYaBkeZk59CqVnSNL3nI
35ys8CSc9TaCI3Xsdptla9kg2uxpvD/JcgfAtbar1Oit3OLx1Pw7lQjbmYaohawD
XW9+xOSrPmOPLlgMlhV6yePDfFmlgWnjfWQVd9lNSVltoLg764k6sgK8nBwnu7xI
5yM+W5nkOcGFDCD18R0ggcsCPCPZFBBhLozlMnaA5wM9FScMpKNh0reUfXjOY2Z3
mi97JVXcQ5tF/C8cJmyv+cDk8NRvKqUhJwDXY9tDAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUeOltzSCMbmTO3UMGuyyEVfbbciIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I1OTMwZjliLWFiMzYtNDVlOC1hOTA0LTU1NzRhOTQyNjc2MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQuzANBgkqhkiG9w0BAQsFAAOCAQEAyTUckFjkmx7e8YB+ewr55YuSxjdV
A0MJi5zfLOvt0IMZsCXgK1wb+Vc65eL5rBQ2L3Lev4HHY4+eFKz3HGiRkfL5ir6u
DrpBGYoOjaOwQEUo7CzsfcWFWDM9FUTrQ3aveIkeliZRfstzFCohY0wif3Zf7yLR
of0Fn7XaIWIyULViMVWHeyJKswYLtyJQvkriPjOnKzEbmzB3IJ+Hz1nhC1TNYA4H
uVI3vUkV5KKJxuUwyjyCi3DsLMEF1VObD33w2ewjgx9UPKQpyzJAGmmDoLS+HHIY
/fRgVrq7O3NXdKiwC2/ZEGIJeP4mFeYM8pAZibFQisO18q5fjSdbtVdlLA==
-----END CERTIFICATE-----