Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c57f3080-c868-4c69-a23e-8d9d7dce91cd.roa
File:                     c57f3080-c868-4c69-a23e-8d9d7dce91cd.roa (raw, json)
Hash identifier:          2bwrmaRflRsk53o9fr4rlfuUUz+4ZafUrkYZjJ93az0=
Subject key identifier:   1D:22:A2:16:EA:2B:98:B1:19:74:4F:1B:9D:59:2A:D6:FD:24:B3:B3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1A045CFBF44400491464AA6D60651BB1C66F332A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c57f3080-c868-4c69-a23e-8d9d7dce91cd.roa
Signing time:             Tue 30 Sep 2025 00:11:52 +0000
ROA not before:           Tue 30 Sep 2025 00:11:52 +0000
ROA not after:            Tue 04 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.130.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:04:5c:fb:f4:44:00:49:14:64:aa:6d:60:65:1b:b1:c6:6f:33:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 30 00:11:52 2025 GMT
            Not After : Nov  4 23:59:59 2025 GMT
        Subject: serialNumber=7c02d310dc9b1a0802376176cfd88268e1462b07615ce8a256a516d97145ffc9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:58:84:3e:05:f8:9c:2a:df:59:c7:6c:5d:91:
                    ab:55:bc:27:9a:5c:c9:1a:7c:d2:c3:e7:5b:0c:2d:
                    44:49:7f:60:02:09:54:2c:a9:f6:71:c4:98:ad:ae:
                    db:a0:ae:56:6d:af:0f:9f:79:28:fe:53:4f:c2:b2:
                    b3:c4:fd:fa:3c:4a:1e:90:eb:00:63:ee:63:f1:2a:
                    3d:63:5f:c3:54:12:58:d7:68:cf:d8:10:44:49:de:
                    40:79:5d:08:ee:aa:bf:15:8b:11:97:8b:7e:7e:74:
                    be:5f:03:ee:e6:09:d0:62:e6:0c:de:ac:8c:9c:a5:
                    57:6d:28:25:25:d6:36:ae:0d:56:58:b3:3a:e6:12:
                    49:13:20:4d:80:ac:36:17:fa:a1:8d:f2:db:88:02:
                    96:ad:d3:57:21:a9:91:b4:5a:7c:2e:0e:20:5d:16:
                    2a:a2:5a:eb:d3:80:f1:18:f6:0b:eb:e8:5b:33:86:
                    e2:5a:ef:a2:ca:87:ee:d4:ec:7f:13:89:66:a4:33:
                    73:60:23:d7:a2:8b:62:e7:68:70:a3:79:a2:c0:d0:
                    58:e6:e0:58:88:1f:1b:49:ff:d6:7d:e5:3f:b7:35:
                    dc:a9:c2:59:b3:a7:47:73:85:97:96:f8:1a:13:50:
                    ed:93:b0:42:91:19:b9:b5:f6:6c:27:15:ab:4c:de:
                    d0:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:22:A2:16:EA:2B:98:B1:19:74:4F:1B:9D:59:2A:D6:FD:24:B3:B3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c57f3080-c868-4c69-a23e-8d9d7dce91cd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.130.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         6a:40:ec:67:c4:23:f2:f9:eb:76:90:f7:9a:90:6b:ad:45:67:
         04:02:79:0e:3f:1e:ed:e9:41:a6:6e:08:87:6c:f9:8f:77:99:
         48:c4:3b:b7:b7:b2:c6:cd:ea:33:ff:74:53:90:f8:5c:1a:20:
         49:f5:ef:ce:3a:bb:3c:b3:f2:9b:8c:11:ef:58:97:b2:63:11:
         07:49:7e:3d:7e:3e:8b:ea:93:5a:60:af:7c:a4:9c:61:69:24:
         90:33:7f:44:b2:58:32:86:10:e9:1d:71:78:74:a3:cd:bc:4f:
         fe:64:d3:29:a8:7e:34:b9:61:23:e9:de:f9:a7:30:5a:06:b5:
         62:f2:06:cb:25:fe:f1:97:3e:c1:a7:e3:86:39:d2:48:6c:67:
         17:57:b2:67:31:72:89:a7:cc:52:51:fc:b9:03:9e:f1:a6:51:
         e2:59:9a:97:c7:09:59:d8:9c:52:8e:9a:79:87:10:29:bb:3b:
         3f:70:e7:e7:18:5f:29:f4:46:de:9c:02:06:f7:c9:b4:0e:25:
         86:82:1c:ff:ac:e1:9b:92:ff:f0:61:c1:a6:d4:f6:09:19:84:
         c0:be:19:44:ec:d9:8e:45:80:c6:ab:2c:cf:53:cd:75:83:74:
         bc:01:6f:2d:50:b2:f2:75:8c:93:f0:5d:a5:90:f6:87:58:c0:
         6f:79:8b:d1
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUGgRc+/REAEkUZKptYGUbscZvMyowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTMwMDAxMTUyWhcNMjUxMTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3YzAyZDMxMGRjOWIxYTA4MDIzNzYxNzZjZmQ4ODI2OGUx
NDYyYjA3NjE1Y2U4YTI1NmE1MTZkOTcxNDVmZmM5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPWIQ+BficKt9Zx2xdkatVvCeaXMkafNLD51sMLURJf2AC
CVQsqfZxxJitrtugrlZtrw+feSj+U0/CsrPE/fo8Sh6Q6wBj7mPxKj1jX8NUEljX
aM/YEERJ3kB5XQjuqr8VixGXi35+dL5fA+7mCdBi5gzerIycpVdtKCUl1jauDVZY
szrmEkkTIE2ArDYX+qGN8tuIApat01chqZG0WnwuDiBdFiqiWuvTgPEY9gvr6Fsz
huJa76LKh+7U7H8TiWakM3NgI9eii2LnaHCjeaLA0Fjm4FiIHxtJ/9Z95T+3Ndyp
wlmzp0dzhZeW+BoTUO2TsEKRGbm19mwnFatM3tDHAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUHSKiFuormLEZdE8bnVkq1v0ks7MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M1N2YzMDgwLWM4NjgtNGM2OS1hMjNlLThkOWQ3ZGNlOTFjZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQgjANBgkqhkiG9w0BAQsFAAOCAQEAakDsZ8Qj8vnrdpD3mpBrrUVnBAJ5
Dj8e7elBpm4Ih2z5j3eZSMQ7t7eyxs3qM/90U5D4XBogSfXvzjq7PLPym4wR71iX
smMRB0l+PX4+i+qTWmCvfKScYWkkkDN/RLJYMoYQ6R1xeHSjzbxP/mTTKah+NLlh
I+ne+acwWga1YvIGyyX+8Zc+wafjhjnSSGxnF1eyZzFyiafMUlH8uQOe8aZR4lma
l8cJWdicUo6aeYcQKbs7P3Dn5xhfKfRG3pwCBvfJtA4lhoIc/6zhm5L/8GHBptT2
CRmEwL4ZROzZjkWAxqssz1PNdYN0vAFvLVCy8nWMk/BdpZD2h1jAb3mL0Q==
-----END CERTIFICATE-----