Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d171a8a1-9f08-410d-8286-615fcfbb13fc.roa
File:                     d171a8a1-9f08-410d-8286-615fcfbb13fc.roa (raw, json)
Hash identifier:          TmJQOkhxhzmt/muRYJUATyVlv9QP/39Rx/4AGKJw0JU=
Subject key identifier:   39:5A:D2:60:B8:9D:4F:82:F5:D2:28:8D:A6:11:6F:20:93:2D:B0:2F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2D258821CD261A006C03356130E71D49A0934ECF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d171a8a1-9f08-410d-8286-615fcfbb13fc.roa
Signing time:             Tue 07 Oct 2025 00:23:17 +0000
ROA not before:           Tue 07 Oct 2025 00:23:17 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.15.176.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:25:88:21:cd:26:1a:00:6c:03:35:61:30:e7:1d:49:a0:93:4e:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:23:17 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=1671af2600f35b48c2cdf4779f5509a8459aaeb6c78b729b04f38ac4edc86b90, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:59:b3:d1:73:ae:7b:29:17:98:5a:0f:57:e2:
                    4b:76:f7:e3:84:5f:c9:64:fc:df:a6:06:19:00:34:
                    42:e2:88:6b:49:77:da:50:ad:76:89:e3:8c:e6:8d:
                    14:4e:b0:52:05:e3:40:f9:c9:59:15:19:5e:d6:c5:
                    7b:67:b7:fe:5e:1c:66:26:d1:b2:6d:f9:a7:6c:6a:
                    25:3c:76:de:1e:b3:4d:c5:66:f8:80:3a:9b:f0:b7:
                    cf:66:96:04:ab:3f:45:f0:d0:74:fd:2a:c5:2d:ca:
                    c8:b3:20:bd:f8:4c:33:74:60:38:18:1a:35:01:68:
                    17:80:2e:eb:45:91:39:54:54:58:53:e4:34:c1:29:
                    26:2a:6c:0e:5d:46:55:c2:68:0a:bb:96:46:1a:32:
                    7b:e5:f9:5f:f0:94:38:ed:9c:50:aa:9d:8a:2e:30:
                    7b:c5:98:a2:10:2b:cf:23:5c:db:1f:bd:75:ee:78:
                    d9:fa:00:d8:dc:be:9d:5c:3a:37:c0:e5:96:f3:3b:
                    33:11:af:36:ca:6a:63:ab:10:89:32:a6:77:a7:a6:
                    ea:66:e1:d4:99:cf:03:2b:28:bd:21:72:b6:66:dd:
                    b6:18:31:6d:75:8f:6b:e4:11:16:cc:37:37:14:91:
                    5c:c2:f1:66:41:7a:29:2f:ef:04:51:8a:81:04:60:
                    0e:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:5A:D2:60:B8:9D:4F:82:F5:D2:28:8D:A6:11:6F:20:93:2D:B0:2F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d171a8a1-9f08-410d-8286-615fcfbb13fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.15.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         60:5b:80:11:37:4d:5f:0a:14:f0:08:56:db:39:19:ed:aa:32:
         07:03:eb:35:29:b8:60:b8:ff:04:c9:94:32:53:44:77:88:a0:
         5b:99:d7:14:59:a6:29:0a:9b:be:c7:53:4a:1d:e7:2e:67:b7:
         d4:4c:ea:8b:95:91:56:6f:b0:f9:41:cb:27:de:ee:63:93:fe:
         22:55:21:fd:4b:de:19:19:ea:18:de:6e:f7:b1:89:24:d5:c3:
         e8:b9:dd:b0:b1:87:33:71:22:da:97:a7:ec:e6:2c:7a:f7:3d:
         de:11:6f:c8:bf:07:59:dd:d5:a4:60:13:a1:35:dd:b2:46:a2:
         51:fb:02:2b:20:0b:0b:d4:99:fd:6e:30:21:89:ab:00:56:64:
         58:50:53:54:f7:7e:c4:74:aa:01:eb:fb:32:6f:15:65:fd:ff:
         95:a3:79:27:27:35:50:13:c5:b4:53:ca:1f:ed:c0:c8:3b:05:
         a2:8e:1c:85:22:cc:b4:a7:0e:ca:93:53:91:e7:fd:e7:a1:8b:
         36:d4:30:a8:ce:08:df:98:13:96:f6:48:33:fe:18:ad:0e:56:
         be:a5:ad:db:5d:57:08:c4:d3:35:10:1b:2e:55:16:00:e6:da:
         32:e8:ed:76:f7:d8:f1:e4:4a:8c:f3:54:8d:a6:35:08:43:94:
         42:40:6c:29
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULSWIIc0mGgBsAzVhMOcdSaCTTs8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDAyMzE3WhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNjcxYWYyNjAwZjM1YjQ4YzJjZGY0Nzc5ZjU1MDlhODQ1
OWFhZWI2Yzc4YjcyOWIwNGYzOGFjNGVkYzg2YjkwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZWbPRc657KReYWg9X4kt29+OEX8lk/N+mBhkANELiiGtJ
d9pQrXaJ44zmjRROsFIF40D5yVkVGV7WxXtnt/5eHGYm0bJt+adsaiU8dt4es03F
ZviAOpvwt89mlgSrP0Xw0HT9KsUtysizIL34TDN0YDgYGjUBaBeALutFkTlUVFhT
5DTBKSYqbA5dRlXCaAq7lkYaMnvl+V/wlDjtnFCqnYouMHvFmKIQK88jXNsfvXXu
eNn6ANjcvp1cOjfA5ZbzOzMRrzbKamOrEIkypnenpupm4dSZzwMrKL0hcrZm3bYY
MW11j2vkERbMNzcUkVzC8WZBeikv7wRRioEEYA63AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOVrSYLidT4L10iiNphFvIJMtsC8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QxNzFhOGExLTlmMDgtNDEwZC04Mjg2LTYxNWZjZmJiMTNmYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQQD7AwDQYJKoZIhvcNAQELBQADggEBAGBbgBE3TV8KFPAIVts5Ge2qMgcD
6zUpuGC4/wTJlDJTRHeIoFuZ1xRZpikKm77HU0od5y5nt9RM6ouVkVZvsPlByyfe
7mOT/iJVIf1L3hkZ6hjebvexiSTVw+i53bCxhzNxItqXp+zmLHr3Pd4Rb8i/B1nd
1aRgE6E13bJGolH7AisgCwvUmf1uMCGJqwBWZFhQU1T3fsR0qgHr+zJvFWX9/5Wj
eScnNVATxbRTyh/twMg7BaKOHIUizLSnDsqTU5Hn/eehizbUMKjOCN+YE5b2SDP+
GK0OVr6lrdtdVwjE0zUQGy5VFgDm2jLo7Xb32PHkSozzVI2mNQhDlEJAbCk=
-----END CERTIFICATE-----