Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dde98764-ed59-4372-8084-926e73624f31.roa
File:                     dde98764-ed59-4372-8084-926e73624f31.roa (raw, json)
Hash identifier:          iifGlf2KnYT75OuajvuBCOox3G/W+L1CwcAAeisl1vk=
Subject key identifier:   E4:8C:76:63:92:A5:63:7F:9F:DF:18:E3:A3:1E:C7:70:1B:5E:82:D9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       74D7E6265A422589EB3BE2D9318CB24E0F033F22
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dde98764-ed59-4372-8084-926e73624f31.roa
Signing time:             Wed 01 Oct 2025 00:01:15 +0000
ROA not before:           Wed 01 Oct 2025 00:01:15 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.106.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:d7:e6:26:5a:42:25:89:eb:3b:e2:d9:31:8c:b2:4e:0f:03:3f:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:01:15 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=98a9e7c580952d4942a202e23cffa520b77334d38c897ead26de6f7f6e00322c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:8f:cc:d4:f8:fc:a9:a5:8d:20:7b:7e:00:2f:
                    d8:fa:21:dc:a8:34:99:94:de:ba:f5:45:f2:3e:dc:
                    0a:4d:b2:76:00:5b:fd:7f:47:10:6c:65:c3:81:0c:
                    c1:26:59:ab:ae:ec:d1:a3:6b:37:12:c8:c5:da:02:
                    a2:5e:b5:40:7c:d7:5a:c9:22:5a:7c:bc:ca:44:58:
                    d7:c4:09:6d:5a:35:db:69:51:32:90:d9:db:b5:c1:
                    5d:55:8f:1f:8d:a6:e7:26:3f:0f:32:46:e7:4f:1f:
                    03:44:a1:58:35:c1:0a:ab:88:91:0e:5d:80:ef:14:
                    20:d7:ba:4b:6b:e7:f7:d8:44:a0:2f:2e:a0:be:9c:
                    2f:7c:6a:b1:bd:13:d8:b2:ff:36:fc:99:12:2b:06:
                    c0:2d:b0:05:1e:4e:dc:aa:e6:a6:cb:ef:a8:15:10:
                    33:3c:8f:c8:4c:cf:42:93:3b:c3:f6:9b:67:10:47:
                    43:e6:66:04:27:5c:cc:1d:24:e9:89:5b:35:21:f9:
                    87:33:f8:dd:af:5f:5f:d7:11:d5:86:4d:32:e3:d9:
                    d9:4c:ae:74:e4:cf:79:9d:16:aa:8a:87:4a:26:a0:
                    b6:f2:af:25:65:f9:f8:15:d7:44:48:75:77:49:0f:
                    8a:eb:5e:53:10:17:11:e9:34:38:da:c0:3d:a6:83:
                    e1:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:8C:76:63:92:A5:63:7F:9F:DF:18:E3:A3:1E:C7:70:1B:5E:82:D9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dde98764-ed59-4372-8084-926e73624f31.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.106.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         46:c7:dd:e7:60:f4:48:51:70:38:63:e0:42:ce:82:19:d1:d4:
         f3:7c:ee:8b:ea:48:9c:f0:e9:9a:9c:03:48:30:21:9d:72:40:
         2b:7b:d1:82:da:79:0e:83:05:0e:8c:e5:39:0a:ae:d2:74:d2:
         4f:92:e8:3f:91:73:09:f2:32:c6:d5:58:30:8d:3a:d2:eb:17:
         f6:e8:0a:b9:05:a5:59:61:da:22:85:10:8e:54:c1:79:bf:34:
         02:11:4c:d7:1a:80:3b:9d:bd:73:ef:e6:5e:7e:d0:de:58:37:
         be:1c:48:f0:8a:72:35:02:8c:1f:0b:e3:ab:01:21:43:0a:c2:
         0c:9e:6d:f1:61:ce:20:b9:3b:82:fc:f6:84:1a:ce:35:65:c3:
         d1:a4:59:77:ae:9a:c3:67:28:11:b1:8b:57:bb:1e:55:1a:f7:
         5c:a4:50:ed:ce:2e:c0:31:84:69:8c:f4:86:6e:0a:d1:f2:ca:
         1e:91:a6:8f:cc:5d:4c:3e:66:fd:cd:9d:8b:38:74:b0:8b:cf:
         a1:fc:ac:62:2e:69:cb:a1:70:1e:f2:ef:a0:70:83:91:72:fd:
         1a:3a:6a:de:5a:cb:df:21:13:3a:4d:d9:8e:00:2c:dc:03:49:
         33:90:69:2d:a4:b3:fe:20:ea:1b:7b:d5:bb:1a:90:5b:85:dd:
         e6:97:6d:9c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdNfmJlpCJYnrO+LZMYyyTg8DPyIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDAwMTE1WhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5OGE5ZTdjNTgwOTUyZDQ5NDJhMjAyZTIzY2ZmYTUyMGI3
NzMzNGQzOGM4OTdlYWQyNmRlNmY3ZjZlMDAzMjJjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyj8zU+PyppY0ge34AL9j6IdyoNJmU3rr1RfI+3ApNsnYA
W/1/RxBsZcOBDMEmWauu7NGjazcSyMXaAqJetUB811rJIlp8vMpEWNfECW1aNdtp
UTKQ2du1wV1Vjx+NpucmPw8yRudPHwNEoVg1wQqriJEOXYDvFCDXuktr5/fYRKAv
LqC+nC98arG9E9iy/zb8mRIrBsAtsAUeTtyq5qbL76gVEDM8j8hMz0KTO8P2m2cQ
R0PmZgQnXMwdJOmJWzUh+Ycz+N2vX1/XEdWGTTLj2dlMrnTkz3mdFqqKh0omoLby
ryVl+fgV10RIdXdJD4rrXlMQFxHpNDjawD2mg+HjAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU5Ix2Y5KlY3+f3xjjox7HcBtegtkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RkZTk4NzY0LWVkNTktNDM3Mi04MDg0LTkyNmU3MzYyNGYzMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQajANBgkqhkiG9w0BAQsFAAOCAQEARsfd52D0SFFwOGPgQs6CGdHU83zu
i+pInPDpmpwDSDAhnXJAK3vRgtp5DoMFDozlOQqu0nTST5LoP5FzCfIyxtVYMI06
0usX9ugKuQWlWWHaIoUQjlTBeb80AhFM1xqAO529c+/mXn7Q3lg3vhxI8IpyNQKM
HwvjqwEhQwrCDJ5t8WHOILk7gvz2hBrONWXD0aRZd66aw2coEbGLV7seVRr3XKRQ
7c4uwDGEaYz0hm4K0fLKHpGmj8xdTD5m/c2dizh0sIvPofysYi5py6FwHvLvoHCD
kXL9Gjpq3lrL3yETOk3ZjgAs3ANJM5BpLaSz/iDqG3vVuxqQW4Xd5pdtnA==
-----END CERTIFICATE-----