Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e511c3ab-a3d4-4344-9e19-ddd5b8c0e102.roa
File:                     e511c3ab-a3d4-4344-9e19-ddd5b8c0e102.roa (raw, json)
Hash identifier:          DUSQ+p8DAyDu5KFjgycYqXIyItwIdchd+F8Jv0kNr6M=
Subject key identifier:   1A:F1:35:7E:8F:67:F0:51:47:21:99:10:36:76:62:62:9B:73:14:59
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3021C2178ACF57CD679F5A19E9FB4A9F69D0C81A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e511c3ab-a3d4-4344-9e19-ddd5b8c0e102.roa
Signing time:             Tue 21 Oct 2025 00:20:50 +0000
ROA not before:           Tue 21 Oct 2025 00:20:50 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.56.224.0/19 maxlen: 19
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:21:c2:17:8a:cf:57:cd:67:9f:5a:19:e9:fb:4a:9f:69:d0:c8:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 21 00:20:50 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=1e47f253741666f86ee5989084793ebfe4d4f0f8fb2fddc8629b244288beac49, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:77:14:8b:49:fe:f2:31:9e:18:5c:f0:8c:7f:
                    d3:4a:f1:15:29:99:bf:b8:dc:15:63:a0:d0:fc:1a:
                    af:00:b7:64:67:2c:0e:0f:09:df:4a:47:3f:ac:84:
                    80:de:01:70:54:13:51:f9:2b:5d:d9:61:58:52:00:
                    16:1c:3a:4a:63:2b:52:f5:eb:55:05:b7:81:64:86:
                    88:0d:3c:41:ec:d7:c0:80:3e:da:88:db:4c:c4:b9:
                    50:99:cc:df:b8:58:c9:1f:9a:70:d2:bf:d1:df:c7:
                    d3:7f:83:6c:f0:05:e6:89:f0:9b:67:31:12:b2:81:
                    4c:f0:1a:25:c3:74:d3:b3:07:6a:a9:b4:ea:1f:c2:
                    2e:eb:41:93:6b:3b:d0:1f:ae:de:01:48:65:a3:ad:
                    ac:41:c7:e8:1c:21:33:1a:30:b6:0e:82:a1:18:b1:
                    d1:a4:91:be:ed:43:9a:e1:d4:ea:3e:d6:c7:10:a5:
                    be:80:bd:13:92:ba:78:a4:eb:c9:b5:bd:cc:94:dd:
                    36:9c:17:17:4a:54:14:48:a8:6c:ce:0c:de:78:10:
                    6c:75:c7:05:e5:bc:a2:f7:2c:a2:e8:bc:7f:3e:48:
                    98:46:ec:e8:09:03:4d:83:7e:cf:23:1c:9c:ef:97:
                    9b:08:61:ed:c1:34:a7:8f:c8:02:03:19:f3:2d:15:
                    f4:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:F1:35:7E:8F:67:F0:51:47:21:99:10:36:76:62:62:9B:73:14:59
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e511c3ab-a3d4-4344-9e19-ddd5b8c0e102.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.56.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         9e:ec:90:f6:a6:cd:ed:26:34:70:f1:c3:d0:93:37:a3:c7:e7:
         ed:1d:37:d0:ec:e8:d7:06:b7:14:66:45:c5:9a:73:d1:08:44:
         dd:50:40:78:2b:0d:b4:51:72:85:fc:01:a4:36:65:64:22:e3:
         a2:27:32:af:02:6e:92:c8:4b:f9:a4:6b:77:15:28:8a:7f:3a:
         38:36:5e:19:04:19:82:f7:52:2b:84:66:0b:71:a6:7b:44:55:
         37:88:d8:92:0d:6f:89:3b:36:3b:20:58:c6:68:6a:e5:87:f2:
         a7:be:75:7d:46:60:62:ea:d6:12:82:4e:24:43:1a:19:84:86:
         1e:bc:43:31:fe:89:b2:b0:09:19:02:dc:41:aa:43:bd:45:53:
         72:cb:48:26:da:01:95:b0:7f:ec:ae:b7:03:3b:4c:da:d0:d3:
         28:45:49:1f:28:48:30:21:e4:a8:db:e0:2a:6c:f2:8e:bf:b2:
         f0:fc:40:92:e1:f5:75:a7:62:86:85:33:12:2b:2c:d4:ea:9e:
         96:19:97:69:4a:7c:28:0e:cb:6e:87:05:a8:f8:c7:91:9a:52:
         22:c8:42:2d:54:6a:0c:20:ce:29:7b:60:e9:cd:46:04:49:ef:
         dd:21:13:da:03:6f:bd:02:46:35:08:64:7b:d7:86:72:e7:8f:
         50:ae:a6:1e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMCHCF4rPV81nn1oZ6ftKn2nQyBowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIxMDAyMDUwWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZTQ3ZjI1Mzc0MTY2NmY4NmVlNTk4OTA4NDc5M2ViZmU0
ZDRmMGY4ZmIyZmRkYzg2MjliMjQ0Mjg4YmVhYzQ5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDfdxSLSf7yMZ4YXPCMf9NK8RUpmb+43BVjoND8Gq8At2Rn
LA4PCd9KRz+shIDeAXBUE1H5K13ZYVhSABYcOkpjK1L161UFt4FkhogNPEHs18CA
PtqI20zEuVCZzN+4WMkfmnDSv9Hfx9N/g2zwBeaJ8JtnMRKygUzwGiXDdNOzB2qp
tOofwi7rQZNrO9Afrt4BSGWjraxBx+gcITMaMLYOgqEYsdGkkb7tQ5rh1Oo+1scQ
pb6AvROSunik68m1vcyU3TacFxdKVBRIqGzODN54EGx1xwXlvKL3LKLovH8+SJhG
7OgJA02Dfs8jHJzvl5sIYe3BNKePyAIDGfMtFfQtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGvE1fo9n8FFHIZkQNnZiYptzFFkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U1MTFjM2FiLWEzZDQtNDM0NC05ZTE5LWRkZDViOGMwZTEwMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAUQOOAwDQYJKoZIhvcNAQELBQADggEBAJ7skPamze0mNHDxw9CTN6PH5+0d
N9Ds6NcGtxRmRcWac9EIRN1QQHgrDbRRcoX8AaQ2ZWQi46InMq8CbpLIS/mka3cV
KIp/Ojg2XhkEGYL3UiuEZgtxpntEVTeI2JINb4k7NjsgWMZoauWH8qe+dX1GYGLq
1hKCTiRDGhmEhh68QzH+ibKwCRkC3EGqQ71FU3LLSCbaAZWwf+yutwM7TNrQ0yhF
SR8oSDAh5Kjb4Cps8o6/svD8QJLh9XWnYoaFMxIrLNTqnpYZl2lKfCgOy26HBaj4
x5GaUiLIQi1Uagwgzil7YOnNRgRJ790hE9oDb70CRjUIZHvXhnLnj1Cuph4=
-----END CERTIFICATE-----