Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e834e04c-f563-4064-a1f9-706839ae47eb.roa
File:                     e834e04c-f563-4064-a1f9-706839ae47eb.roa (raw, json)
Hash identifier:          9DnoRtoMIuSP0zwUow+cn49suIxYjemTem8rSn4+3J8=
Subject key identifier:   A4:F3:52:67:E1:96:00:00:B2:38:5B:EB:81:93:84:02:AE:1C:53:B4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       530C391A1EE7EA5ECDA09999D8CD94DB610079CC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e834e04c-f563-4064-a1f9-706839ae47eb.roa
Signing time:             Tue 30 Sep 2025 00:02:57 +0000
ROA not before:           Tue 30 Sep 2025 00:02:57 +0000
ROA not after:            Tue 04 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.116.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:0c:39:1a:1e:e7:ea:5e:cd:a0:99:99:d8:cd:94:db:61:00:79:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 30 00:02:57 2025 GMT
            Not After : Nov  4 23:59:59 2025 GMT
        Subject: serialNumber=64adc12d45b8bb9e6760636a33483e7b23a32f67bb69047ddcb8aafaa8e3d888, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:eb:77:3e:77:a5:e3:ba:dc:8c:d2:e9:e8:6d:
                    d9:56:8f:b2:57:38:4a:82:ba:fc:04:6b:74:68:cf:
                    57:91:6d:d9:0c:65:d0:5d:23:df:7a:73:97:34:20:
                    65:d9:76:02:56:9d:76:8e:3b:b7:32:f1:a2:58:60:
                    81:02:a4:c6:7d:72:fb:03:fc:79:9e:9b:7c:6a:06:
                    94:8b:6b:29:7e:69:af:39:6e:ec:7d:d5:a8:40:53:
                    42:cd:2c:9e:a3:e5:fb:b8:0a:d0:95:e8:1a:3c:9a:
                    5a:4f:dc:ee:00:34:4f:3e:fe:20:88:51:b9:e2:9e:
                    d5:1a:da:22:6d:f4:b7:30:a5:31:48:34:7c:4e:08:
                    c1:b9:f4:2b:bf:13:64:c7:b0:f9:4d:5a:7d:92:c3:
                    b8:7b:34:c4:0a:ca:db:66:7b:a2:7a:cf:1c:bf:6e:
                    ec:54:2a:d6:19:f5:00:64:88:41:af:1c:10:46:1e:
                    6a:63:97:39:f7:c7:f2:04:b2:df:aa:f0:55:e3:e9:
                    76:21:75:e0:24:57:75:23:ce:54:a7:fd:70:d0:a7:
                    12:94:1b:20:b8:64:0b:0e:36:fb:3c:2b:6a:e7:3e:
                    dc:cf:97:c9:4d:3f:84:d0:77:5c:03:71:64:f2:66:
                    cf:6c:54:7e:2a:d7:cb:1c:02:19:23:98:39:a7:57:
                    c2:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:F3:52:67:E1:96:00:00:B2:38:5B:EB:81:93:84:02:AE:1C:53:B4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e834e04c-f563-4064-a1f9-706839ae47eb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.116.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a8:b1:5c:74:aa:c8:2e:d0:0b:45:08:fc:0b:32:3b:8b:ce:2c:
         7b:b4:f7:18:38:c2:f1:52:ac:b3:da:70:59:51:8d:00:85:69:
         88:58:48:7e:25:72:ae:c1:a8:04:a0:82:c1:f2:83:a7:a8:bd:
         d9:f6:23:ac:3a:fd:fc:02:b1:23:4d:cf:60:ef:ce:2f:fc:3e:
         f0:f6:77:3d:48:43:31:e9:f5:12:c9:dd:6e:71:dc:ef:4c:52:
         84:7f:a1:33:68:1f:1a:ae:9e:d1:99:1a:2f:f8:5d:5a:2d:f6:
         7d:e7:74:8f:d7:ef:7e:56:4b:cf:91:69:ae:d4:9e:4f:ce:34:
         cf:80:bd:3b:f2:92:ed:af:58:6e:aa:0c:69:47:02:e1:0a:d8:
         03:06:fe:99:32:62:2d:de:2a:e3:11:ea:1b:9d:d8:09:91:34:
         e0:ec:63:ba:63:2d:68:9c:f6:48:42:e8:87:69:af:5d:55:67:
         3f:96:33:27:0f:e8:c0:e3:48:13:e1:03:5a:7d:c9:b2:d5:12:
         75:98:86:b7:40:43:49:60:2c:30:76:4f:ec:38:69:63:23:d6:
         ff:db:3e:7b:67:d2:1a:1a:fe:0e:24:bc:c3:58:2c:96:f1:f3:
         36:e9:68:70:d3:f6:b2:64:4a:90:ea:85:22:42:98:ee:55:f8:
         65:be:7d:18
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUUww5Gh7n6l7NoJmZ2M2U22EAecwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTMwMDAwMjU3WhcNMjUxMTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NGFkYzEyZDQ1YjhiYjllNjc2MDYzNmEzMzQ4M2U3YjIz
YTMyZjY3YmI2OTA0N2RkY2I4YWFmYWE4ZTNkODg4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCw63c+d6XjutyM0unobdlWj7JXOEqCuvwEa3Roz1eRbdkM
ZdBdI996c5c0IGXZdgJWnXaOO7cy8aJYYIECpMZ9cvsD/Hmem3xqBpSLayl+aa85
bux91ahAU0LNLJ6j5fu4CtCV6Bo8mlpP3O4ANE8+/iCIUbnintUa2iJt9LcwpTFI
NHxOCMG59Cu/E2THsPlNWn2Sw7h7NMQKyttme6J6zxy/buxUKtYZ9QBkiEGvHBBG
Hmpjlzn3x/IEst+q8FXj6XYhdeAkV3UjzlSn/XDQpxKUGyC4ZAsONvs8K2rnPtzP
l8lNP4TQd1wDcWTyZs9sVH4q18scAhkjmDmnV8JTAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUpPNSZ+GWAACyOFvrgZOEAq4cU7QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U4MzRlMDRjLWY1NjMtNDA2NC1hMWY5LTcwNjgzOWFlNDdlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQdDANBgkqhkiG9w0BAQsFAAOCAQEAqLFcdKrILtALRQj8CzI7i84se7T3
GDjC8VKss9pwWVGNAIVpiFhIfiVyrsGoBKCCwfKDp6i92fYjrDr9/AKxI03PYO/O
L/w+8PZ3PUhDMen1EsndbnHc70xShH+hM2gfGq6e0ZkaL/hdWi32fed0j9fvflZL
z5FprtSeT840z4C9O/KS7a9YbqoMaUcC4QrYAwb+mTJiLd4q4xHqG53YCZE04Oxj
umMtaJz2SELoh2mvXVVnP5YzJw/owONIE+EDWn3JstUSdZiGt0BDSWAsMHZP7Dhp
YyPW/9s+e2fSGhr+DiS8w1gslvHzNulocNP2smRKkOqFIkKY7lX4Zb59GA==
-----END CERTIFICATE-----