Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f7a9e474-627b-490e-9c17-0532f7c8aeee.roa
File:                     f7a9e474-627b-490e-9c17-0532f7c8aeee.roa (raw, json)
Hash identifier:          aCeCcZ3IE6Oko3j8hUNIxuJNOOExT1sD3MlakfKoTJY=
Subject key identifier:   D9:43:D2:59:4C:AF:0D:B4:D8:50:95:97:D4:DB:1C:CF:68:1B:EB:33
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       40AC63F60855FDCC2A42B95682851FA757F4D2A2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f7a9e474-627b-490e-9c17-0532f7c8aeee.roa
Signing time:             Fri 26 Sep 2025 00:11:20 +0000
ROA not before:           Fri 26 Sep 2025 00:11:20 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.23.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:ac:63:f6:08:55:fd:cc:2a:42:b9:56:82:85:1f:a7:57:f4:d2:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 26 00:11:20 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=291c7f77b845df6ca8b0d40f7f283b65b8a08c2fad8218eb584d9be50867ce23, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:eb:fa:6d:6f:7d:9f:24:81:97:99:da:ca:c3:
                    b6:15:cd:82:02:43:5a:b3:ac:3f:77:86:9f:da:90:
                    3a:7a:94:d3:db:a2:66:25:62:ff:58:38:4b:67:49:
                    d6:fd:3e:41:eb:4f:df:7c:3d:e6:d3:84:57:52:f0:
                    b7:4c:48:ab:18:59:8c:62:79:d3:eb:da:07:ae:74:
                    79:01:e4:f7:fa:b2:1c:d6:d4:4e:a7:dc:35:b4:8a:
                    ae:ad:f1:08:c2:47:59:ac:88:2f:93:9b:d2:d9:11:
                    06:b8:ef:c0:3f:fe:99:78:30:ee:6a:27:be:c9:d9:
                    e7:f6:53:c3:8f:93:53:ce:25:2b:5a:96:64:fb:5f:
                    d9:27:17:7a:9a:fc:96:92:b9:df:f1:ed:ee:d7:92:
                    76:38:d9:62:00:92:e9:6c:da:3f:17:81:1f:02:92:
                    ff:a9:2b:3f:07:37:71:b8:ef:7b:33:c6:a5:74:60:
                    65:07:f8:91:ab:1a:04:17:72:ca:4b:57:74:9c:4e:
                    11:47:54:4e:16:3d:98:0a:42:0e:7f:7d:b5:6d:92:
                    dd:4d:22:57:3c:32:74:ea:bf:93:7a:4a:37:8d:ed:
                    6e:0d:d4:f3:03:3d:d0:c3:5f:1d:b3:05:1d:b5:e1:
                    01:81:21:4d:95:16:fe:c5:96:b1:55:3b:7e:26:6e:
                    4b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:43:D2:59:4C:AF:0D:B4:D8:50:95:97:D4:DB:1C:CF:68:1B:EB:33
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f7a9e474-627b-490e-9c17-0532f7c8aeee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.23.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         67:24:d6:71:cf:ec:ba:8d:47:76:9b:9f:59:3e:25:d9:01:65:
         48:5e:20:5e:1b:6c:9e:0e:65:8b:a5:21:d2:ed:b1:c4:49:9f:
         3c:8a:1e:8d:ed:d5:52:23:93:8f:82:fe:f0:a6:06:f2:73:59:
         97:a8:45:5b:56:9e:6f:7c:e9:25:0b:3b:13:ab:6e:34:c6:c8:
         32:3c:02:d0:ca:9e:f2:29:16:0e:c0:a6:41:2a:41:a3:a3:7a:
         07:32:13:fe:56:80:6d:dd:7d:76:ec:42:1b:5e:1a:55:c4:81:
         9c:37:07:9c:e4:00:b5:b6:ec:39:23:03:89:9f:d1:ce:db:42:
         47:99:69:96:1c:8b:38:2a:03:22:00:3d:d8:a6:19:ef:89:f0:
         da:02:46:62:c6:3d:73:ba:49:2e:5a:44:82:a4:df:53:1a:29:
         2f:c5:44:8b:f4:98:1a:b8:44:83:07:cc:46:c9:16:b9:7f:cb:
         27:42:ff:26:1d:21:55:93:59:98:d9:9f:d7:b5:b3:f2:de:b4:
         cf:79:01:7d:5c:54:ae:fd:08:9a:45:6c:a8:7c:2c:9e:76:d7:
         75:23:a7:59:16:4d:48:26:bb:49:99:fc:90:0a:7d:ab:fe:3b:
         c3:fb:d1:a1:cf:22:84:2f:9b:4a:a5:58:4e:a8:b9:47:b4:71:
         2e:6d:de:a3
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQKxj9ghV/cwqQrlWgoUfp1f00qIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTI2MDAxMTIwWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyOTFjN2Y3N2I4NDVkZjZjYThiMGQ0MGY3ZjI4M2I2NWI4
YTA4YzJmYWQ4MjE4ZWI1ODRkOWJlNTA4NjdjZTIzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCc6/ptb32fJIGXmdrKw7YVzYICQ1qzrD93hp/akDp6lNPb
omYlYv9YOEtnSdb9PkHrT998PebThFdS8LdMSKsYWYxiedPr2geudHkB5Pf6shzW
1E6n3DW0iq6t8QjCR1msiC+Tm9LZEQa478A//pl4MO5qJ77J2ef2U8OPk1POJSta
lmT7X9knF3qa/JaSud/x7e7XknY42WIAkuls2j8XgR8Ckv+pKz8HN3G473szxqV0
YGUH+JGrGgQXcspLV3ScThFHVE4WPZgKQg5/fbVtkt1NIlc8MnTqv5N6SjeN7W4N
1PMDPdDDXx2zBR214QGBIU2VFv7FlrFVO34mbksTAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU2UPSWUyvDbTYUJWX1Nscz2gb6zMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y3YTllNDc0LTYyN2ItNDkwZS05YzE3LTA1MzJmN2M4YWVlZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQFzANBgkqhkiG9w0BAQsFAAOCAQEAZyTWcc/suo1HdpufWT4l2QFlSF4g
Xhtsng5li6Uh0u2xxEmfPIoeje3VUiOTj4L+8KYG8nNZl6hFW1aeb3zpJQs7E6tu
NMbIMjwC0Mqe8ikWDsCmQSpBo6N6BzIT/laAbd19duxCG14aVcSBnDcHnOQAtbbs
OSMDiZ/RzttCR5lplhyLOCoDIgA92KYZ74nw2gJGYsY9c7pJLlpEgqTfUxopL8VE
i/SYGrhEgwfMRskWuX/LJ0L/Jh0hVZNZmNmf17Wz8t60z3kBfVxUrv0ImkVsqHws
nnbXdSOnWRZNSCa7SZn8kAp9q/47w/vRoc8ihC+bSqVYTqi5R7RxLm3eow==
-----END CERTIFICATE-----