Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1de6f4f3-5860-4ac4-ae85-b3680e2b30c3.roa
File:                     1de6f4f3-5860-4ac4-ae85-b3680e2b30c3.roa (raw, json)
Hash identifier:          7JlFmbiy3/ICDU5h5v9rS3mF3XkDrKOAcB0GU0c8BK8=
Subject key identifier:   81:E9:99:73:FF:7C:8C:24:85:1A:46:FD:39:E8:96:F3:2A:0C:AC:84
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6D7968BB9E44626E5B81D020FE73F80B356BAAB4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1de6f4f3-5860-4ac4-ae85-b3680e2b30c3.roa
Signing time:             Thu 13 Nov 2025 00:10:09 +0000
ROA not before:           Thu 13 Nov 2025 00:10:09 +0000
ROA not after:            Thu 18 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.89.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:79:68:bb:9e:44:62:6e:5b:81:d0:20:fe:73:f8:0b:35:6b:aa:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 13 00:10:09 2025 GMT
            Not After : Dec 18 23:59:59 2025 GMT
        Subject: serialNumber=c6ab67d36bd738434ec72ea52b2fc42b21cb949892c651f2fc3cbcd185559291, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:a0:05:f0:a9:78:f2:78:7c:51:8c:09:d2:d5:
                    e5:29:b9:83:fd:60:9b:65:4e:c3:97:58:18:90:80:
                    e3:80:ae:1a:b9:54:ea:f6:8d:2a:7c:84:31:b1:c0:
                    17:00:77:eb:78:0a:96:f8:98:c6:89:7a:db:e6:6c:
                    e4:7a:0d:b5:c3:91:24:ba:ab:3c:53:63:6f:44:58:
                    fb:67:63:26:cd:07:d1:84:91:49:20:b5:77:ee:54:
                    7c:78:5d:7f:6e:53:74:12:05:55:69:9d:10:67:5b:
                    14:a5:0b:8a:2b:6d:7f:0d:72:a7:f8:92:06:82:0d:
                    de:96:96:97:1d:95:14:d4:25:e9:03:db:e0:6e:3f:
                    70:a5:a5:dc:46:a7:83:81:c3:11:0d:21:85:f3:cd:
                    1d:10:35:c2:bb:aa:ee:b3:e6:b7:40:17:72:08:02:
                    cd:3e:6e:8c:0e:64:62:61:1b:e4:21:a0:8d:4f:da:
                    ba:68:07:d7:8e:44:9b:8f:83:53:84:50:c6:d4:06:
                    e4:eb:58:13:79:90:32:81:4b:29:e8:fe:42:0d:85:
                    5c:d1:5f:e6:08:73:33:32:e0:75:e5:f7:1c:97:dd:
                    ca:32:8f:13:df:1d:fc:f4:f8:3a:c4:f0:6a:77:10:
                    88:03:45:f9:95:7e:2e:fb:99:f1:2a:23:19:04:17:
                    11:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:E9:99:73:FF:7C:8C:24:85:1A:46:FD:39:E8:96:F3:2A:0C:AC:84
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1de6f4f3-5860-4ac4-ae85-b3680e2b30c3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.89.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         8c:a5:06:a5:44:d0:21:a9:46:92:90:00:4c:32:76:3c:04:da:
         6e:8f:c2:90:fe:0f:e4:8c:4d:61:86:4d:72:c4:77:9c:fb:1b:
         ed:07:31:bf:12:11:92:b0:a6:ed:5c:c9:dd:7d:85:ec:58:cd:
         f2:45:fd:42:88:af:8a:8f:7a:37:3d:9e:75:82:a2:a7:76:e9:
         21:8a:4d:89:9c:cc:c0:83:44:f4:15:95:81:d4:ee:5a:02:92:
         fe:c8:03:f1:98:63:d3:af:9a:a3:4e:47:fa:56:f7:38:1c:03:
         c5:ea:f9:ed:82:73:df:ff:a0:9f:9b:1e:05:58:e9:1c:87:0e:
         fe:ec:c4:b1:f3:48:53:47:3c:96:ba:c1:07:d4:55:19:77:5c:
         36:48:aa:56:9f:47:c4:82:c4:78:fb:dc:c0:55:22:af:7c:c8:
         55:09:fc:78:62:04:6e:89:ed:ef:29:f0:d1:02:10:10:91:78:
         ff:af:c8:d5:b2:3c:2f:e5:99:cf:de:e9:f1:c9:a8:72:91:b1:
         b4:9f:8f:39:a7:21:3a:be:e9:e5:e6:3b:09:df:55:bd:f4:b4:
         71:a3:dc:4f:91:d0:d2:1f:df:da:63:25:74:7c:b1:3a:c3:02:
         e1:5c:8c:b4:b3:27:c8:37:f9:e0:74:8b:49:63:db:ff:a8:2d:
         e6:5a:b5:27
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbXlou55EYm5bgdAg/nP4CzVrqrQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEzMDAxMDA5WhcNMjUxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjNmFiNjdkMzZiZDczODQzNGVjNzJlYTUyYjJmYzQyYjIx
Y2I5NDk4OTJjNjUxZjJmYzNjYmNkMTg1NTU5MjkxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOoAXwqXjyeHxRjAnS1eUpuYP9YJtlTsOXWBiQgOOArhq5
VOr2jSp8hDGxwBcAd+t4Cpb4mMaJetvmbOR6DbXDkSS6qzxTY29EWPtnYybNB9GE
kUkgtXfuVHx4XX9uU3QSBVVpnRBnWxSlC4orbX8Ncqf4kgaCDd6WlpcdlRTUJekD
2+BuP3ClpdxGp4OBwxENIYXzzR0QNcK7qu6z5rdAF3IIAs0+bowOZGJhG+QhoI1P
2rpoB9eORJuPg1OEUMbUBuTrWBN5kDKBSyno/kINhVzRX+YIczMy4HXl9xyX3coy
jxPfHfz0+DrE8Gp3EIgDRfmVfi77mfEqIxkEFxFzAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUgemZc/98jCSFGkb9OeiW8yoMrIQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFkZTZmNGYzLTU4NjAtNGFjNC1hZTg1LWIzNjgwZTJiMzBjMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQWTANBgkqhkiG9w0BAQsFAAOCAQEAjKUGpUTQIalGkpAATDJ2PATabo/C
kP4P5IxNYYZNcsR3nPsb7QcxvxIRkrCm7VzJ3X2F7FjN8kX9Qoivio96Nz2edYKi
p3bpIYpNiZzMwINE9BWVgdTuWgKS/sgD8Zhj06+ao05H+lb3OBwDxer57YJz3/+g
n5seBVjpHIcO/uzEsfNIU0c8lrrBB9RVGXdcNkiqVp9HxILEePvcwFUir3zIVQn8
eGIEbont7ynw0QIQEJF4/6/I1bI8L+WZz97p8cmocpGxtJ+POachOr7p5eY7Cd9V
vfS0caPcT5HQ0h/f2mMldHyxOsMC4VyMtLMnyDf54HSLSWPb/6gt5lq1Jw==
-----END CERTIFICATE-----