Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21e7e048-17ef-4bc7-a201-80d9e52f87a4.roa
File:                     21e7e048-17ef-4bc7-a201-80d9e52f87a4.roa (raw, json)
Hash identifier:          6Bv8C23ofiiAdxTtkWXqHBTaXxLvNfiDrqfSOCwJb8s=
Subject key identifier:   5E:30:66:68:4C:1B:B4:9A:5F:70:8D:6E:A5:35:20:97:07:F6:04:87
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       491453D6DCFFE590FADFB37DFAF06541C0E9AD62
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21e7e048-17ef-4bc7-a201-80d9e52f87a4.roa
Signing time:             Tue 11 Nov 2025 01:20:07 +0000
ROA not before:           Tue 11 Nov 2025 01:20:07 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.176.0.0/16 maxlen: 16
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:14:53:d6:dc:ff:e5:90:fa:df:b3:7d:fa:f0:65:41:c0:e9:ad:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:20:07 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=375c39a6040da0d59ef43b7cee287de75ba347af2095dc144ea4579976612591, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:f8:73:00:3b:fc:6e:7a:67:a3:ea:e2:c1:b9:
                    bf:c1:f7:ea:6d:56:19:07:3f:7c:f6:01:5f:c0:75:
                    8f:25:ad:31:fc:97:28:2a:1b:1c:94:63:61:0e:63:
                    e1:d5:4c:39:16:7b:5a:a9:23:cf:f2:a0:c7:63:67:
                    e7:bd:99:1a:27:a9:63:83:5b:f4:df:90:77:cb:b6:
                    28:7c:ff:a6:ad:bc:9f:2b:fc:64:f7:ef:34:fa:8c:
                    e3:f7:03:47:6a:56:d3:92:5b:95:dc:4f:49:46:25:
                    5d:55:ab:03:56:14:42:3f:05:44:2f:0a:1a:97:72:
                    8d:3b:46:17:cf:63:ee:eb:a9:d4:75:d0:02:39:2a:
                    65:2e:27:48:fb:e6:dc:7d:e1:73:e4:10:6f:2c:aa:
                    28:0c:61:1f:eb:69:26:e3:4b:66:40:41:45:fd:1f:
                    e0:a5:83:f4:3e:c0:1e:b8:7d:90:a3:dc:e1:6f:92:
                    dd:1a:ed:86:52:51:61:67:1b:5d:0d:30:b3:5b:ab:
                    7f:0f:73:01:c6:11:3b:ae:2b:e7:14:52:23:5a:fa:
                    d2:55:ed:86:ad:45:32:7d:c4:62:59:b8:0f:17:5a:
                    b2:c7:e2:c0:c6:de:5f:17:e0:e5:6c:37:d4:bc:28:
                    03:fd:87:33:4c:43:9e:a1:cf:b4:ec:85:bc:18:30:
                    ab:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:30:66:68:4C:1B:B4:9A:5F:70:8D:6E:A5:35:20:97:07:F6:04:87
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21e7e048-17ef-4bc7-a201-80d9e52f87a4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.176.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         19:6a:47:1f:b6:4b:e5:19:5a:3d:42:f8:2d:2d:d5:8e:44:6f:
         d2:cf:c4:3a:b0:04:52:22:4b:df:50:a4:5a:87:21:dd:a2:d3:
         2d:4d:fe:b4:99:94:df:7b:11:db:3d:e1:05:f2:c5:cb:1c:e1:
         83:90:3a:8b:51:2b:e3:6e:31:5d:34:fa:29:17:00:c0:e3:c3:
         8e:1e:3c:c9:65:40:51:4a:02:3a:0b:f0:ac:49:a7:b4:df:e7:
         55:b6:a7:c2:3c:76:97:2b:99:ec:c9:05:dc:8a:79:5e:aa:49:
         4c:9a:db:7d:f6:07:65:f9:dd:71:07:c0:d9:53:84:e9:72:19:
         46:70:07:9d:08:aa:af:b6:a6:a9:f5:e7:54:3a:05:5f:72:3f:
         ae:d4:e7:a2:6a:be:87:d0:0a:f3:c5:02:00:4f:20:af:50:a1:
         d6:d9:fd:c3:ae:1f:b2:75:37:0d:96:83:d2:59:94:2c:30:ea:
         9d:7d:6c:90:f1:80:0e:61:3d:f6:55:af:c8:38:d6:c1:67:b2:
         68:f4:95:8f:48:8d:d0:b6:82:76:96:14:25:36:ab:8d:1f:9d:
         1c:c7:d2:e0:51:e5:42:2a:45:4b:ae:70:73:0d:0e:92:a8:63:
         31:5b:55:6d:9a:3a:45:8e:84:65:6b:cf:4c:f1:83:1f:52:71:
         3e:83:b0:d6
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUSRRT1tz/5ZD637N9+vBlQcDprWIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDEyMDA3WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNzVjMzlhNjA0MGRhMGQ1OWVmNDNiN2NlZTI4N2RlNzVi
YTM0N2FmMjA5NWRjMTQ0ZWE0NTc5OTc2NjEyNTkxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDu+HMAO/xuemej6uLBub/B9+ptVhkHP3z2AV/AdY8lrTH8
lygqGxyUY2EOY+HVTDkWe1qpI8/yoMdjZ+e9mRonqWODW/TfkHfLtih8/6atvJ8r
/GT37zT6jOP3A0dqVtOSW5XcT0lGJV1VqwNWFEI/BUQvChqXco07RhfPY+7rqdR1
0AI5KmUuJ0j75tx94XPkEG8sqigMYR/raSbjS2ZAQUX9H+Clg/Q+wB64fZCj3OFv
kt0a7YZSUWFnG10NMLNbq38PcwHGETuuK+cUUiNa+tJV7YatRTJ9xGJZuA8XWrLH
4sDG3l8X4OVsN9S8KAP9hzNMQ56hz7TshbwYMKuLAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUXjBmaEwbtJpfcI1upTUglwf2BIcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIxZTdlMDQ4LTE3ZWYtNGJjNy1hMjAxLTgwZDllNTJmODdhNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQsDANBgkqhkiG9w0BAQsFAAOCAQEAGWpHH7ZL5RlaPUL4LS3VjkRv0s/E
OrAEUiJL31CkWoch3aLTLU3+tJmU33sR2z3hBfLFyxzhg5A6i1Er424xXTT6KRcA
wOPDjh48yWVAUUoCOgvwrEmntN/nVbanwjx2lyuZ7MkF3Ip5XqpJTJrbffYHZfnd
cQfA2VOE6XIZRnAHnQiqr7amqfXnVDoFX3I/rtTnomq+h9AK88UCAE8gr1Ch1tn9
w64fsnU3DZaD0lmULDDqnX1skPGADmE99lWvyDjWwWeyaPSVj0iN0LaCdpYUJTar
jR+dHMfS4FHlQipFS65wcw0OkqhjMVtVbZo6RY6EZWvPTPGDH1JxPoOw1g==
-----END CERTIFICATE-----