Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3aa2483a-0310-4f8b-813f-9aa1272e40a8.roa
File:                     3aa2483a-0310-4f8b-813f-9aa1272e40a8.roa (raw, json)
Hash identifier:          0P6CYcnswFF+w2A9KEGn9HvDDFeKaHyaxAwbHgBN7b4=
Subject key identifier:   88:A2:A6:9D:CC:0F:81:4D:E2:AB:1D:DD:91:9E:14:26:F0:C9:82:1B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       21E712EF8F14E1B9FEC81105B0833ADEC9F268AC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3aa2483a-0310-4f8b-813f-9aa1272e40a8.roa
Signing time:             Mon 22 Sep 2025 16:01:41 +0000
ROA not before:           Mon 22 Sep 2025 16:01:41 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.56.0.0/18 maxlen: 18
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:e7:12:ef:8f:14:e1:b9:fe:c8:11:05:b0:83:3a:de:c9:f2:68:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 22 16:01:41 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=3c46544b641b6fb2690f5b4fa8fa6920798d7e9659e415b3dea58a9ac9f81023, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:79:f1:af:cd:08:61:f1:e5:26:c4:07:27:3d:
                    29:6b:55:cf:36:54:c2:08:ce:7a:4f:23:3c:6f:29:
                    92:e9:11:11:db:c0:16:4b:76:8a:55:c5:e0:39:f4:
                    33:c0:a0:e1:9a:d6:b3:69:7e:d7:62:12:68:16:d2:
                    7c:60:53:bf:99:ed:b6:ae:1c:b0:f7:7b:da:4c:f9:
                    64:97:2b:da:be:63:4a:50:55:c3:bc:b5:b6:d1:b4:
                    39:35:71:90:5b:b3:c9:13:9e:ab:87:43:f2:6f:bc:
                    4c:0f:75:7e:52:37:38:23:73:6d:ef:14:cf:ab:96:
                    72:2c:4a:cb:60:40:99:16:2b:19:82:96:64:03:a4:
                    6e:75:80:8d:3c:08:97:88:d3:7e:df:36:fe:70:20:
                    c2:6b:31:6b:1c:57:ef:e4:7a:df:2a:3d:fa:fe:ce:
                    37:89:dd:d7:57:58:32:d8:99:5e:ae:2c:a0:5f:d5:
                    2c:26:5c:c3:a2:aa:fa:b6:6c:a7:63:53:5f:11:39:
                    af:10:86:f3:a2:38:62:f9:15:89:ac:3e:65:6e:fa:
                    65:59:fd:8a:46:be:9f:88:1b:3a:2e:74:74:bd:a5:
                    19:3b:fc:79:87:d2:33:a5:3d:a8:6e:eb:83:b8:4a:
                    3c:39:b2:8f:d1:4c:a9:6f:4e:65:6d:af:36:7d:a1:
                    f6:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:A2:A6:9D:CC:0F:81:4D:E2:AB:1D:DD:91:9E:14:26:F0:C9:82:1B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3aa2483a-0310-4f8b-813f-9aa1272e40a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.56.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         c0:19:ee:b2:ec:db:eb:3f:cf:09:df:0d:30:ba:ce:75:ad:e6:
         36:9f:67:6a:be:36:f3:ec:8f:c1:de:ec:c9:68:27:1d:30:89:
         1a:0d:ac:b1:14:ef:11:fa:d7:03:b7:40:19:ea:7d:e3:06:9b:
         32:a0:67:2d:20:3c:f3:e8:4e:1c:20:a1:67:0d:cb:e7:a8:75:
         3d:e0:ab:6a:0e:be:9f:cc:e2:9c:1f:2e:20:41:76:23:89:4b:
         3f:a1:b8:a2:52:f2:ee:f5:ea:a4:bf:c3:0d:53:c9:29:8e:e0:
         38:39:7f:cf:31:a0:3e:84:c8:b6:60:da:0b:e7:e2:29:c9:ca:
         06:71:4e:63:2c:c9:9d:5f:2f:c0:d9:57:52:25:0b:e0:2a:93:
         a6:ef:88:97:df:84:85:94:97:71:95:ed:3c:62:f2:fd:80:cc:
         bd:74:43:22:ae:d8:ae:d6:27:63:7f:61:e8:26:2d:e4:c3:30:
         92:1c:ae:f6:9b:ce:06:ff:e3:d1:bc:57:84:81:de:08:68:14:
         e7:6a:1a:a5:4f:f8:49:23:a9:df:56:57:3a:ac:08:d8:2f:f9:
         db:4a:d5:21:85:51:85:07:55:d0:ec:cb:69:96:ea:11:c7:a5:
         42:b5:64:27:8f:94:87:18:36:c8:a5:ae:a4:a5:c2:0d:e8:8e:
         cc:1b:a5:5a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIecS748U4bn+yBEFsIM63snyaKwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTIyMTYwMTQxWhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYzQ2NTQ0YjY0MWI2ZmIyNjkwZjViNGZhOGZhNjkyMDc5
OGQ3ZTk2NTllNDE1YjNkZWE1OGE5YWM5ZjgxMDIzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuefGvzQhh8eUmxAcnPSlrVc82VMIIznpPIzxvKZLpERHb
wBZLdopVxeA59DPAoOGa1rNpftdiEmgW0nxgU7+Z7bauHLD3e9pM+WSXK9q+Y0pQ
VcO8tbbRtDk1cZBbs8kTnquHQ/JvvEwPdX5SNzgjc23vFM+rlnIsSstgQJkWKxmC
lmQDpG51gI08CJeI037fNv5wIMJrMWscV+/ket8qPfr+zjeJ3ddXWDLYmV6uLKBf
1SwmXMOiqvq2bKdjU18ROa8QhvOiOGL5FYmsPmVu+mVZ/YpGvp+IGzoudHS9pRk7
/HmH0jOlPahu64O4Sjw5so/RTKlvTmVtrzZ9ofYzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiKKmncwPgU3iqx3dkZ4UJvDJghswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNhYTI0ODNhLTAzMTAtNGY4Yi04MTNmLTlhYTEyNzJlNDBhOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYQOAAwDQYJKoZIhvcNAQELBQADggEBAMAZ7rLs2+s/zwnfDTC6znWt5jaf
Z2q+NvPsj8He7MloJx0wiRoNrLEU7xH61wO3QBnqfeMGmzKgZy0gPPPoThwgoWcN
y+eodT3gq2oOvp/M4pwfLiBBdiOJSz+huKJS8u716qS/ww1TySmO4Dg5f88xoD6E
yLZg2gvn4inJygZxTmMsyZ1fL8DZV1IlC+Aqk6bviJffhIWUl3GV7Txi8v2AzL10
QyKu2K7WJ2N/YegmLeTDMJIcrvabzgb/49G8V4SB3ghoFOdqGqVP+Ekjqd9WVzqs
CNgv+dtK1SGFUYUHVdDsy2mW6hHHpUK1ZCePlIcYNsilrqSlwg3ojswbpVo=
-----END CERTIFICATE-----