Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5d320e18-80dd-458b-8f6d-e32930215df8.roa
File:                     5d320e18-80dd-458b-8f6d-e32930215df8.roa (raw, json)
Hash identifier:          ksZfVUPci3zwJxdOdCZ2bhUeFhP4v5z+o6SamYdk2jQ=
Subject key identifier:   1F:B0:6E:E9:93:26:FB:AB:18:A1:C4:D4:69:22:DF:36:8F:6F:46:DF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1BFCAB074DB2A872835946964F01AAD371F4804A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5d320e18-80dd-458b-8f6d-e32930215df8.roa
Signing time:             Tue 11 Nov 2025 00:30:49 +0000
ROA not before:           Tue 11 Nov 2025 00:30:49 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.197.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:fc:ab:07:4d:b2:a8:72:83:59:46:96:4f:01:aa:d3:71:f4:80:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 00:30:49 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=7d350d064a02b0ea2f849ddcb08fbf29b5ab64b4574ed4227ad28df79a9ace99, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b2:1e:f1:2a:04:ba:bf:79:d4:da:27:25:4d:
                    db:b0:39:3b:ef:a5:5a:6f:09:54:21:73:56:23:76:
                    0c:a8:ab:45:7a:56:78:f7:9a:e9:9b:66:52:e1:af:
                    0d:e4:f8:6e:c6:46:44:2d:97:9e:8a:b0:bf:0c:9c:
                    f4:01:23:37:31:c3:c8:5d:a4:43:b3:9e:41:5f:13:
                    4c:83:07:d0:10:db:9e:04:d8:5a:32:1c:f0:a0:52:
                    a5:6f:5d:c8:28:92:12:a8:77:a9:24:38:51:6e:b4:
                    90:91:ad:aa:e8:78:3a:8e:9a:67:b1:ab:88:60:a7:
                    ff:b3:8e:e5:81:fe:45:8c:4d:6a:ee:92:b2:c4:1f:
                    d6:6a:4e:cf:fe:b9:47:fd:a2:e9:c9:a9:fb:04:e0:
                    af:85:f1:ef:f4:68:75:d5:67:5e:c5:6c:c9:fc:69:
                    be:3f:4f:52:3c:73:a7:42:79:6d:ff:e7:9c:f1:7d:
                    49:2b:75:0a:25:55:67:6f:ea:ef:d7:af:ca:90:dd:
                    b8:8e:14:22:de:08:36:d8:d2:f7:8d:a6:b3:a4:85:
                    dd:80:6b:a6:d1:e5:a0:09:86:80:69:48:9d:f9:27:
                    dd:26:d3:df:08:e9:13:c1:36:80:d5:9d:42:25:53:
                    a4:d3:62:ba:3c:64:5b:9a:58:81:3e:ff:f3:42:82:
                    36:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:B0:6E:E9:93:26:FB:AB:18:A1:C4:D4:69:22:DF:36:8F:6F:46:DF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5d320e18-80dd-458b-8f6d-e32930215df8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.197.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7d:14:a4:16:4d:a9:53:10:e4:e7:b9:bf:56:13:56:f3:62:6f:
         44:1a:58:f9:36:72:62:07:b1:2d:99:fa:88:09:0b:9b:c0:3f:
         7c:d3:d9:a8:c2:a2:98:d2:54:35:8a:e6:ce:37:44:76:b6:da:
         5e:01:5b:8b:ec:d3:6b:fb:dd:95:b6:6b:b0:13:50:f2:46:00:
         b7:11:f5:b5:37:41:07:3d:ae:c9:2e:01:df:b7:c7:fb:5e:37:
         61:91:c4:e0:f2:09:ae:e0:d2:4b:5a:d6:31:64:02:7a:60:da:
         23:86:4f:21:8f:bf:0b:93:2d:5f:38:e8:e6:a2:9e:a2:df:c7:
         e3:3b:a0:75:5b:12:09:28:0e:27:fc:98:6f:f8:2f:a2:cc:cc:
         38:e6:af:98:4b:0b:f3:6d:eb:1b:e9:e4:fc:f1:8a:f8:0d:27:
         20:ed:3f:b7:b1:92:38:97:b8:a1:49:be:7b:28:13:11:c5:b7:
         6f:9f:7a:f7:8f:95:2b:cb:fd:ba:ad:cf:13:d5:d0:19:99:ba:
         33:ba:9b:fd:26:54:21:c6:c6:4d:32:7d:7b:14:e7:6b:fd:20:
         3c:9f:d3:58:af:e7:01:d3:67:d9:5e:75:d3:24:de:63:18:55:
         3e:fc:e0:9c:67:05:e6:1e:9f:4f:e7:96:aa:be:a7:53:8d:df:
         fe:9b:55:9e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUG/yrB02yqHKDWUaWTwGq03H0gEowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDAzMDQ5WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZDM1MGQwNjRhMDJiMGVhMmY4NDlkZGNiMDhmYmYyOWI1
YWI2NGI0NTc0ZWQ0MjI3YWQyOGRmNzlhOWFjZTk5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1sh7xKgS6v3nU2iclTduwOTvvpVpvCVQhc1Yjdgyoq0V6
Vnj3mumbZlLhrw3k+G7GRkQtl56KsL8MnPQBIzcxw8hdpEOznkFfE0yDB9AQ254E
2FoyHPCgUqVvXcgokhKod6kkOFFutJCRraroeDqOmmexq4hgp/+zjuWB/kWMTWru
krLEH9ZqTs/+uUf9ounJqfsE4K+F8e/0aHXVZ17FbMn8ab4/T1I8c6dCeW3/55zx
fUkrdQolVWdv6u/Xr8qQ3biOFCLeCDbY0veNprOkhd2Aa6bR5aAJhoBpSJ35J90m
098I6RPBNoDVnUIlU6TTYro8ZFuaWIE+//NCgjZJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUH7Bu6ZMm+6sYocTUaSLfNo9vRt8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVkMzIwZTE4LTgwZGQtNDU4Yi04ZjZkLWUzMjkzMDIxNWRmOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQxTANBgkqhkiG9w0BAQsFAAOCAQEAfRSkFk2pUxDk57m/VhNW82JvRBpY
+TZyYgexLZn6iAkLm8A/fNPZqMKimNJUNYrmzjdEdrbaXgFbi+zTa/vdlbZrsBNQ
8kYAtxH1tTdBBz2uyS4B37fH+143YZHE4PIJruDSS1rWMWQCemDaI4ZPIY+/C5Mt
Xzjo5qKeot/H4zugdVsSCSgOJ/yYb/gvoszMOOavmEsL823rG+nk/PGK+A0nIO0/
t7GSOJe4oUm+eygTEcW3b59694+VK8v9uq3PE9XQGZm6M7qb/SZUIcbGTTJ9exTn
a/0gPJ/TWK/nAdNn2V510yTeYxhVPvzgnGcF5h6fT+eWqr6nU43f/ptVng==
-----END CERTIFICATE-----