Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5db31593-d4f8-4d80-8920-1f55638e5662.roa
File:                     5db31593-d4f8-4d80-8920-1f55638e5662.roa (raw, json)
Hash identifier:          brZ+2Aoj92jTAdm3BqQHJisH0HTwF0PdaFztMFL48W0=
Subject key identifier:   79:26:8A:56:10:A0:FA:5E:C1:83:B5:9A:BE:02:AF:84:CA:A7:6C:17
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3E5D31FC5E730395E2F948B0D72EA42C43187F0E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5db31593-d4f8-4d80-8920-1f55638e5662.roa
Signing time:             Wed 29 Oct 2025 00:20:04 +0000
ROA not before:           Wed 29 Oct 2025 00:20:04 +0000
ROA not after:            Wed 03 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.186.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:5d:31:fc:5e:73:03:95:e2:f9:48:b0:d7:2e:a4:2c:43:18:7f:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 29 00:20:04 2025 GMT
            Not After : Dec  3 23:59:59 2025 GMT
        Subject: serialNumber=fb6c77ed40ec05d7aedb093a1df6ec0f319635cd32d21f92a3df4e32b7e440ad, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:2c:7b:ea:ca:48:38:80:1b:74:d2:01:e8:5d:
                    52:20:f6:86:d8:da:7d:68:dd:c1:88:1d:f3:7f:f2:
                    27:60:06:1a:07:2d:da:d3:87:17:4b:2d:a7:dc:d9:
                    48:b5:1d:91:c3:e5:71:24:c9:6d:6c:1c:85:b9:4b:
                    94:36:9a:9a:93:6a:f4:cf:27:64:32:f3:aa:73:3e:
                    a7:6a:ab:6a:cc:31:19:67:73:34:8a:ff:43:9b:bf:
                    e5:b0:63:4b:f0:71:f5:06:a3:73:b5:18:56:ef:63:
                    9d:2b:4a:83:86:81:1a:6e:c9:d6:7f:6f:57:d5:b8:
                    b1:31:66:df:ac:82:57:08:4e:79:ec:16:38:56:a9:
                    25:5a:68:2f:d2:47:f1:e0:c8:aa:18:90:ff:fb:8c:
                    38:5a:d1:99:6f:3f:53:aa:1b:36:7d:62:15:93:3d:
                    e4:b1:58:f8:a8:c7:ec:d8:38:f8:3c:9f:28:65:cd:
                    5d:28:be:fd:f4:dc:9a:2e:fb:1c:d3:52:55:38:a1:
                    da:f6:0e:a5:54:11:d2:7b:fe:4f:81:1b:73:47:10:
                    53:d1:1a:a2:bf:21:70:9b:61:ba:f3:83:fa:4a:60:
                    be:7e:40:b3:74:3f:2b:97:93:74:5a:44:0b:69:0d:
                    a3:87:39:8b:38:b9:0d:52:7d:1c:1d:17:b8:78:9d:
                    34:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:26:8A:56:10:A0:FA:5E:C1:83:B5:9A:BE:02:AF:84:CA:A7:6C:17
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5db31593-d4f8-4d80-8920-1f55638e5662.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.186.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2b:8a:a8:2d:19:66:da:75:07:17:f6:4f:ce:28:9c:ca:7d:7f:
         51:ec:36:31:92:34:23:e6:ff:f5:71:c8:5d:9d:2b:e3:2a:b0:
         b9:76:8c:99:3e:b5:95:ec:26:4d:19:b7:6c:fa:4a:58:5d:65:
         d4:e1:c1:54:08:ea:26:9d:38:88:ec:76:f4:b9:25:94:f6:61:
         79:79:ce:2d:ca:cd:4d:c1:16:d9:e7:2a:84:8d:46:f7:bb:80:
         fa:c1:86:30:42:17:4a:07:5b:e6:86:cc:f1:20:84:da:94:73:
         08:2c:7f:75:bd:dd:18:b0:1b:90:e5:32:58:d4:d3:34:d3:87:
         75:65:84:77:44:ba:cf:cb:92:b3:e0:15:73:79:64:0b:3c:69:
         2f:fd:1b:fe:5e:69:9b:31:8b:7d:0e:72:92:8e:a6:ef:f3:1f:
         44:df:78:88:c9:f7:6d:1d:ab:bd:16:cb:94:a9:46:14:b5:06:
         bf:84:b5:5d:16:16:be:ed:5d:ad:b9:37:44:7c:bd:96:15:b2:
         70:7e:bc:9b:b0:99:a4:ef:17:b9:ed:79:5e:31:23:fb:0f:04:
         d8:60:24:d6:a8:d2:09:88:95:10:31:b7:5c:2f:de:e2:f8:c7:
         c8:58:2d:14:d9:6d:2b:10:c1:09:84:44:ef:6a:aa:3e:3e:f0:
         2e:c3:da:a7
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUPl0x/F5zA5Xi+Uiw1y6kLEMYfw4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI5MDAyMDA0WhcNMjUxMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmYjZjNzdlZDQwZWMwNWQ3YWVkYjA5M2ExZGY2ZWMwZjMx
OTYzNWNkMzJkMjFmOTJhM2RmNGUzMmI3ZTQ0MGFkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFLHvqykg4gBt00gHoXVIg9obY2n1o3cGIHfN/8idgBhoH
LdrThxdLLafc2Ui1HZHD5XEkyW1sHIW5S5Q2mpqTavTPJ2Qy86pzPqdqq2rMMRln
czSK/0Obv+WwY0vwcfUGo3O1GFbvY50rSoOGgRpuydZ/b1fVuLExZt+sglcITnns
FjhWqSVaaC/SR/HgyKoYkP/7jDha0ZlvP1OqGzZ9YhWTPeSxWPiox+zYOPg8nyhl
zV0ovv303Jou+xzTUlU4odr2DqVUEdJ7/k+BG3NHEFPRGqK/IXCbYbrzg/pKYL5+
QLN0PyuXk3RaRAtpDaOHOYs4uQ1SfRwdF7h4nTTVAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUeSaKVhCg+l7Bg7WavgKvhMqnbBcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVkYjMxNTkzLWQ0ZjgtNGQ4MC04OTIwLTFmNTU2MzhlNTY2Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQujANBgkqhkiG9w0BAQsFAAOCAQEAK4qoLRlm2nUHF/ZPziicyn1/Uew2
MZI0I+b/9XHIXZ0r4yqwuXaMmT61lewmTRm3bPpKWF1l1OHBVAjqJp04iOx29Lkl
lPZheXnOLcrNTcEW2ecqhI1G97uA+sGGMEIXSgdb5obM8SCE2pRzCCx/db3dGLAb
kOUyWNTTNNOHdWWEd0S6z8uSs+AVc3lkCzxpL/0b/l5pmzGLfQ5yko6m7/MfRN94
iMn3bR2rvRbLlKlGFLUGv4S1XRYWvu1drbk3RHy9lhWycH68m7CZpO8Xue15XjEj
+w8E2GAk1qjSCYiVEDG3XC/e4vjHyFgtFNltKxDBCYRE72qqPj7wLsPapw==
-----END CERTIFICATE-----