Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7aa0904e-f2c8-4b9d-917f-872e24dc4d90.roa
File:                     7aa0904e-f2c8-4b9d-917f-872e24dc4d90.roa (raw, json)
Hash identifier:          EefWbVj9LTXfbC7ocqMo5PvypxRHWMZx0XSzW1gzjJo=
Subject key identifier:   E8:53:8F:92:EE:30:78:F9:E4:DD:B4:76:9A:56:71:F4:00:10:43:CC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6890B398EFE3BDE6BCE315D50A4CC40BB556B93F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7aa0904e-f2c8-4b9d-917f-872e24dc4d90.roa
Signing time:             Tue 11 Nov 2025 01:31:35 +0000
ROA not before:           Tue 11 Nov 2025 01:31:35 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.56.0.0/18 maxlen: 18
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:90:b3:98:ef:e3:bd:e6:bc:e3:15:d5:0a:4c:c4:0b:b5:56:b9:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:31:35 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=5e870cd4e0cf9b0432582038d29a7a542dd13b36fbb08ef7fa1cac509e5681c9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b9:50:98:73:6f:92:33:f1:1d:3b:c7:5a:53:
                    be:28:0e:6e:1e:db:84:f0:0e:25:66:18:ff:a9:e4:
                    3a:5b:c5:48:a6:4b:7c:78:fb:5e:41:1f:51:00:a7:
                    79:84:43:18:45:f7:ab:2b:90:ec:42:c7:f0:2b:cc:
                    cc:b0:bc:25:91:06:82:68:60:fa:8e:c1:7d:d3:79:
                    f9:87:7c:00:17:d5:21:84:11:e9:fc:d9:0e:c5:52:
                    b3:8f:14:f3:ae:96:fb:42:49:25:f7:82:18:be:9b:
                    2e:f4:d2:ec:39:15:b8:67:89:bc:8a:7d:f1:f6:11:
                    0c:3c:85:8f:00:9a:36:1f:e3:c9:90:f0:7b:35:02:
                    4a:b5:27:31:c0:6c:41:fb:be:88:57:9f:84:c7:0e:
                    45:28:a1:7c:14:b3:8a:50:92:d0:82:bd:b1:cd:76:
                    d5:59:70:22:4e:00:83:ba:47:38:2a:dc:0c:34:db:
                    40:13:89:09:7f:e5:f9:37:48:e1:72:76:4a:74:4d:
                    9a:0d:f0:3b:4d:a6:43:38:20:cb:d9:89:94:13:1d:
                    d2:35:2b:84:6e:f9:e4:98:08:73:19:35:23:0d:ba:
                    3e:a2:a8:f1:d4:81:15:b8:45:bd:b0:66:9b:06:71:
                    06:e0:9d:73:20:c3:b0:a5:54:37:bd:b4:12:b5:f0:
                    93:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:53:8F:92:EE:30:78:F9:E4:DD:B4:76:9A:56:71:F4:00:10:43:CC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7aa0904e-f2c8-4b9d-917f-872e24dc4d90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.56.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         ae:85:50:e8:06:17:37:cd:1a:3e:a0:3d:62:93:1f:71:cc:76:
         7b:98:2f:ad:b2:a0:49:cf:e7:65:63:2b:d5:68:ca:a2:3f:b9:
         fa:1e:b4:24:11:14:c7:a2:7d:a3:db:aa:b0:98:0f:78:71:2b:
         6b:c3:7e:fb:e0:2f:e2:03:97:f1:0f:b6:7e:96:5f:a4:8c:d7:
         fa:7d:6d:5e:65:1d:7e:15:56:88:4a:36:7c:df:17:fe:ca:1e:
         14:de:6a:2d:55:22:c2:5d:c2:9a:63:f5:59:12:2e:12:06:42:
         7d:8f:ff:83:a6:4c:e2:f6:fd:e3:9d:f2:da:2d:5e:21:6c:a8:
         aa:6d:84:c4:10:f7:79:aa:12:4b:1f:32:f9:6a:db:44:a7:43:
         6c:e0:7a:ae:29:c1:0f:ed:62:62:32:7b:18:c1:6f:5d:c7:f7:
         56:79:a7:7c:06:7d:40:52:3b:62:79:d8:d1:99:43:4e:0b:a1:
         3d:b6:77:41:62:a0:90:43:23:23:bb:b2:a1:ef:1b:aa:22:6c:
         14:c6:6c:ab:a3:5e:cb:6b:99:c4:9c:b7:e2:70:0d:1d:10:dc:
         dd:bc:14:13:5d:d9:c5:f5:9c:ee:cb:57:78:ab:78:ac:92:d4:
         a5:a2:7c:80:67:a1:81:14:e6:df:ed:0b:bd:78:0e:1d:0d:8f:
         f4:27:19:72
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaJCzmO/jvea84xXVCkzEC7VWuT8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDEzMTM1WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZTg3MGNkNGUwY2Y5YjA0MzI1ODIwMzhkMjlhN2E1NDJk
ZDEzYjM2ZmJiMDhlZjdmYTFjYWM1MDllNTY4MWM5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCiuVCYc2+SM/EdO8daU74oDm4e24TwDiVmGP+p5DpbxUim
S3x4+15BH1EAp3mEQxhF96srkOxCx/ArzMywvCWRBoJoYPqOwX3TefmHfAAX1SGE
Een82Q7FUrOPFPOulvtCSSX3ghi+my700uw5FbhnibyKffH2EQw8hY8AmjYf48mQ
8Hs1Akq1JzHAbEH7vohXn4THDkUooXwUs4pQktCCvbHNdtVZcCJOAIO6Rzgq3Aw0
20ATiQl/5fk3SOFydkp0TZoN8DtNpkM4IMvZiZQTHdI1K4Ru+eSYCHMZNSMNuj6i
qPHUgRW4Rb2wZpsGcQbgnXMgw7ClVDe9tBK18JOZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6FOPku4wePnk3bR2mlZx9AAQQ8wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdhYTA5MDRlLWYyYzgtNGI5ZC05MTdmLTg3MmUyNGRjNGQ5MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYQOAAwDQYJKoZIhvcNAQELBQADggEBAK6FUOgGFzfNGj6gPWKTH3HMdnuY
L62yoEnP52VjK9VoyqI/ufoetCQRFMeifaPbqrCYD3hxK2vDfvvgL+IDl/EPtn6W
X6SM1/p9bV5lHX4VVohKNnzfF/7KHhTeai1VIsJdwppj9VkSLhIGQn2P/4OmTOL2
/eOd8totXiFsqKpthMQQ93mqEksfMvlq20SnQ2zgeq4pwQ/tYmIyexjBb13H91Z5
p3wGfUBSO2J52NGZQ04LoT22d0FioJBDIyO7sqHvG6oibBTGbKujXstrmcSct+Jw
DR0Q3N28FBNd2cX1nO7LV3ireKyS1KWifIBnoYEU5t/tC714Dh0Nj/QnGXI=
-----END CERTIFICATE-----