Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a5a2f6a8-3e69-4d87-82a9-ab06bfa8dc23.roa
File:                     a5a2f6a8-3e69-4d87-82a9-ab06bfa8dc23.roa (raw, json)
Hash identifier:          Efrj52M+E0dUNe/ja7zeCskIBGdIF5yGKdVlmEwUDEY=
Subject key identifier:   DC:D4:09:CA:14:B1:2E:F4:2C:CC:99:E9:86:E9:BC:91:CF:FD:B9:44
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6DEEB77DABB676E28CD2231A89766145A76754D3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a5a2f6a8-3e69-4d87-82a9-ab06bfa8dc23.roa
Signing time:             Tue 11 Nov 2025 02:30:40 +0000
ROA not before:           Tue 11 Nov 2025 02:30:40 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.24.0.0/15 maxlen: 15
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:ee:b7:7d:ab:b6:76:e2:8c:d2:23:1a:89:76:61:45:a7:67:54:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 02:30:40 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=5bd4369dc4c761c9989f2c20215cc3fdc5fdf4fec13245e90cf39b8e95d78cd1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:6f:8a:5b:fe:4b:fb:8e:11:00:4b:90:90:dd:
                    4c:12:40:03:5a:d5:b6:16:73:ba:bb:76:c8:d6:05:
                    ee:4e:12:fe:fc:fd:59:56:81:3a:0a:51:9a:99:16:
                    fb:63:ef:89:61:44:9c:83:8e:61:23:e7:90:fb:5d:
                    f8:2f:54:1e:72:2a:58:65:ea:7a:5c:65:77:65:9f:
                    5b:5d:46:95:e0:6e:8e:3f:78:12:95:4a:b3:12:72:
                    ed:fa:7f:41:c8:56:b3:68:88:79:ce:43:14:d8:ef:
                    10:a9:61:9d:18:37:7f:0e:a0:0b:7d:ea:4f:36:3b:
                    f8:8b:a8:48:d0:8f:8b:ab:7f:bf:fe:62:fc:cb:d9:
                    0e:48:64:17:94:be:9f:78:9d:ae:04:33:19:8e:96:
                    5e:31:72:ea:ea:c8:ae:de:5b:7b:d2:57:75:f6:ec:
                    20:bb:c6:12:59:9b:0f:d4:f4:18:ea:43:4a:62:77:
                    44:87:a9:a5:56:0d:77:7b:9a:2a:72:28:df:b3:35:
                    ff:93:95:29:a7:28:b5:d2:7c:f0:6c:1b:c8:20:13:
                    c4:63:59:fd:8b:9f:d4:cb:d7:52:ba:86:37:c4:95:
                    fb:c9:23:37:76:56:8c:44:a4:82:39:c3:4f:bf:cf:
                    6f:69:cb:3e:49:c6:b6:18:24:b2:c3:a4:cb:0c:f6:
                    5d:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:D4:09:CA:14:B1:2E:F4:2C:CC:99:E9:86:E9:BC:91:CF:FD:B9:44
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a5a2f6a8-3e69-4d87-82a9-ab06bfa8dc23.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.24.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         8b:46:f5:66:e0:70:8e:f7:13:76:31:b1:f9:ac:99:97:c6:4b:
         30:bb:d0:02:42:26:74:d1:b5:ac:4d:dd:08:4b:63:16:40:cf:
         5f:c7:88:76:22:fa:d8:4f:c0:5d:12:fb:a1:ed:be:5c:af:a7:
         d5:b7:79:5d:09:8c:a8:f8:16:bf:12:7c:dc:c8:91:9d:39:e8:
         bb:07:04:4b:4b:3a:40:dd:75:21:65:ea:5c:a5:dc:83:6b:5a:
         71:a6:e5:30:ba:55:26:b2:9f:5c:c2:f9:9d:c9:42:b8:cc:c6:
         76:66:75:1b:9d:71:70:98:d3:0b:bb:d2:4f:a4:36:81:de:11:
         50:77:f8:dc:05:b2:2e:f1:fc:df:de:e2:40:90:80:ee:58:f4:
         e7:75:23:d3:bf:e6:03:d7:f9:b5:d2:e5:03:6e:94:02:01:d9:
         8b:bf:c2:8e:c9:ab:b7:91:18:43:c8:c4:98:00:3f:43:13:3d:
         02:f1:fd:91:69:bc:e4:62:10:21:89:64:61:dc:24:56:10:78:
         cb:30:07:fc:68:82:62:3a:3d:a8:00:c7:89:dc:e1:86:44:a9:
         e6:7d:01:2a:b3:9c:08:c3:b2:ac:36:aa:e7:83:87:c0:fa:c3:
         08:33:64:3a:2b:6d:50:57:85:2e:fe:63:10:6e:d5:57:b7:3a:
         5a:84:34:04
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbe63fau2duKM0iMaiXZhRadnVNMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDIzMDQwWhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YmQ0MzY5ZGM0Yzc2MWM5OTg5ZjJjMjAyMTVjYzNmZGM1
ZmRmNGZlYzEzMjQ1ZTkwY2YzOWI4ZTk1ZDc4Y2QxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6b4pb/kv7jhEAS5CQ3UwSQANa1bYWc7q7dsjWBe5OEv78
/VlWgToKUZqZFvtj74lhRJyDjmEj55D7XfgvVB5yKlhl6npcZXdln1tdRpXgbo4/
eBKVSrMScu36f0HIVrNoiHnOQxTY7xCpYZ0YN38OoAt96k82O/iLqEjQj4urf7/+
YvzL2Q5IZBeUvp94na4EMxmOll4xcurqyK7eW3vSV3X27CC7xhJZmw/U9BjqQ0pi
d0SHqaVWDXd7mipyKN+zNf+TlSmnKLXSfPBsG8ggE8RjWf2Ln9TL11K6hjfElfvJ
Izd2VoxEpII5w0+/z29pyz5JxrYYJLLDpMsM9l0hAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU3NQJyhSxLvQszJnphum8kc/9uUQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E1YTJmNmE4LTNlNjktNGQ4Ny04MmE5LWFiMDZiZmE4ZGMyMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEQGDANBgkqhkiG9w0BAQsFAAOCAQEAi0b1ZuBwjvcTdjGx+ayZl8ZLMLvQ
AkImdNG1rE3dCEtjFkDPX8eIdiL62E/AXRL7oe2+XK+n1bd5XQmMqPgWvxJ83MiR
nTnouwcES0s6QN11IWXqXKXcg2tacablMLpVJrKfXML5nclCuMzGdmZ1G51xcJjT
C7vST6Q2gd4RUHf43AWyLvH8397iQJCA7lj053Uj07/mA9f5tdLlA26UAgHZi7/C
jsmrt5EYQ8jEmAA/QxM9AvH9kWm85GIQIYlkYdwkVhB4yzAH/GiCYjo9qADHidzh
hkSp5n0BKrOcCMOyrDaq54OHwPrDCDNkOittUFeFLv5jEG7VV7c6WoQ0BA==
-----END CERTIFICATE-----