Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db7a66bc-8f79-4047-8130-2672617f220a.roa
File:                     db7a66bc-8f79-4047-8130-2672617f220a.roa (raw, json)
Hash identifier:          Jrbz0aQde0gVI1ngVeKvyWMv1zZ6/VRLUOormPClw+Y=
Subject key identifier:   E2:13:9F:C0:71:90:F0:B6:4F:3A:F3:7C:61:50:02:9E:6B:55:6B:D6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7A128729B69023AA6E8EDFD6E54483069A9DAFF1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db7a66bc-8f79-4047-8130-2672617f220a.roa
Signing time:             Sun 16 Nov 2025 00:30:14 +0000
ROA not before:           Sun 16 Nov 2025 00:30:14 +0000
ROA not after:            Sun 21 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.3.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:12:87:29:b6:90:23:aa:6e:8e:df:d6:e5:44:83:06:9a:9d:af:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 16 00:30:14 2025 GMT
            Not After : Dec 21 23:59:59 2025 GMT
        Subject: serialNumber=9ed531e077fca05129126559dff07632d4f9594354f9695db750424407c29499, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:58:46:8e:c4:ee:54:b2:f4:e6:64:7a:d4:f7:
                    eb:7e:98:ae:84:95:9e:11:6c:fe:47:82:a3:12:db:
                    29:6b:02:d7:0c:3a:1c:84:7c:92:9f:26:cd:ff:0c:
                    d0:d6:d3:c2:87:c6:3b:6f:44:17:07:39:a2:a7:f5:
                    e2:12:36:89:84:01:fc:8d:c2:d5:98:d9:07:d9:61:
                    6c:51:0d:c5:22:44:05:13:d2:a3:e3:1d:41:b0:4d:
                    96:a1:c3:f6:25:ee:b4:96:04:cf:f4:52:f8:49:fa:
                    b7:96:bf:9e:3f:f4:36:fd:58:98:c9:37:9d:a6:5c:
                    2f:d4:eb:d4:35:fd:e0:85:06:a4:08:89:bf:e0:a4:
                    4c:1d:23:3c:af:47:98:73:33:21:b2:6d:e0:25:c9:
                    53:f8:4d:6d:4e:ca:72:11:60:96:39:45:87:7a:f6:
                    ca:7a:53:78:52:4e:eb:16:41:bb:f6:fc:6b:9f:1e:
                    7c:fc:f2:44:aa:7c:21:b4:29:88:20:e1:61:e5:ff:
                    95:0c:e6:e2:f4:b2:78:ec:d8:fd:99:92:97:68:bd:
                    e6:ee:b2:a0:12:de:d6:b1:4c:69:63:f2:0b:b9:1c:
                    ea:14:ca:0c:20:f3:56:c8:23:2a:40:a7:5d:2a:fc:
                    7b:60:e1:a1:9c:0d:51:c4:6c:07:6d:61:5b:b1:be:
                    9a:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:13:9F:C0:71:90:F0:B6:4F:3A:F3:7C:61:50:02:9E:6B:55:6B:D6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db7a66bc-8f79-4047-8130-2672617f220a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.3.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5e:7a:2b:53:18:e5:ea:4f:67:87:75:00:36:2c:f6:ac:3f:43:
         61:71:dc:35:56:12:37:34:bc:5f:5c:fb:f3:b7:38:e2:b3:f4:
         75:dd:39:c9:f2:3b:4c:55:d7:4d:87:73:07:b2:e3:fe:38:3e:
         a8:83:ff:0c:4c:3b:a1:87:72:c5:30:2b:2a:be:5a:3d:06:ea:
         50:52:1e:d3:05:16:9b:a3:d0:08:8c:74:8b:fe:95:22:88:b7:
         f7:a0:f0:57:2a:75:97:45:dd:a7:7f:74:fa:61:62:86:c9:a9:
         c7:8a:21:9f:fc:2c:51:36:ae:df:1b:1a:fc:c4:dc:0d:8d:db:
         30:f5:f6:37:d3:bd:33:38:88:43:2d:d8:24:84:5c:92:da:7c:
         62:6a:db:85:a2:1d:4f:7b:58:60:55:fd:2e:7c:73:c4:b1:81:
         d8:c0:e5:39:be:ed:b8:06:85:d0:31:82:a0:db:1e:89:85:e9:
         5d:0d:45:cd:1b:57:95:e4:97:89:4d:82:e0:9c:f2:72:a8:4a:
         5b:9d:cc:d2:2c:88:6c:ac:b3:6f:6d:40:2e:ae:8c:1d:e6:05:
         42:a8:e7:d0:82:2e:a0:68:1a:86:e7:cf:92:c1:ad:5f:4b:10:
         91:e9:45:4a:14:77:cf:0a:5f:2a:11:74:95:2e:a4:8f:29:91:
         20:6f:79:4a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUehKHKbaQI6pujt/W5USDBpqdr/EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE2MDAzMDE0WhcNMjUxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZWQ1MzFlMDc3ZmNhMDUxMjkxMjY1NTlkZmYwNzYzMmQ0
Zjk1OTQzNTRmOTY5NWRiNzUwNDI0NDA3YzI5NDk5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvWEaOxO5UsvTmZHrU9+t+mK6ElZ4RbP5HgqMS2ylrAtcM
OhyEfJKfJs3/DNDW08KHxjtvRBcHOaKn9eISNomEAfyNwtWY2QfZYWxRDcUiRAUT
0qPjHUGwTZahw/Yl7rSWBM/0UvhJ+reWv54/9Db9WJjJN52mXC/U69Q1/eCFBqQI
ib/gpEwdIzyvR5hzMyGybeAlyVP4TW1OynIRYJY5RYd69sp6U3hSTusWQbv2/Guf
Hnz88kSqfCG0KYgg4WHl/5UM5uL0snjs2P2ZkpdovebusqAS3taxTGlj8gu5HOoU
ygwg81bIIypAp10q/Htg4aGcDVHEbAdtYVuxvppHAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU4hOfwHGQ8LZPOvN8YVACnmtVa9YwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RiN2E2NmJjLThmNzktNDA0Ny04MTMwLTI2NzI2MTdmMjIwYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQAzANBgkqhkiG9w0BAQsFAAOCAQEAXnorUxjl6k9nh3UANiz2rD9DYXHc
NVYSNzS8X1z787c44rP0dd05yfI7TFXXTYdzB7Lj/jg+qIP/DEw7oYdyxTArKr5a
PQbqUFIe0wUWm6PQCIx0i/6VIoi396DwVyp1l0Xdp390+mFihsmpx4ohn/wsUTau
3xsa/MTcDY3bMPX2N9O9MziIQy3YJIRcktp8YmrbhaIdT3tYYFX9LnxzxLGB2MDl
Ob7tuAaF0DGCoNseiYXpXQ1FzRtXleSXiU2C4JzycqhKW53M0iyIbKyzb21ALq6M
HeYFQqjn0IIuoGgahufPksGtX0sQkelFShR3zwpfKhF0lS6kjymRIG95Sg==
-----END CERTIFICATE-----