Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f1e39811-9d98-4b6e-af73-f0529b50a66b.roa
File:                     f1e39811-9d98-4b6e-af73-f0529b50a66b.roa (raw, json)
Hash identifier:          oNT2CWfWNwFN2SrwyalcbEhIQy+Qlc4fiXJ1B2pV5RI=
Subject key identifier:   86:B5:C9:16:FE:88:18:34:14:53:8C:44:17:31:61:20:E6:03:EA:75
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6F1F8854554355A658C9CD612B62C224FB912755
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f1e39811-9d98-4b6e-af73-f0529b50a66b.roa
Signing time:             Sat 04 Oct 2025 00:37:42 +0000
ROA not before:           Sat 04 Oct 2025 00:37:42 +0000
ROA not after:            Sat 08 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.186.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:1f:88:54:55:43:55:a6:58:c9:cd:61:2b:62:c2:24:fb:91:27:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  4 00:37:42 2025 GMT
            Not After : Nov  8 23:59:59 2025 GMT
        Subject: serialNumber=1b75450e3afe66659f77e51b45edeca5e7eba78331ceaf76715fa3e2ccddb53a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:95:66:c9:6c:dd:39:ad:94:e2:93:0c:02:54:
                    6f:50:04:4b:20:89:9c:a5:db:13:4a:b9:95:e7:76:
                    f7:42:36:d8:ed:0e:0d:7a:28:78:63:6a:f2:e4:5e:
                    fa:51:90:18:73:9f:16:eb:16:d3:5b:1c:e2:e9:92:
                    8b:5d:f8:7e:6f:d8:1c:8f:8e:0a:e5:70:94:0b:13:
                    70:79:17:79:b2:a3:74:f1:bf:da:ec:2f:48:c4:95:
                    4c:05:0c:46:2a:17:f6:5a:f5:8a:be:33:c4:b1:8d:
                    ab:03:54:15:ef:29:f2:2d:8f:e7:71:6e:56:83:bc:
                    6d:64:eb:6c:87:5a:7f:d0:77:82:dd:a9:9d:98:ee:
                    58:ca:03:4c:bd:71:93:6e:b4:f7:81:fd:cc:26:db:
                    1c:9e:36:e8:72:97:6d:20:6b:ce:bf:62:1f:67:a8:
                    6b:23:f7:d7:70:c4:94:1a:14:bd:89:19:e4:8e:19:
                    04:95:ae:7d:8a:76:c3:b4:de:31:1a:91:ad:a8:7b:
                    9d:d6:80:fd:07:bd:0a:d8:c0:7b:0c:7f:51:a3:1c:
                    01:70:f3:c2:97:64:b9:a5:8f:92:4b:b1:c2:44:4d:
                    a3:aa:71:20:d8:7d:6c:da:8d:bf:e9:43:5e:78:9d:
                    eb:36:91:05:6f:0e:4d:d3:4d:71:9f:c3:03:ca:87:
                    c4:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:B5:C9:16:FE:88:18:34:14:53:8C:44:17:31:61:20:E6:03:EA:75
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f1e39811-9d98-4b6e-af73-f0529b50a66b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.186.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c3:5b:e5:68:98:1a:87:a4:99:0a:85:9f:9a:d1:55:3b:ec:c0:
         a5:0f:b9:74:79:11:e8:8f:51:48:8d:ef:92:9c:9e:1e:18:14:
         49:b8:8b:3e:12:fd:ee:08:fe:52:a8:b7:e0:09:5b:cf:56:56:
         88:2e:85:3f:a3:19:dd:b7:65:55:74:aa:74:ff:fd:05:43:2d:
         8e:7d:3f:0c:f9:5c:80:69:f2:a1:ab:2e:4d:3e:90:d9:a5:66:
         fb:9f:72:87:ff:97:24:58:cf:92:6d:f2:71:4e:bb:b8:72:ce:
         11:08:e9:f4:bc:48:66:f0:98:e1:5a:95:ae:a8:26:16:a6:a8:
         3b:15:53:63:32:54:02:23:82:fa:6d:1a:ac:0a:08:41:33:3e:
         4e:7b:56:7c:49:79:99:dc:f8:f0:8b:53:f1:b9:09:f0:e9:d1:
         79:40:9c:c2:a6:bd:45:35:e8:ac:2d:7c:94:0d:3d:a4:74:2d:
         0f:56:36:a2:37:21:b0:c8:75:f8:b0:fc:d8:08:bc:65:36:6c:
         ed:5a:73:9b:68:65:93:3f:af:71:ee:f7:34:df:93:f1:59:8c:
         5f:63:00:e1:f9:a9:3e:6b:b6:b5:f7:09:5e:08:17:bc:82:dd:
         98:bf:25:2c:03:30:6d:ba:f2:8d:06:6f:21:5d:cc:a1:b4:d8:
         71:ac:b3:ee
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbx+IVFVDVaZYyc1hK2LCJPuRJ1UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA0MDAzNzQyWhcNMjUxMTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYjc1NDUwZTNhZmU2NjY1OWY3N2U1MWI0NWVkZWNhNWU3
ZWJhNzgzMzFjZWFmNzY3MTVmYTNlMmNjZGRiNTNhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDElWbJbN05rZTikwwCVG9QBEsgiZyl2xNKuZXndvdCNtjt
Dg16KHhjavLkXvpRkBhznxbrFtNbHOLpkotd+H5v2ByPjgrlcJQLE3B5F3myo3Tx
v9rsL0jElUwFDEYqF/Za9Yq+M8SxjasDVBXvKfItj+dxblaDvG1k62yHWn/Qd4Ld
qZ2Y7ljKA0y9cZNutPeB/cwm2xyeNuhyl20ga86/Yh9nqGsj99dwxJQaFL2JGeSO
GQSVrn2KdsO03jEaka2oe53WgP0HvQrYwHsMf1GjHAFw88KXZLmlj5JLscJETaOq
cSDYfWzajb/pQ154nes2kQVvDk3TTXGfwwPKh8RZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUhrXJFv6IGDQUU4xEFzFhIOYD6nUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YxZTM5ODExLTlkOTgtNGI2ZS1hZjczLWYwNTI5YjUwYTY2Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQujANBgkqhkiG9w0BAQsFAAOCAQEAw1vlaJgah6SZCoWfmtFVO+zApQ+5
dHkR6I9RSI3vkpyeHhgUSbiLPhL97gj+Uqi34Albz1ZWiC6FP6MZ3bdlVXSqdP/9
BUMtjn0/DPlcgGnyoasuTT6Q2aVm+59yh/+XJFjPkm3ycU67uHLOEQjp9LxIZvCY
4VqVrqgmFqaoOxVTYzJUAiOC+m0arAoIQTM+TntWfEl5mdz48ItT8bkJ8OnReUCc
wqa9RTXorC18lA09pHQtD1Y2ojchsMh1+LD82Ai8ZTZs7Vpzm2hlkz+vce73NN+T
8VmMX2MA4fmpPmu2tfcJXggXvILdmL8lLAMwbbryjQZvIV3MobTYcayz7g==
-----END CERTIFICATE-----