Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/27c707dd-6163-4dce-bd57-52cde399da8e.roa
File:                     27c707dd-6163-4dce-bd57-52cde399da8e.roa (raw, json)
Hash identifier:          HB33na8MyM4MV58QE62AwYyOBXUjry7Wis5VhixB4yo=
Subject key identifier:   E6:BD:63:AB:C2:0F:A5:3B:5D:2B:71:4D:46:E4:80:BF:54:24:1F:25
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3E33BE0FDF8C8B8DF06EF57B09266F27ECF3CB45
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/27c707dd-6163-4dce-bd57-52cde399da8e.roa
Signing time:             Tue 30 Sep 2025 00:23:02 +0000
ROA not before:           Tue 30 Sep 2025 00:23:02 +0000
ROA not after:            Tue 04 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.90.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:33:be:0f:df:8c:8b:8d:f0:6e:f5:7b:09:26:6f:27:ec:f3:cb:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 30 00:23:02 2025 GMT
            Not After : Nov  4 23:59:59 2025 GMT
        Subject: serialNumber=b2d6b72337def1e883db08c1c95317489b3cb42c600ebea41c4115d92f642c9f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:2f:41:76:5f:92:78:c2:d6:4f:26:88:a7:25:
                    9c:b6:c9:4f:0e:05:22:96:92:43:af:de:92:a7:1a:
                    97:c9:47:05:aa:47:00:f4:03:59:a7:a3:5e:d9:32:
                    a5:77:6a:a2:55:e2:ab:c8:78:f3:23:36:2b:e3:25:
                    8d:58:a5:2c:91:48:eb:1f:9a:19:3c:9c:85:e9:e4:
                    6a:80:69:0f:a8:07:7e:89:92:a1:c3:51:88:93:e7:
                    60:a7:1a:8b:97:4d:1d:b6:d4:76:f8:4a:29:e1:ee:
                    bb:93:62:0d:c6:c5:8c:29:db:c3:77:fa:dc:c6:de:
                    0f:18:79:b4:0d:9d:ea:91:74:f6:77:fc:13:6a:d7:
                    44:b4:cf:ce:45:af:d5:12:ab:24:ca:be:b3:7d:a6:
                    87:13:68:33:24:bc:a1:2f:b5:56:2a:a9:32:72:e2:
                    1d:cb:6c:fc:e3:11:41:1d:11:ae:d8:19:04:dc:cf:
                    7c:70:49:93:74:7c:55:ab:58:a3:9e:e9:34:8e:f2:
                    90:87:c9:cb:56:92:46:17:f9:7c:58:d4:8f:86:fa:
                    4e:de:a6:45:16:20:3a:09:1e:e6:e6:8b:ca:43:30:
                    39:ff:33:53:de:c5:3a:ac:ab:48:04:7f:ab:41:21:
                    3d:93:6c:02:01:79:9d:e9:c2:dc:c4:a2:6f:4e:47:
                    35:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:BD:63:AB:C2:0F:A5:3B:5D:2B:71:4D:46:E4:80:BF:54:24:1F:25
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/27c707dd-6163-4dce-bd57-52cde399da8e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.90.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         aa:92:3b:f0:02:1a:bd:66:77:4c:22:58:24:ee:4b:9f:18:af:
         9a:1f:14:5f:df:a0:46:94:76:ab:7c:4a:01:21:c7:0f:5b:d5:
         03:f3:48:32:06:0c:d5:81:e8:82:5d:1a:f2:12:76:fb:45:e3:
         ff:f7:8e:21:9f:62:a5:7d:0e:de:d3:e7:02:7f:45:29:fa:bb:
         92:1a:ad:a1:51:12:74:70:32:4f:61:c5:6d:ed:1c:0f:e6:4f:
         a9:6c:c9:72:8e:b1:a2:04:ec:85:88:6c:0e:1a:19:d2:aa:7c:
         f5:c7:04:74:d6:61:a7:a7:7d:54:cb:b9:0a:43:db:00:f3:23:
         a7:3d:a9:ad:6b:36:22:aa:b6:31:63:fb:3f:27:a9:93:1b:b7:
         98:c1:48:c0:8a:e1:32:77:c9:f1:da:bc:23:c6:c5:ef:37:4a:
         18:89:31:02:d2:c8:09:2a:c3:55:5a:67:58:27:db:73:77:e4:
         25:75:a2:ec:28:2b:d1:8f:36:ad:c5:35:eb:15:46:68:15:60:
         30:b5:13:2d:6d:0a:c3:b9:03:bc:71:8d:9a:af:35:fb:cb:03:
         a2:f1:0a:5e:d7:a6:7b:2c:55:50:a1:47:ed:d9:26:9b:07:36:
         1b:cb:8e:6d:eb:f0:b5:20:be:86:77:e5:44:b9:31:3d:07:76:
         cd:0f:23:28
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUPjO+D9+Mi43wbvV7CSZvJ+zzy0UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTMwMDAyMzAyWhcNMjUxMTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMmQ2YjcyMzM3ZGVmMWU4ODNkYjA4YzFjOTUzMTc0ODli
M2NiNDJjNjAwZWJlYTQxYzQxMTVkOTJmNjQyYzlmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCL0F2X5J4wtZPJoinJZy2yU8OBSKWkkOv3pKnGpfJRwWq
RwD0A1mno17ZMqV3aqJV4qvIePMjNivjJY1YpSyRSOsfmhk8nIXp5GqAaQ+oB36J
kqHDUYiT52CnGouXTR221Hb4Sinh7ruTYg3GxYwp28N3+tzG3g8YebQNneqRdPZ3
/BNq10S0z85Fr9USqyTKvrN9pocTaDMkvKEvtVYqqTJy4h3LbPzjEUEdEa7YGQTc
z3xwSZN0fFWrWKOe6TSO8pCHyctWkkYX+XxY1I+G+k7epkUWIDoJHubmi8pDMDn/
M1PexTqsq0gEf6tBIT2TbAIBeZ3pwtzEom9ORzW9AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU5r1jq8IPpTtdK3FNRuSAv1QkHyUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI3YzcwN2RkLTYxNjMtNGRjZS1iZDU3LTUyY2RlMzk5ZGE4ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQWjANBgkqhkiG9w0BAQsFAAOCAQEAqpI78AIavWZ3TCJYJO5Lnxivmh8U
X9+gRpR2q3xKASHHD1vVA/NIMgYM1YHogl0a8hJ2+0Xj//eOIZ9ipX0O3tPnAn9F
Kfq7khqtoVESdHAyT2HFbe0cD+ZPqWzJco6xogTshYhsDhoZ0qp89ccEdNZhp6d9
VMu5CkPbAPMjpz2prWs2Iqq2MWP7Pyepkxu3mMFIwIrhMnfJ8dq8I8bF7zdKGIkx
AtLICSrDVVpnWCfbc3fkJXWi7Cgr0Y82rcU16xVGaBVgMLUTLW0Kw7kDvHGNmq81
+8sDovEKXtemeyxVUKFH7dkmmwc2G8uObevwtSC+hnflRLkxPQd2zQ8jKA==
-----END CERTIFICATE-----