Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a029632-5153-421f-8163-5d2fe6018358.roa
File:                     4a029632-5153-421f-8163-5d2fe6018358.roa (raw, json)
Hash identifier:          SY36wmKHCKPS3/x4kbWSqa8ME2JqVMjZE642TKc5z58=
Subject key identifier:   72:C7:18:57:DD:77:F1:EC:D5:24:D9:5C:9D:70:B1:E2:B3:BB:51:2A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3050D0E6A6F13BC33E8BDA6759382EB69A8F90A6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a029632-5153-421f-8163-5d2fe6018358.roa
Signing time:             Sat 25 Oct 2025 00:10:09 +0000
ROA not before:           Sat 25 Oct 2025 00:10:09 +0000
ROA not after:            Sat 29 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.18.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:50:d0:e6:a6:f1:3b:c3:3e:8b:da:67:59:38:2e:b6:9a:8f:90:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 25 00:10:09 2025 GMT
            Not After : Nov 29 23:59:59 2025 GMT
        Subject: serialNumber=62d83f094d5beb9945176154ab862e7e3a5ae62b814229d0ad512a4442a3befa, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:e6:7c:62:75:10:9d:5b:23:d4:e5:1e:4b:1e:
                    2f:ec:ca:dd:90:9f:5e:c8:29:6f:1a:ca:f7:24:0e:
                    a1:bd:a7:b6:a3:b5:99:99:35:1e:fd:81:39:cb:dd:
                    f6:70:23:bf:b2:f9:f8:cb:5d:b9:80:c1:ef:6c:12:
                    b9:44:d6:91:7b:fa:af:dc:12:ff:6d:47:cf:04:ff:
                    cd:8c:88:91:9b:21:45:1a:33:c4:55:1a:c7:53:bb:
                    a8:8d:c5:07:07:a7:b8:a0:09:a4:9b:8f:b0:a6:36:
                    b9:9a:1a:4b:8f:b3:d6:07:87:01:72:e3:13:bc:ca:
                    99:75:92:f0:a0:52:28:c8:74:80:c8:07:ef:95:83:
                    dd:5a:e8:36:66:b2:9a:c3:53:22:b5:ef:df:47:53:
                    66:40:01:c8:d9:99:00:2d:aa:6b:1b:20:33:c5:36:
                    80:7b:fb:ec:fe:9b:06:c9:8b:39:d2:cc:d4:8c:67:
                    de:a5:d5:fa:43:98:c6:ae:53:e9:c4:3b:88:99:0e:
                    cf:62:58:61:31:13:1e:7b:c3:07:df:57:70:88:65:
                    c6:ba:04:d5:08:5a:92:87:59:7a:d8:7b:0f:4d:e8:
                    74:72:0c:d8:46:cf:65:3d:ed:70:51:ea:b9:2a:76:
                    28:c8:bb:7e:a7:08:34:d1:30:a4:22:ee:13:03:8a:
                    ab:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:C7:18:57:DD:77:F1:EC:D5:24:D9:5C:9D:70:B1:E2:B3:BB:51:2A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a029632-5153-421f-8163-5d2fe6018358.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.18.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         cd:13:69:a9:f3:00:f1:57:d2:0c:c4:2a:67:17:fb:cc:8a:a6:
         78:92:82:56:1e:41:18:84:3c:db:66:b8:ae:37:f9:cd:77:e0:
         11:b7:d7:0f:a9:b0:63:f8:d2:b7:04:51:fa:d1:f7:8c:fd:e2:
         a7:0d:fd:71:ac:7a:de:92:ba:bb:ef:50:2a:4f:b4:cf:6a:c4:
         0e:96:86:d3:d0:66:4e:af:1b:c7:68:5c:0d:ec:24:69:50:a4:
         63:b1:f4:5b:44:c9:da:53:42:66:a5:5e:b8:4c:8d:cd:d1:12:
         66:7c:fd:ff:bd:ff:38:89:d7:0b:96:f4:e2:f0:03:c8:0c:b2:
         2c:82:9e:f7:79:c7:a6:6c:67:63:58:d9:bb:65:04:ac:c3:ff:
         92:59:b2:76:e8:da:b3:36:5f:bb:93:d2:cb:d1:35:4e:30:9d:
         98:15:4d:81:38:8f:79:3e:89:da:9a:ff:2c:ff:3e:b0:b2:68:
         7b:d2:80:78:59:ab:c1:bd:d1:f9:00:36:2d:ff:7f:d5:37:4a:
         d8:5b:9b:da:a9:c5:3e:90:6f:8b:c4:8e:26:85:4c:91:eb:06:
         6c:d9:61:38:84:dd:13:2b:bf:70:d2:55:0e:c2:c5:c5:f2:ff:
         30:11:f2:b5:5b:70:77:c1:a1:f7:92:a1:b9:35:ea:30:12:06:
         70:55:ec:bf
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUMFDQ5qbxO8M+i9pnWTgutpqPkKYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI1MDAxMDA5WhcNMjUxMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MmQ4M2YwOTRkNWJlYjk5NDUxNzYxNTRhYjg2MmU3ZTNh
NWFlNjJiODE0MjI5ZDBhZDUxMmE0NDQyYTNiZWZhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDr5nxidRCdWyPU5R5LHi/syt2Qn17IKW8ayvckDqG9p7aj
tZmZNR79gTnL3fZwI7+y+fjLXbmAwe9sErlE1pF7+q/cEv9tR88E/82MiJGbIUUa
M8RVGsdTu6iNxQcHp7igCaSbj7CmNrmaGkuPs9YHhwFy4xO8ypl1kvCgUijIdIDI
B++Vg91a6DZmsprDUyK1799HU2ZAAcjZmQAtqmsbIDPFNoB7++z+mwbJiznSzNSM
Z96l1fpDmMauU+nEO4iZDs9iWGExEx57wwffV3CIZca6BNUIWpKHWXrYew9N6HRy
DNhGz2U97XBR6rkqdijIu36nCDTRMKQi7hMDiqsTAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUcscYV9138ezVJNlcnXCx4rO7USowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRhMDI5NjMyLTUxNTMtNDIxZi04MTYzLTVkMmZlNjAxODM1OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQEjANBgkqhkiG9w0BAQsFAAOCAQEAzRNpqfMA8VfSDMQqZxf7zIqmeJKC
Vh5BGIQ822a4rjf5zXfgEbfXD6mwY/jStwRR+tH3jP3ipw39cax63pK6u+9QKk+0
z2rEDpaG09BmTq8bx2hcDewkaVCkY7H0W0TJ2lNCZqVeuEyNzdESZnz9/73/OInX
C5b04vADyAyyLIKe93nHpmxnY1jZu2UErMP/klmydujaszZfu5PSy9E1TjCdmBVN
gTiPeT6J2pr/LP8+sLJoe9KAeFmrwb3R+QA2Lf9/1TdK2Fub2qnFPpBvi8SOJoVM
kesGbNlhOITdEyu/cNJVDsLFxfL/MBHytVtwd8Gh95KhuTXqMBIGcFXsvw==
-----END CERTIFICATE-----