Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/59f5622d-1ca3-4310-a7bb-9aeda3799734.roa
File:                     59f5622d-1ca3-4310-a7bb-9aeda3799734.roa (raw, json)
Hash identifier:          B6191I8ESNv6NhAxz2Gz1B/aoi0Sv8NA+nHbd4XEuwI=
Subject key identifier:   43:3D:9C:57:0A:A2:B7:4A:A8:85:3B:F6:F4:81:32:78:EE:B8:46:38
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1367E942508179B4C7DC6E1B5959800840EBA6B5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/59f5622d-1ca3-4310-a7bb-9aeda3799734.roa
Signing time:             Sat 25 Oct 2025 00:01:12 +0000
ROA not before:           Sat 25 Oct 2025 00:01:12 +0000
ROA not after:            Sat 29 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.189.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:67:e9:42:50:81:79:b4:c7:dc:6e:1b:59:59:80:08:40:eb:a6:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 25 00:01:12 2025 GMT
            Not After : Nov 29 23:59:59 2025 GMT
        Subject: serialNumber=853e60ef267a3aee719cc883077b7a25cdda317f644126af134f0fe801ece929, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:ca:dd:46:40:f2:40:20:d0:ab:84:11:dd:d9:
                    58:81:71:05:88:9e:d5:3e:eb:64:3e:d1:8b:15:ba:
                    e6:b1:30:e2:89:cb:90:a2:7b:62:b8:ec:62:b9:97:
                    2c:d3:eb:01:4c:25:8f:97:d2:a4:7b:21:d7:f1:b6:
                    8d:09:1e:9a:56:73:ff:90:af:93:67:99:e6:bc:c6:
                    a5:13:6d:43:51:cc:8a:24:ba:04:d5:fc:1f:6c:af:
                    2d:3a:bd:d3:95:e6:74:5e:01:e2:96:d1:ad:9b:08:
                    26:c9:75:f2:2c:96:56:09:dc:dc:31:7d:a1:c1:4d:
                    3e:d2:b0:25:83:1e:20:eb:9f:f0:cf:8c:20:c5:03:
                    9c:79:a3:55:68:01:cd:e2:d2:f6:0a:f3:90:2f:4c:
                    f7:56:57:8e:48:4c:72:ab:72:92:4f:2a:e4:a6:38:
                    64:c6:80:ce:01:8c:76:b4:00:0a:bf:2c:0d:84:2c:
                    72:a3:50:f6:26:3c:7f:05:69:d2:4c:67:f3:03:bc:
                    c5:f9:1c:e0:0a:c3:79:67:1b:b6:07:c7:7d:ec:ed:
                    81:6c:3c:0f:ab:93:ff:58:6e:69:e6:38:a0:6a:77:
                    17:86:7d:fd:93:31:aa:93:a7:42:71:ad:e4:6a:ea:
                    6e:61:ec:08:3e:b8:4d:32:0b:93:64:9d:c9:71:be:
                    8d:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:3D:9C:57:0A:A2:B7:4A:A8:85:3B:F6:F4:81:32:78:EE:B8:46:38
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/59f5622d-1ca3-4310-a7bb-9aeda3799734.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.189.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         98:a6:3e:ee:fa:85:f7:f7:98:c7:5a:03:da:2f:9f:b3:56:b3:
         93:b6:da:47:5a:28:88:35:d0:e7:84:d4:86:b4:38:22:bd:9c:
         40:4e:07:8a:de:1b:7d:7a:97:8a:84:45:f7:be:d7:b4:89:a9:
         69:19:42:c6:84:6e:e8:42:d4:74:af:59:6c:aa:43:b7:99:96:
         0e:ba:59:3e:58:ec:cc:5d:d9:17:83:fd:97:e3:ca:2d:27:39:
         61:ef:70:4e:13:39:c9:00:2f:a0:11:df:a0:9e:3d:9a:b6:00:
         a0:45:03:90:ed:46:3b:5f:be:00:c8:dc:29:67:d2:dd:5d:59:
         7b:68:10:c4:da:75:b1:6a:f7:15:df:e2:0e:96:2a:77:03:49:
         3a:f4:4e:c6:f4:72:47:b2:63:d8:3b:ee:4c:f1:16:ee:e8:b8:
         46:35:a2:79:03:1f:eb:53:28:91:35:e4:24:35:46:14:86:e2:
         de:05:e2:d5:a1:9a:d5:73:ce:0e:35:ce:65:b2:82:95:9e:25:
         bc:8a:8b:a2:52:5f:99:d0:f6:13:ba:44:84:0e:7e:31:d2:41:
         28:9d:22:f7:38:10:d3:df:89:87:2a:06:d3:0f:26:82:82:38:
         32:19:e1:c4:06:92:e6:68:4e:4b:88:a4:57:c1:32:19:a1:a6:
         e0:4b:ee:3c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUE2fpQlCBebTH3G4bWVmACEDrprUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI1MDAwMTEyWhcNMjUxMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NTNlNjBlZjI2N2EzYWVlNzE5Y2M4ODMwNzdiN2EyNWNk
ZGEzMTdmNjQ0MTI2YWYxMzRmMGZlODAxZWNlOTI5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCNyt1GQPJAINCrhBHd2ViBcQWIntU+62Q+0YsVuuaxMOKJ
y5Cie2K47GK5lyzT6wFMJY+X0qR7Idfxto0JHppWc/+Qr5Nnmea8xqUTbUNRzIok
ugTV/B9sry06vdOV5nReAeKW0a2bCCbJdfIsllYJ3NwxfaHBTT7SsCWDHiDrn/DP
jCDFA5x5o1VoAc3i0vYK85AvTPdWV45ITHKrcpJPKuSmOGTGgM4BjHa0AAq/LA2E
LHKjUPYmPH8FadJMZ/MDvMX5HOAKw3lnG7YHx33s7YFsPA+rk/9YbmnmOKBqdxeG
ff2TMaqTp0JxreRq6m5h7Ag+uE0yC5Nknclxvo2HAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUQz2cVwqit0qohTv29IEyeO64RjgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU5ZjU2MjJkLTFjYTMtNDMxMC1hN2JiLTlhZWRhMzc5OTczNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQvTANBgkqhkiG9w0BAQsFAAOCAQEAmKY+7vqF9/eYx1oD2i+fs1azk7ba
R1ooiDXQ54TUhrQ4Ir2cQE4Hit4bfXqXioRF977XtImpaRlCxoRu6ELUdK9ZbKpD
t5mWDrpZPljszF3ZF4P9l+PKLSc5Ye9wThM5yQAvoBHfoJ49mrYAoEUDkO1GO1++
AMjcKWfS3V1Ze2gQxNp1sWr3Fd/iDpYqdwNJOvROxvRyR7Jj2DvuTPEW7ui4RjWi
eQMf61MokTXkJDVGFIbi3gXi1aGa1XPODjXOZbKClZ4lvIqLolJfmdD2E7pEhA5+
MdJBKJ0i9zgQ09+JhyoG0w8mgoI4MhnhxAaS5mhOS4ikV8EyGaGm4EvuPA==
-----END CERTIFICATE-----