Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7bfdfc37-13e7-4b3d-b083-7c1d8cf07ad8.roa
File:                     7bfdfc37-13e7-4b3d-b083-7c1d8cf07ad8.roa (raw, json)
Hash identifier:          CZNI2bZhggieXpBMLLt3mZR1TxfonIgxo3DyaFtGktc=
Subject key identifier:   81:86:15:51:F7:42:B4:8F:BF:1C:DF:E6:D3:3C:84:17:E8:6A:4D:ED
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2CABEB920C91E0FA13161C9FA258F656715F22A0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7bfdfc37-13e7-4b3d-b083-7c1d8cf07ad8.roa
Signing time:             Tue 30 Sep 2025 00:12:30 +0000
ROA not before:           Tue 30 Sep 2025 00:12:30 +0000
ROA not after:            Tue 04 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.53.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:ab:eb:92:0c:91:e0:fa:13:16:1c:9f:a2:58:f6:56:71:5f:22:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 30 00:12:30 2025 GMT
            Not After : Nov  4 23:59:59 2025 GMT
        Subject: serialNumber=12d6c17c17ea7c0da8c56f9e9d6a9c5207fcf3704db54cf04c7dca351f982cdb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b9:19:9d:14:db:21:0c:0e:db:d6:6f:e8:8b:
                    f5:b6:2c:a7:18:87:e6:d8:5c:40:89:51:61:df:af:
                    0d:1e:4c:77:26:c5:cf:2f:d4:1c:21:a2:83:2c:7d:
                    42:d9:c2:c7:1f:d5:4b:65:05:f6:e4:a4:7b:07:7d:
                    84:eb:53:e0:ff:1e:7f:3b:ff:0c:86:40:7e:72:66:
                    7a:c7:2b:d8:cc:5c:9f:11:32:fa:c5:8d:ff:08:2c:
                    42:7e:21:20:e1:fa:3d:60:70:09:28:62:d2:51:d4:
                    6b:08:a5:0d:ab:59:4c:91:86:70:e1:48:55:2e:a6:
                    a1:b1:b0:cf:45:2c:8c:bb:1b:19:dd:60:f3:33:b1:
                    09:a3:d2:48:6d:b3:0f:18:f0:07:4f:e7:5c:80:a0:
                    25:43:1e:4e:e6:41:13:7c:01:a3:b2:85:a2:01:93:
                    29:f5:a1:1b:54:1d:bb:03:c1:2d:d2:c7:40:7e:57:
                    4a:86:f2:d7:4d:37:b4:3d:f2:39:80:03:51:fb:58:
                    ff:d2:14:96:bd:c1:c2:be:02:84:47:74:81:61:fc:
                    1a:75:cd:9f:a1:19:b6:e4:28:11:59:60:56:be:81:
                    f5:cb:e5:a8:7d:4f:dc:a8:36:9a:ab:87:2f:f9:a1:
                    19:49:23:43:e9:f5:8e:20:48:eb:ac:11:ae:20:44:
                    be:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:86:15:51:F7:42:B4:8F:BF:1C:DF:E6:D3:3C:84:17:E8:6A:4D:ED
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7bfdfc37-13e7-4b3d-b083-7c1d8cf07ad8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.53.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a3:9c:50:d9:a5:55:38:a6:61:77:33:59:89:ce:9b:be:ae:d6:
         5e:51:b9:ab:30:4a:f5:58:ff:5b:5b:c1:78:58:6e:e7:e0:20:
         fe:6c:08:c0:26:e2:d7:6e:5d:a5:44:3c:16:ff:c4:34:a0:3e:
         03:50:d9:81:66:e0:26:d9:0b:f0:3c:72:a9:fb:dd:c7:8a:86:
         0b:8b:6f:68:33:c2:20:8d:5d:0a:25:cb:12:37:52:0c:5f:8d:
         3e:7d:d8:27:d9:4c:08:d4:77:cc:e5:8a:3a:d1:16:cd:b3:8e:
         37:93:d8:80:1e:37:e9:da:9c:32:47:d2:97:c9:08:8a:a2:11:
         3a:d1:6b:1e:d2:45:70:3c:6c:96:6e:7e:dc:55:10:56:87:31:
         f0:8f:ba:ed:84:26:78:d0:d7:ee:ae:e2:09:64:a0:cd:49:75:
         d3:b5:3e:02:4b:f0:62:f2:54:03:41:ce:37:e7:4d:8a:ab:6e:
         b0:21:50:15:b6:05:4c:4a:40:33:c8:8b:86:60:a4:05:b0:de:
         5a:d0:8a:fe:19:b2:30:15:1e:f6:5e:96:71:b6:7c:60:2c:b1:
         07:e5:3f:51:1b:d3:7c:a4:24:e6:6d:44:63:ee:83:a9:57:3e:
         de:67:62:ab:89:61:3f:53:63:83:35:96:c5:51:8f:a0:03:54:
         35:06:9e:f9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIULKvrkgyR4PoTFhyfolj2VnFfIqAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTMwMDAxMjMwWhcNMjUxMTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMmQ2YzE3YzE3ZWE3YzBkYThjNTZmOWU5ZDZhOWM1MjA3
ZmNmMzcwNGRiNTRjZjA0YzdkY2EzNTFmOTgyY2RiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPuRmdFNshDA7b1m/oi/W2LKcYh+bYXECJUWHfrw0eTHcm
xc8v1BwhooMsfULZwscf1UtlBfbkpHsHfYTrU+D/Hn87/wyGQH5yZnrHK9jMXJ8R
MvrFjf8ILEJ+ISDh+j1gcAkoYtJR1GsIpQ2rWUyRhnDhSFUupqGxsM9FLIy7Gxnd
YPMzsQmj0khtsw8Y8AdP51yAoCVDHk7mQRN8AaOyhaIBkyn1oRtUHbsDwS3Sx0B+
V0qG8tdNN7Q98jmAA1H7WP/SFJa9wcK+AoRHdIFh/Bp1zZ+hGbbkKBFZYFa+gfXL
5ah9T9yoNpqrhy/5oRlJI0Pp9Y4gSOusEa4gRL5HAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUgYYVUfdCtI+/HN/m0zyEF+hqTe0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdiZmRmYzM3LTEzZTctNGIzZC1iMDgzLTdjMWQ4Y2YwN2FkOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQNTANBgkqhkiG9w0BAQsFAAOCAQEAo5xQ2aVVOKZhdzNZic6bvq7WXlG5
qzBK9Vj/W1vBeFhu5+Ag/mwIwCbi125dpUQ8Fv/ENKA+A1DZgWbgJtkL8Dxyqfvd
x4qGC4tvaDPCII1dCiXLEjdSDF+NPn3YJ9lMCNR3zOWKOtEWzbOON5PYgB436dqc
MkfSl8kIiqIROtFrHtJFcDxslm5+3FUQVocx8I+67YQmeNDX7q7iCWSgzUl107U+
AkvwYvJUA0HON+dNiqtusCFQFbYFTEpAM8iLhmCkBbDeWtCK/hmyMBUe9l6WcbZ8
YCyxB+U/URvTfKQk5m1EY+6DqVc+3mdiq4lhP1NjgzWWxVGPoANUNQae+Q==
-----END CERTIFICATE-----