Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8991f83e-ff4c-4d8b-9498-4f1f3ce1b454.roa
File:                     8991f83e-ff4c-4d8b-9498-4f1f3ce1b454.roa (raw, json)
Hash identifier:          ZR+zFGbh/HvaRWMRXfiydQVjLql/IP6nHkZ4ool6lE0=
Subject key identifier:   D9:E0:C9:9A:56:AC:5A:D4:DF:8D:82:16:79:C9:56:B9:A6:1F:D0:67
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5E9A251B29F6ECA6FE447B1DBD07B7351FD94361
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8991f83e-ff4c-4d8b-9498-4f1f3ce1b454.roa
Signing time:             Sun 26 Oct 2025 01:00:01 +0000
ROA not before:           Sun 26 Oct 2025 01:00:01 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.21.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:9a:25:1b:29:f6:ec:a6:fe:44:7b:1d:bd:07:b7:35:1f:d9:43:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 01:00:01 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=0736ffce47a2ae547be8af49b03370464b66239b1817e06965f9ff7996b9e4c5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:d1:50:45:cc:d4:90:eb:cb:af:f7:d5:e5:04:
                    4d:c7:2b:88:be:4e:de:04:37:06:04:42:1d:4e:d9:
                    bc:ab:7a:04:66:9d:c5:80:ca:2a:40:b4:9c:d4:a8:
                    a4:e6:2d:b5:f0:7a:84:7d:e3:0b:0d:a2:22:dc:4d:
                    ce:e3:98:7e:3d:5e:87:18:61:20:6d:3c:04:1b:3d:
                    5d:31:b6:31:4b:8a:ad:64:7e:ef:a6:43:83:22:64:
                    d9:7d:08:11:ff:97:60:f4:ca:73:7a:99:22:db:78:
                    8e:4e:e7:99:17:29:1b:92:c5:60:a6:22:83:9e:eb:
                    90:15:21:9e:00:f5:31:6e:dd:c6:e8:8a:91:69:e9:
                    4e:e2:db:81:b5:4f:28:59:51:02:34:0c:7c:20:39:
                    4f:f8:81:0a:6b:e3:6c:9b:ee:93:09:65:19:81:ae:
                    61:8e:57:0a:1e:93:78:cc:8c:a2:75:83:0e:c9:f6:
                    3b:47:8d:74:ea:6e:3d:94:b0:46:dc:19:fa:eb:d2:
                    6e:6e:90:fe:5f:40:17:4d:e8:60:9a:16:2f:5c:f0:
                    ea:43:2d:4d:f4:9d:d5:09:51:f2:54:e3:e9:51:69:
                    31:9d:42:6f:26:2f:0b:d2:ea:6f:89:1c:57:a7:88:
                    c6:31:f7:68:d5:9e:fb:f3:af:40:ad:34:ca:14:3f:
                    af:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:E0:C9:9A:56:AC:5A:D4:DF:8D:82:16:79:C9:56:B9:A6:1F:D0:67
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8991f83e-ff4c-4d8b-9498-4f1f3ce1b454.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.21.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d8:33:0e:64:b5:bd:82:38:ca:3c:af:b0:21:16:e5:f6:43:aa:
         ba:29:f3:72:e2:7a:e5:ea:21:cc:07:c4:7a:af:37:05:ee:5a:
         36:8d:e9:af:ac:d5:15:37:80:cb:c3:6a:dc:66:5c:4f:e8:ca:
         19:bd:ba:ab:79:d7:e5:c8:db:d2:74:4e:f5:18:74:1f:9d:36:
         b9:5d:c3:26:08:3c:05:bf:7f:c4:7e:c5:50:87:64:ca:d8:85:
         87:d6:e8:d9:fb:dc:4b:26:ab:b1:84:ae:3e:88:e0:f4:7a:a7:
         2d:81:e5:a1:a9:99:59:bf:2b:64:e7:31:20:54:ce:84:60:45:
         b5:d9:01:6b:f5:b2:96:bf:a2:b7:ae:d9:9f:df:ca:76:34:ea:
         11:ca:29:4f:c9:ad:4e:6a:36:cd:51:50:75:75:15:8a:5f:00:
         4c:72:7b:41:51:ac:f4:67:88:4f:bb:8a:65:09:d6:55:6f:c9:
         19:e0:f3:60:22:86:6b:c6:ca:33:08:66:27:ae:56:a4:ac:7b:
         e7:f3:93:bb:4c:50:06:11:27:9e:0c:b9:84:95:21:0e:60:20:
         84:bd:59:d9:db:fd:25:4e:a3:d8:d8:29:3e:03:84:72:14:fa:
         3b:17:cf:9b:c7:53:33:dd:d7:15:e7:d4:e1:0d:95:bf:ab:d6:
         db:f0:3e:d0
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUXpolGyn27Kb+RHsdvQe3NR/ZQ2EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDEwMDAxWhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNzM2ZmZjZTQ3YTJhZTU0N2JlOGFmNDliMDMzNzA0NjRi
NjYyMzliMTgxN2UwNjk2NWY5ZmY3OTk2YjllNGM1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCk0VBFzNSQ68uv99XlBE3HK4i+Tt4ENwYEQh1O2byregRm
ncWAyipAtJzUqKTmLbXweoR94wsNoiLcTc7jmH49XocYYSBtPAQbPV0xtjFLiq1k
fu+mQ4MiZNl9CBH/l2D0ynN6mSLbeI5O55kXKRuSxWCmIoOe65AVIZ4A9TFu3cbo
ipFp6U7i24G1TyhZUQI0DHwgOU/4gQpr42yb7pMJZRmBrmGOVwoek3jMjKJ1gw7J
9jtHjXTqbj2UsEbcGfrr0m5ukP5fQBdN6GCaFi9c8OpDLU30ndUJUfJU4+lRaTGd
Qm8mLwvS6m+JHFeniMYx92jVnvvzr0CtNMoUP69jAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU2eDJmlasWtTfjYIWeclWuaYf0GcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg5OTFmODNlLWZmNGMtNGQ4Yi05NDk4LTRmMWYzY2UxYjQ1NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQFTANBgkqhkiG9w0BAQsFAAOCAQEA2DMOZLW9gjjKPK+wIRbl9kOquinz
cuJ65eohzAfEeq83Be5aNo3pr6zVFTeAy8Nq3GZcT+jKGb26q3nX5cjb0nRO9Rh0
H502uV3DJgg8Bb9/xH7FUIdkytiFh9bo2fvcSyarsYSuPojg9HqnLYHloamZWb8r
ZOcxIFTOhGBFtdkBa/Wylr+it67Zn9/KdjTqEcopT8mtTmo2zVFQdXUVil8ATHJ7
QVGs9GeIT7uKZQnWVW/JGeDzYCKGa8bKMwhmJ65WpKx75/OTu0xQBhEnngy5hJUh
DmAghL1Z2dv9JU6j2NgpPgOEchT6OxfPm8dTM93XFefU4Q2Vv6vW2/A+0A==
-----END CERTIFICATE-----