Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9fc7701e-a287-47d6-a5b1-d8e702f5a9ac.roa
File:                     9fc7701e-a287-47d6-a5b1-d8e702f5a9ac.roa (raw, json)
Hash identifier:          iM9l/N0dNo50MU0NDOOX9tPIT4y6V08DOfbLgKsGjto=
Subject key identifier:   4C:40:46:89:1B:A2:4B:3E:7A:EE:87:F9:33:6C:E6:EB:9F:AF:90:C5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       79F80F78766945F722AC807CF7D6A5A33B7E2A14
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9fc7701e-a287-47d6-a5b1-d8e702f5a9ac.roa
Signing time:             Sat 25 Oct 2025 00:00:36 +0000
ROA not before:           Sat 25 Oct 2025 00:00:36 +0000
ROA not after:            Sat 29 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.77.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:f8:0f:78:76:69:45:f7:22:ac:80:7c:f7:d6:a5:a3:3b:7e:2a:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 25 00:00:36 2025 GMT
            Not After : Nov 29 23:59:59 2025 GMT
        Subject: serialNumber=bc613efbb15d9c9e48893287dec823583851d43b81daba94e690e7a7ff4e7396, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ba:2c:61:68:94:b5:24:bb:a8:6f:10:05:50:
                    1b:41:7c:91:c1:1e:06:81:fe:80:0b:dd:48:02:a5:
                    4f:d9:61:fa:b7:9c:bd:1b:f4:23:d2:ed:71:56:64:
                    b3:6f:ef:6c:5b:d0:6d:8f:59:2f:af:66:73:8b:29:
                    8f:6b:1a:7e:6e:3c:ee:63:67:f4:08:d9:f6:11:21:
                    4f:02:7c:72:54:09:f5:83:e3:24:8e:4a:27:6c:01:
                    52:4d:f2:97:ea:3d:12:7a:d4:54:37:a0:e9:aa:ea:
                    c4:88:77:cf:bd:8b:df:d7:f8:7d:2a:d8:c7:bf:e1:
                    e8:9b:b7:7c:0a:48:f0:2c:30:cf:0f:a5:b0:a4:a4:
                    28:8b:ce:1b:e5:54:c1:83:ed:29:a0:14:9f:77:78:
                    8d:36:ac:c2:1b:c8:61:69:3c:6f:29:35:75:53:6c:
                    c7:c4:f8:7b:2d:6b:0b:cf:06:3f:2b:d1:ca:de:0f:
                    c5:c5:c3:da:58:5c:73:b6:24:e1:2c:08:5d:de:c9:
                    ca:d0:e3:78:47:82:aa:5c:3c:2c:9b:e7:7a:3f:38:
                    fa:ce:7f:a3:02:d9:22:b6:a5:ae:9b:87:9d:0a:06:
                    47:c1:9b:4b:18:9d:1b:dc:3c:fd:f3:02:4f:e5:5b:
                    8a:12:a2:b6:37:9e:94:95:50:d6:ba:c9:9a:ef:46:
                    b0:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:40:46:89:1B:A2:4B:3E:7A:EE:87:F9:33:6C:E6:EB:9F:AF:90:C5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9fc7701e-a287-47d6-a5b1-d8e702f5a9ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.77.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         45:b5:cd:6d:f0:c0:7e:c6:8a:f5:09:f8:62:cc:0e:c3:bc:0a:
         b8:b6:8b:da:f5:ed:f3:9a:54:14:09:86:7d:45:19:f0:93:d1:
         cf:26:02:2c:b0:46:fe:9b:d1:0b:1c:e7:6a:8b:3d:dc:62:35:
         90:27:ca:79:9f:5f:25:15:42:d0:38:24:18:a0:28:66:ff:b0:
         9b:5d:c2:46:b6:7d:11:c9:31:b8:5c:4d:ca:3c:c7:a5:a9:01:
         aa:04:be:64:d1:05:27:39:22:4d:31:70:34:55:c9:37:cb:73:
         7e:e3:95:4b:82:25:98:1d:d9:c8:da:69:f2:07:41:93:90:b4:
         ef:43:ce:49:04:68:f6:1a:0d:a1:ba:f0:ed:a2:78:78:78:2b:
         87:de:39:ae:f4:04:3a:92:ec:4e:ad:fa:56:24:b6:01:98:68:
         87:0c:e5:7d:d2:d8:84:c0:93:19:2a:db:1d:40:4f:1a:82:19:
         64:20:02:2b:59:01:37:1d:38:e1:51:0f:39:db:45:1b:dd:e8:
         8b:00:15:e0:42:fd:9d:14:46:46:63:8b:63:b0:39:fb:e0:49:
         3b:1c:cb:f4:49:ab:d8:2d:69:57:07:4d:e0:19:bb:65:c2:93:
         18:94:6b:d7:c7:ae:1f:64:0e:78:29:42:39:07:fa:1d:8e:81:
         1e:03:14:8a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUefgPeHZpRfcirIB899alozt+KhQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI1MDAwMDM2WhcNMjUxMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BiYzYxM2VmYmIxNWQ5YzllNDg4OTMyODdkZWM4MjM1ODM4
NTFkNDNiODFkYWJhOTRlNjkwZTdhN2ZmNGU3Mzk2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNuixhaJS1JLuobxAFUBtBfJHBHgaB/oAL3UgCpU/ZYfq3
nL0b9CPS7XFWZLNv72xb0G2PWS+vZnOLKY9rGn5uPO5jZ/QI2fYRIU8CfHJUCfWD
4ySOSidsAVJN8pfqPRJ61FQ3oOmq6sSId8+9i9/X+H0q2Me/4eibt3wKSPAsMM8P
pbCkpCiLzhvlVMGD7SmgFJ93eI02rMIbyGFpPG8pNXVTbMfE+HstawvPBj8r0cre
D8XFw9pYXHO2JOEsCF3eycrQ43hHgqpcPCyb53o/OPrOf6MC2SK2pa6bh50KBkfB
m0sYnRvcPP3zAk/lW4oSorY3npSVUNa6yZrvRrDBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUTEBGiRuiSz567of5M2zm65+vkMUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlmYzc3MDFlLWEyODctNDdkNi1hNWIxLWQ4ZTcwMmY1YTlhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQTTANBgkqhkiG9w0BAQsFAAOCAQEARbXNbfDAfsaK9Qn4YswOw7wKuLaL
2vXt85pUFAmGfUUZ8JPRzyYCLLBG/pvRCxznaos93GI1kCfKeZ9fJRVC0DgkGKAo
Zv+wm13CRrZ9EckxuFxNyjzHpakBqgS+ZNEFJzkiTTFwNFXJN8tzfuOVS4IlmB3Z
yNpp8gdBk5C070POSQRo9hoNobrw7aJ4eHgrh945rvQEOpLsTq36ViS2AZhohwzl
fdLYhMCTGSrbHUBPGoIZZCACK1kBNx044VEPOdtFG93oiwAV4EL9nRRGRmOLY7A5
++BJOxzL9Emr2C1pVwdN4Bm7ZcKTGJRr18euH2QOeClCOQf6HY6BHgMUig==
-----END CERTIFICATE-----