Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ab14272b-8d62-463c-9830-7c5b41bb76ca.roa
File:                     ab14272b-8d62-463c-9830-7c5b41bb76ca.roa (raw, json)
Hash identifier:          32gnSiNUw7Ld666ObnCBjarOlcE6kKvL0UdleYo9W+w=
Subject key identifier:   4D:EA:80:52:43:D6:88:E1:D3:B6:E9:38:89:9F:C7:54:87:F0:CA:7D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7C7F5A042939B7E002185F5EB39E1AC5818EBA14
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ab14272b-8d62-463c-9830-7c5b41bb76ca.roa
Signing time:             Tue 30 Sep 2025 00:02:55 +0000
ROA not before:           Tue 30 Sep 2025 00:02:55 +0000
ROA not after:            Tue 04 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.102.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:7f:5a:04:29:39:b7:e0:02:18:5f:5e:b3:9e:1a:c5:81:8e:ba:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 30 00:02:55 2025 GMT
            Not After : Nov  4 23:59:59 2025 GMT
        Subject: serialNumber=9206389baab922ea3abf23ba029806689f44a24af06230c67e184c5fdd5ee086, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:d1:46:aa:be:1f:63:b4:47:32:b2:ca:e0:3c:
                    fd:0d:3b:5e:cb:0c:5a:8d:d1:c9:af:45:f8:f9:c4:
                    5c:35:af:8d:0c:ed:d0:e3:eb:16:8a:0b:e2:01:09:
                    2d:32:55:e6:66:38:cf:5c:40:00:54:7f:d9:f0:fb:
                    32:50:c4:97:e6:39:2f:c6:61:0f:d7:b4:ab:f5:f8:
                    dc:52:cc:92:ec:25:40:84:11:a8:9f:ce:16:d8:fa:
                    87:9b:f7:1f:f3:3c:70:35:9e:b4:97:cb:c4:2d:45:
                    cf:38:24:1f:3e:9e:07:17:d7:43:2a:0d:2f:9b:c9:
                    be:38:25:13:a3:74:39:49:19:d2:cb:ce:9a:5f:48:
                    7b:e3:ee:d4:8f:88:3c:90:64:51:8b:e8:61:38:78:
                    0e:86:cd:4e:9e:af:be:e7:95:29:ed:e7:cb:fd:e2:
                    e5:21:cd:b3:8f:3f:8b:b3:78:d0:b6:05:a3:9e:7f:
                    d3:9d:f1:6b:b0:7f:13:7c:f1:24:55:ff:e1:b6:5e:
                    40:2e:00:d1:7d:b5:13:44:f6:8d:d4:53:94:69:6a:
                    d3:3e:37:ac:e5:db:30:33:70:95:ff:80:46:e7:44:
                    56:02:42:9f:cd:87:0b:2e:ac:d7:57:f3:1a:72:69:
                    76:07:bb:24:3e:f4:51:80:72:af:af:30:8b:6b:c9:
                    50:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:EA:80:52:43:D6:88:E1:D3:B6:E9:38:89:9F:C7:54:87:F0:CA:7D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ab14272b-8d62-463c-9830-7c5b41bb76ca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.102.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c4:f2:3e:5f:93:e9:a7:4c:af:2a:0d:ce:de:27:bb:d3:a6:3f:
         c6:70:ae:41:79:8d:4e:15:34:7d:dc:c0:85:17:1c:08:47:dd:
         a7:72:1d:81:a4:09:8a:3d:3b:e1:88:30:e8:89:09:18:9d:f5:
         be:f8:65:5b:70:7a:25:79:3d:d9:50:61:9e:b5:1d:0d:97:71:
         c0:0e:a4:05:98:68:0a:3b:97:2d:12:3e:92:ec:2d:a7:3f:67:
         86:9c:80:30:19:3d:24:55:43:9d:dc:2f:96:99:aa:b3:02:7b:
         3f:23:06:ab:eb:73:f4:81:d1:c1:40:70:e5:4b:3a:0c:33:ac:
         8b:fb:10:55:21:ab:c3:21:b7:1c:df:22:55:4b:06:a3:fd:ff:
         88:3c:19:d5:23:99:0d:1a:c2:80:77:0a:78:ae:0d:1e:9e:d8:
         2c:a5:a6:24:73:6e:fe:2d:6b:67:90:30:90:57:68:91:9f:65:
         83:0f:cb:71:92:c0:65:98:cf:63:f8:c6:a6:85:05:4d:e6:54:
         df:b6:85:7f:c1:38:61:6c:63:32:dd:5a:af:b0:0e:8d:5f:5e:
         45:87:a6:1c:cc:d5:60:c4:d6:a9:78:1f:5e:f4:26:67:a0:31:
         52:7a:aa:0d:91:a5:3f:8a:7e:e6:2a:09:72:05:c2:00:76:4a:
         11:13:2b:0f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUfH9aBCk5t+ACGF9es54axYGOuhQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTMwMDAwMjU1WhcNMjUxMTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MjA2Mzg5YmFhYjkyMmVhM2FiZjIzYmEwMjk4MDY2ODlm
NDRhMjRhZjA2MjMwYzY3ZTE4NGM1ZmRkNWVlMDg2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDR0Uaqvh9jtEcyssrgPP0NO17LDFqN0cmvRfj5xFw1r40M
7dDj6xaKC+IBCS0yVeZmOM9cQABUf9nw+zJQxJfmOS/GYQ/XtKv1+NxSzJLsJUCE
EaifzhbY+oeb9x/zPHA1nrSXy8QtRc84JB8+ngcX10MqDS+byb44JROjdDlJGdLL
zppfSHvj7tSPiDyQZFGL6GE4eA6GzU6er77nlSnt58v94uUhzbOPP4uzeNC2BaOe
f9Od8WuwfxN88SRV/+G2XkAuANF9tRNE9o3UU5RpatM+N6zl2zAzcJX/gEbnRFYC
Qp/NhwsurNdX8xpyaXYHuyQ+9FGAcq+vMItryVCXAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUTeqAUkPWiOHTtuk4iZ/HVIfwyn0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FiMTQyNzJiLThkNjItNDYzYy05ODMwLTdjNWI0MWJiNzZjYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQZjANBgkqhkiG9w0BAQsFAAOCAQEAxPI+X5Ppp0yvKg3O3ie706Y/xnCu
QXmNThU0fdzAhRccCEfdp3IdgaQJij074Ygw6IkJGJ31vvhlW3B6JXk92VBhnrUd
DZdxwA6kBZhoCjuXLRI+kuwtpz9nhpyAMBk9JFVDndwvlpmqswJ7PyMGq+tz9IHR
wUBw5Us6DDOsi/sQVSGrwyG3HN8iVUsGo/3/iDwZ1SOZDRrCgHcKeK4NHp7YLKWm
JHNu/i1rZ5AwkFdokZ9lgw/LcZLAZZjPY/jGpoUFTeZU37aFf8E4YWxjMt1ar7AO
jV9eRYemHMzVYMTWqXgfXvQmZ6AxUnqqDZGlP4p+5ioJcgXCAHZKERMrDw==
-----END CERTIFICATE-----