Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/232545d3-dcc7-4f04-bb6d-1d3d9c17d37d.roa
File:                     232545d3-dcc7-4f04-bb6d-1d3d9c17d37d.roa (raw, json)
Hash identifier:          krGOlYUZazYnw3IpxH6x43/ua6NYNo2KpekkeLKi+uQ=
Subject key identifier:   0F:EC:B4:CA:D5:D0:8A:F2:CE:6D:50:24:0E:3D:DB:92:9D:43:49:46
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       101EDD8378C248015881D6A0EFA5C7265853A9B1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/232545d3-dcc7-4f04-bb6d-1d3d9c17d37d.roa
Signing time:             Sun 16 Nov 2025 00:01:38 +0000
ROA not before:           Sun 16 Nov 2025 00:01:38 +0000
ROA not after:            Sun 21 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.148.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:1e:dd:83:78:c2:48:01:58:81:d6:a0:ef:a5:c7:26:58:53:a9:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 16 00:01:38 2025 GMT
            Not After : Dec 21 23:59:59 2025 GMT
        Subject: serialNumber=df2789bc051d3f5a4ccd9b5b4297cd3077f9f8b25f7f9da1fc90c7099da9732a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:2e:fd:ac:1d:df:90:45:8c:e0:45:dc:48:f9:
                    96:78:6a:d3:40:c9:52:09:42:87:85:11:8c:34:7a:
                    aa:a8:05:2e:08:fa:f9:78:34:b7:2a:2c:27:de:57:
                    32:74:1d:a7:bf:a5:52:f5:e1:c2:b8:45:e2:98:fc:
                    e9:f5:41:60:17:14:09:40:53:c1:98:fc:9d:08:3a:
                    c6:9c:df:1e:97:57:bd:65:c2:8d:d9:40:38:e7:7d:
                    2a:55:63:27:27:97:77:12:4d:5a:cd:1f:df:ba:ff:
                    bd:68:eb:a2:e9:0f:5c:fd:fd:af:d0:7d:19:e6:a7:
                    f7:90:57:e3:46:cb:17:9e:9d:6c:c2:90:8a:7b:61:
                    de:09:60:82:d3:6c:66:a4:dd:c3:d0:67:96:ae:67:
                    f2:74:46:f7:da:46:ff:cd:cb:72:4f:09:a8:3e:c1:
                    04:b2:54:9d:a0:d7:a1:7b:97:71:ce:83:23:cd:4d:
                    39:92:bd:a4:8d:33:8a:dc:6d:65:20:bf:87:2c:29:
                    4d:24:3e:38:07:b3:f5:6e:c7:90:80:25:da:e9:0f:
                    69:3f:97:ae:b4:31:4f:2d:fb:e2:d7:a3:ed:c2:20:
                    b6:9f:19:3a:80:2f:be:fc:d8:4f:f7:c1:99:cb:9c:
                    68:94:55:a2:95:9f:dc:89:ba:5a:1d:a7:5d:7d:36:
                    10:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:EC:B4:CA:D5:D0:8A:F2:CE:6D:50:24:0E:3D:DB:92:9D:43:49:46
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/232545d3-dcc7-4f04-bb6d-1d3d9c17d37d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:95:25:43:41:78:57:74:24:7d:c9:4b:af:9b:07:88:2f:aa:
         51:26:a3:a9:e8:0a:a8:4d:f4:91:7f:ec:c9:f6:4d:6d:3d:53:
         63:a1:78:c2:17:dc:04:ac:5d:88:66:77:ce:81:08:95:db:e2:
         c5:76:de:6f:a2:d8:58:d6:bb:34:25:75:40:37:be:83:f9:e5:
         6f:9c:37:84:80:0d:cc:d9:20:01:1e:29:f3:a0:72:98:d1:a2:
         cc:73:33:d4:72:10:98:7a:ed:28:ca:ab:9f:bf:10:13:68:77:
         58:20:c5:a7:2d:f3:ea:dc:20:40:9b:4c:bf:7d:23:e1:35:22:
         83:69:59:ea:f9:fd:7b:d4:97:ff:e3:b8:37:b9:55:e8:10:3c:
         b9:7b:99:6d:e9:dd:0d:8c:fe:c7:7f:58:2a:2c:6d:e4:91:12:
         01:3a:07:e9:8d:7e:d7:4f:f8:34:ac:5c:26:a5:eb:2a:19:53:
         80:52:5f:1b:b9:41:d9:cb:60:9f:e5:c1:fd:8f:7c:c6:6a:5e:
         01:41:a5:98:00:c7:0b:10:7f:58:8e:df:28:d9:fd:3b:b5:30:
         6c:36:5c:96:19:a7:8e:be:cb:7e:bd:70:ba:19:97:8f:dd:e0:
         6f:da:4b:05:71:79:7e:98:de:8e:11:c6:df:86:42:ab:73:91:
         fe:e3:61:3b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEB7dg3jCSAFYgdag76XHJlhTqbEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE2MDAwMTM4WhcNMjUxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BkZjI3ODliYzA1MWQzZjVhNGNjZDliNWI0Mjk3Y2QzMDc3
ZjlmOGIyNWY3ZjlkYTFmYzkwYzcwOTlkYTk3MzJhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1Lv2sHd+QRYzgRdxI+ZZ4atNAyVIJQoeFEYw0eqqoBS4I
+vl4NLcqLCfeVzJ0Hae/pVL14cK4ReKY/On1QWAXFAlAU8GY/J0IOsac3x6XV71l
wo3ZQDjnfSpVYycnl3cSTVrNH9+6/71o66LpD1z9/a/QfRnmp/eQV+NGyxeenWzC
kIp7Yd4JYILTbGak3cPQZ5auZ/J0RvfaRv/Ny3JPCag+wQSyVJ2g16F7l3HOgyPN
TTmSvaSNM4rcbWUgv4csKU0kPjgHs/Vux5CAJdrpD2k/l660MU8t++LXo+3CILaf
GTqAL7782E/3wZnLnGiUVaKVn9yJulodp119NhBtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUD+y0ytXQivLObVAkDj3bkp1DSUYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIzMjU0NWQzLWRjYzctNGYwNC1iYjZkLTFkM2Q5YzE3ZDM3ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTZQwDQYJKoZIhvcNAQELBQADggEBACSVJUNBeFd0JH3JS6+bB4gvqlEm
o6noCqhN9JF/7Mn2TW09U2OheMIX3ASsXYhmd86BCJXb4sV23m+i2FjWuzQldUA3
voP55W+cN4SADczZIAEeKfOgcpjRosxzM9RyEJh67SjKq5+/EBNod1ggxact8+rc
IECbTL99I+E1IoNpWer5/XvUl//juDe5VegQPLl7mW3p3Q2M/sd/WCosbeSREgE6
B+mNftdP+DSsXCal6yoZU4BSXxu5QdnLYJ/lwf2PfMZqXgFBpZgAxwsQf1iO3yjZ
/Tu1MGw2XJYZp46+y369cLoZl4/d4G/aSwVxeX6Y3o4Rxt+GQqtzkf7jYTs=
-----END CERTIFICATE-----