Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/259d77c8-b072-4d7a-bc33-ac5ef1fadfeb.roa
File:                     259d77c8-b072-4d7a-bc33-ac5ef1fadfeb.roa (raw, json)
Hash identifier:          vUuVpLmRflE8mhTlnvuG0fg0ii6KxOll/yCExbdovt4=
Subject key identifier:   A9:F0:8D:7E:33:2A:E4:AB:42:5C:40:61:94:03:A5:39:3A:7D:39:85
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       64BD4805892D378C4E4A69F1C88F649741C223BC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/259d77c8-b072-4d7a-bc33-ac5ef1fadfeb.roa
Signing time:             Tue 18 Nov 2025 00:11:39 +0000
ROA not before:           Tue 18 Nov 2025 00:11:39 +0000
ROA not after:            Mon 16 Feb 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        98.88.0.0/13 maxlen: 13
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:bd:48:05:89:2d:37:8c:4e:4a:69:f1:c8:8f:64:97:41:c2:23:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 18 00:11:39 2025 GMT
            Not After : Feb 16 23:59:59 2026 GMT
        Subject: serialNumber=df8d57f615b0b194f12826dd2e7eb21a650cbbb68eb9ff41a9f9dd2be3cbb0aa, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:8d:c4:d8:5b:43:11:d9:86:d8:93:b6:da:dd:
                    b7:04:50:95:56:8f:df:d2:b3:27:2d:fd:bc:c1:7b:
                    6d:83:60:b8:ca:e0:fb:f3:60:4e:30:c4:49:a1:b4:
                    53:37:d0:b3:74:04:47:b7:e6:53:4c:ef:e8:8d:8e:
                    67:87:79:f9:45:51:e4:36:00:af:c6:f3:75:10:71:
                    00:0d:5d:18:82:44:6d:5c:54:28:1d:1d:a4:39:1d:
                    99:01:8b:01:b8:2c:6a:55:69:4f:86:91:81:3c:44:
                    72:0e:e6:9f:f5:00:e0:93:fb:b4:6a:ae:6c:92:79:
                    73:40:8f:36:58:6a:55:3e:29:90:e5:a1:4d:68:dc:
                    db:f8:ca:08:05:79:a2:c3:45:c1:f8:58:24:6d:c9:
                    34:9e:58:62:08:30:07:56:f5:05:68:21:43:7f:69:
                    f3:26:f7:17:2a:d3:e6:19:79:d8:21:de:f3:80:40:
                    b3:b1:a7:e5:77:6f:df:a9:c6:08:ec:3a:b7:ac:a2:
                    fe:31:c7:a1:dd:ad:e1:55:ea:06:b3:3c:af:8e:63:
                    61:f6:1e:e5:77:f3:d4:7c:40:a6:63:01:fc:ea:06:
                    ae:8c:39:d5:16:a7:8f:cf:9c:96:ab:e5:b9:84:47:
                    9f:70:ca:30:2c:08:a3:98:24:15:cb:f2:87:7d:6f:
                    12:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:F0:8D:7E:33:2A:E4:AB:42:5C:40:61:94:03:A5:39:3A:7D:39:85
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/259d77c8-b072-4d7a-bc33-ac5ef1fadfeb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  98.88.0.0/13

    Signature Algorithm: sha256WithRSAEncryption
         20:9e:bd:a5:e6:2e:9c:ac:22:d9:09:39:16:ca:71:34:6c:89:
         9d:26:96:27:45:1a:ae:07:ae:79:c7:12:b1:45:4e:fb:be:b6:
         69:22:c9:48:a7:0a:46:4e:58:c9:62:42:fe:c1:ee:6a:ff:52:
         88:55:b4:9b:33:52:6a:90:3b:3b:9e:00:e0:65:8b:28:b8:4b:
         03:e2:2f:17:e9:11:c6:19:44:9c:9b:2b:01:59:d8:8d:20:32:
         a6:69:a2:2d:ac:12:a3:cd:db:af:ef:eb:3e:ba:33:80:f7:61:
         f7:eb:79:e5:28:63:20:a7:d1:37:fe:25:1e:39:f6:28:62:8e:
         42:b1:c0:1e:c0:5c:b5:6a:82:79:50:ff:63:df:08:67:3d:4b:
         72:7f:60:02:c3:09:54:f7:fb:5b:e7:e3:24:b7:7b:33:6b:ae:
         8f:f0:b6:d3:65:e7:7d:3d:69:b4:0a:b0:f4:33:d9:a6:a9:85:
         4a:c6:44:28:4b:41:d3:31:7f:bd:ea:5e:35:7f:72:77:8a:1a:
         84:a4:89:62:6a:a5:78:2e:82:b9:ba:78:bf:21:97:d9:df:3f:
         2d:a2:d9:76:a1:d7:ea:39:95:2a:9c:17:37:0d:aa:28:bb:1c:
         06:3b:27:f8:6f:26:63:75:ad:64:fd:83:39:4a:bc:66:c6:c4:
         c7:c5:d9:34
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUZL1IBYktN4xOSmnxyI9kl0HCI7wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE4MDAxMTM5WhcNMjYwMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZjhkNTdmNjE1YjBiMTk0ZjEyODI2ZGQyZTdlYjIxYTY1
MGNiYmI2OGViOWZmNDFhOWY5ZGQyYmUzY2JiMGFhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkjcTYW0MR2YbYk7ba3bcEUJVWj9/Ssyct/bzBe22DYLjK
4PvzYE4wxEmhtFM30LN0BEe35lNM7+iNjmeHeflFUeQ2AK/G83UQcQANXRiCRG1c
VCgdHaQ5HZkBiwG4LGpVaU+GkYE8RHIO5p/1AOCT+7RqrmySeXNAjzZYalU+KZDl
oU1o3Nv4yggFeaLDRcH4WCRtyTSeWGIIMAdW9QVoIUN/afMm9xcq0+YZedgh3vOA
QLOxp+V3b9+pxgjsOresov4xx6HdreFV6gazPK+OY2H2HuV389R8QKZjAfzqBq6M
OdUWp4/PnJar5bmER59wyjAsCKOYJBXL8od9bxJPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUqfCNfjMq5KtCXEBhlAOlOTp9OYUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI1OWQ3N2M4LWIwNzItNGQ3YS1iYzMzLWFjNWVmMWZhZGZlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwNiWDANBgkqhkiG9w0BAQsFAAOCAQEAIJ69peYunKwi2Qk5FspxNGyJnSaW
J0UargeueccSsUVO+762aSLJSKcKRk5YyWJC/sHuav9SiFW0mzNSapA7O54A4GWL
KLhLA+IvF+kRxhlEnJsrAVnYjSAypmmiLawSo83br+/rProzgPdh9+t55ShjIKfR
N/4lHjn2KGKOQrHAHsBctWqCeVD/Y98IZz1Lcn9gAsMJVPf7W+fjJLd7M2uuj/C2
02XnfT1ptAqw9DPZpqmFSsZEKEtB0zF/vepeNX9yd4oahKSJYmqleC6Cubp4vyGX
2d8/LaLZdqHX6jmVKpwXNw2qKLscBjsn+G8mY3WtZP2DOUq8ZsbEx8XZNA==
-----END CERTIFICATE-----