Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/45c2e527-9738-4594-aadb-f5b7380f4d86.roa
File:                     45c2e527-9738-4594-aadb-f5b7380f4d86.roa (raw, json)
Hash identifier:          SXtvTjoofM+ykSmKyXBMc4fGV6l5J/uPnAJQxwwLRc8=
Subject key identifier:   11:28:8B:4F:42:64:0A:CF:A3:8F:1E:16:AB:3C:79:8F:47:E6:EB:F4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1860E0A1DE81C68E0B6A8E3C5BDEE01D55FD0BC0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/45c2e527-9738-4594-aadb-f5b7380f4d86.roa
Signing time:             Sun 16 Nov 2025 00:10:39 +0000
ROA not before:           Sun 16 Nov 2025 00:10:39 +0000
ROA not after:            Sun 21 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.152.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:60:e0:a1:de:81:c6:8e:0b:6a:8e:3c:5b:de:e0:1d:55:fd:0b:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 16 00:10:39 2025 GMT
            Not After : Dec 21 23:59:59 2025 GMT
        Subject: serialNumber=110358cabe80d322cc2d80a3a6e578e3607f6b3277e069b99989aef4044aff98, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:97:c6:0a:eb:a7:33:b9:e3:e3:3c:bf:aa:6a:
                    1a:55:73:61:5f:f0:05:f1:03:db:47:90:fe:0f:26:
                    a5:20:62:be:18:8d:ca:47:19:0b:b7:a1:30:6f:01:
                    fa:fd:28:fc:6f:e7:eb:4c:f8:dd:6d:f1:30:07:66:
                    c3:cf:4c:a6:1e:de:3c:1c:60:07:2d:cb:43:9b:4d:
                    95:67:31:16:bb:f0:4b:41:ce:fe:02:9e:2d:dc:14:
                    4e:63:d5:5a:cd:bf:0d:dd:ad:11:09:96:e2:2c:99:
                    cb:8b:58:d7:26:f1:85:5c:7b:07:77:4b:e0:e9:cf:
                    86:a3:fb:51:ba:73:df:69:17:b1:bb:0e:95:f9:cd:
                    d5:4a:d7:b2:d1:04:1c:91:d6:6a:17:8e:54:7d:af:
                    15:e1:d0:ab:c0:fe:5c:64:ab:c6:e0:0f:a9:6e:4f:
                    39:ed:c5:74:3c:8f:df:62:ce:7b:12:97:48:7e:35:
                    b4:0c:1c:b6:4d:0b:87:94:2c:1d:fc:c7:34:9f:54:
                    52:67:47:43:fb:40:d2:a1:cf:2d:ab:ce:61:ec:32:
                    4a:24:de:a7:00:2e:b1:f7:b8:0c:12:6d:8f:51:23:
                    1f:a2:86:30:22:39:bc:9b:0a:d8:19:60:b4:fd:17:
                    a7:13:6e:32:cd:44:e4:e8:c2:e9:b9:67:28:c7:09:
                    a3:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:28:8B:4F:42:64:0A:CF:A3:8F:1E:16:AB:3C:79:8F:47:E6:EB:F4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/45c2e527-9738-4594-aadb-f5b7380f4d86.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:1a:27:4c:dd:0a:32:48:86:a8:77:bd:db:93:21:a8:bf:cd:
         c7:09:e5:da:30:b6:3e:31:0c:45:20:3a:9b:d5:15:56:5c:03:
         e7:56:ad:02:5c:f8:4a:2e:73:72:81:88:89:06:d4:2b:1f:5b:
         38:dd:5e:1c:4d:a5:f7:e8:02:3c:7d:59:7d:84:2f:46:6e:e5:
         3c:76:08:47:d6:e6:b6:03:8d:1c:85:b0:c2:b3:73:26:5d:4c:
         a5:91:f3:4e:d2:af:1c:e1:de:26:33:ae:f0:94:b1:bc:32:df:
         22:0f:8f:42:fd:7c:5f:93:a6:54:39:7c:c7:7b:e5:df:6f:e3:
         f8:2d:ca:84:9a:79:30:b6:5f:96:4d:da:d6:71:0b:bb:d2:2d:
         e3:74:3e:e7:d3:08:95:4d:60:6e:89:44:15:ad:7d:7e:35:53:
         4f:7f:67:04:59:91:de:b5:c8:58:76:d0:01:9e:0f:95:c1:8f:
         a7:8d:6b:f7:dc:3c:a8:f1:68:c3:e2:87:5a:4f:d2:2c:ef:d5:
         29:be:9e:d4:e7:79:49:39:fd:28:f2:00:f5:ea:bf:11:5b:d1:
         2d:7d:03:ca:35:a6:06:59:f2:f2:66:c9:d7:81:28:2f:26:03:
         1d:92:01:ed:52:8b:f3:9d:b9:6b:4a:da:92:6e:4d:01:70:9d:
         57:66:28:b4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGGDgod6Bxo4Lao48W97gHVX9C8AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE2MDAxMDM5WhcNMjUxMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMTAzNThjYWJlODBkMzIyY2MyZDgwYTNhNmU1NzhlMzYw
N2Y2YjMyNzdlMDY5Yjk5OTg5YWVmNDA0NGFmZjk4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtl8YK66czuePjPL+qahpVc2Ff8AXxA9tHkP4PJqUgYr4Y
jcpHGQu3oTBvAfr9KPxv5+tM+N1t8TAHZsPPTKYe3jwcYActy0ObTZVnMRa78EtB
zv4Cni3cFE5j1VrNvw3drREJluIsmcuLWNcm8YVcewd3S+Dpz4aj+1G6c99pF7G7
DpX5zdVK17LRBByR1moXjlR9rxXh0KvA/lxkq8bgD6luTzntxXQ8j99iznsSl0h+
NbQMHLZNC4eULB38xzSfVFJnR0P7QNKhzy2rzmHsMkok3qcALrH3uAwSbY9RIx+i
hjAiObybCtgZYLT9F6cTbjLNROTowum5ZyjHCaPdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUESiLT0JkCs+jjx4Wqzx5j0fm6/QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ1YzJlNTI3LTk3MzgtNDU5NC1hYWRiLWY1YjczODBmNGQ4Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTZgwDQYJKoZIhvcNAQELBQADggEBAC0aJ0zdCjJIhqh3vduTIai/zccJ
5dowtj4xDEUgOpvVFVZcA+dWrQJc+Eouc3KBiIkG1CsfWzjdXhxNpffoAjx9WX2E
L0Zu5Tx2CEfW5rYDjRyFsMKzcyZdTKWR807Srxzh3iYzrvCUsbwy3yIPj0L9fF+T
plQ5fMd75d9v4/gtyoSaeTC2X5ZN2tZxC7vSLeN0PufTCJVNYG6JRBWtfX41U09/
ZwRZkd61yFh20AGeD5XBj6eNa/fcPKjxaMPih1pP0izv1Sm+ntTneUk5/SjyAPXq
vxFb0S19A8o1pgZZ8vJmydeBKC8mAx2SAe1Si/OduWtK2pJuTQFwnVdmKLQ=
-----END CERTIFICATE-----