Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/99668ca5-6a45-41c7-8fe3-0d5cd3cf7a5a.roa
File:                     99668ca5-6a45-41c7-8fe3-0d5cd3cf7a5a.roa (raw, json)
Hash identifier:          yqdo7mlhIP/UFbO5DVOzfhfTYoOfie5aqe5UGfhLsxM=
Subject key identifier:   2D:1B:1B:79:B7:AA:CB:B9:CA:88:85:2C:48:7B:DF:9C:0A:3D:23:DC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7CB01D9E89D1EED788766FB31D7F652B2B9D7816
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/99668ca5-6a45-41c7-8fe3-0d5cd3cf7a5a.roa
Signing time:             Wed 12 Nov 2025 00:10:45 +0000
ROA not before:           Wed 12 Nov 2025 00:10:45 +0000
ROA not after:            Wed 17 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        1.178.86.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:b0:1d:9e:89:d1:ee:d7:88:76:6f:b3:1d:7f:65:2b:2b:9d:78:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 12 00:10:45 2025 GMT
            Not After : Dec 17 23:59:59 2025 GMT
        Subject: serialNumber=61dd0f29bf1c4370da4d6c5e4b8eceefb503442642f3f5f5d3ffba52b8298c9e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:49:44:ac:35:2c:3e:96:2e:65:9a:fe:08:0d:
                    39:54:ee:95:0e:51:aa:eb:9a:9f:50:9f:89:72:7c:
                    56:fa:6b:5a:0d:d8:16:0b:a8:08:d0:56:fb:99:fe:
                    28:bc:81:fb:f7:da:5e:75:e3:f9:de:03:c5:72:86:
                    18:5b:2d:8a:75:b9:55:29:88:f5:b7:ba:da:e9:51:
                    cb:96:66:e2:ed:1a:63:12:92:44:ad:1f:cd:fa:95:
                    51:66:3c:1b:99:be:ab:1f:ac:bc:e7:91:ac:2f:0a:
                    d7:06:82:9f:12:bc:14:83:d3:ce:64:3c:85:ed:6f:
                    af:4c:e2:c9:1a:d3:54:d2:56:d5:96:15:84:dd:45:
                    b1:76:6f:21:58:58:74:04:19:18:32:de:fa:44:71:
                    a2:72:f4:6c:9e:d3:ec:cf:58:cc:a8:e3:43:fc:2c:
                    cd:4e:d7:9f:f7:1c:e6:94:e0:c6:48:d6:29:16:e1:
                    d1:5d:6e:46:09:37:33:07:a4:a9:2c:7e:77:2e:3f:
                    6c:0e:4f:eb:9c:bb:df:dd:5d:da:8e:cd:81:ed:6b:
                    b7:69:7c:10:a6:a4:dc:f0:5c:15:0b:ec:46:cc:09:
                    cd:8d:86:7c:2f:99:92:e0:3c:9b:13:b6:67:0c:39:
                    f9:00:60:1e:a1:fb:bc:c1:2b:7f:1c:0f:5e:8b:7b:
                    9a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:1B:1B:79:B7:AA:CB:B9:CA:88:85:2C:48:7B:DF:9C:0A:3D:23:DC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/99668ca5-6a45-41c7-8fe3-0d5cd3cf7a5a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  1.178.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:f8:b7:6e:d9:07:b7:d7:73:01:5d:37:9f:9e:e0:23:89:6e:
         58:cd:32:5d:2b:18:06:2a:b7:34:71:25:0e:c9:4d:e3:2b:59:
         b5:cf:ba:7e:9d:2d:9a:e1:4f:57:44:c3:16:42:11:2c:21:a2:
         6e:fe:ba:e1:5b:3e:d9:cf:0c:37:1a:79:a8:f3:78:31:15:a7:
         18:c2:8b:4c:1d:5f:e8:cb:6a:59:80:a4:98:d1:33:8d:10:6f:
         4b:73:3a:cf:cf:6f:8a:34:78:3d:e8:b0:09:2b:e0:14:df:1e:
         e3:5b:94:c8:bc:ea:73:7e:27:83:66:be:db:2f:c0:f2:0e:81:
         6b:6f:f1:2f:b3:c5:6f:0a:9a:e3:14:63:2c:00:8a:de:55:5c:
         f2:70:b0:38:5c:5b:33:bf:89:fe:a2:a9:80:03:51:e2:bf:71:
         e2:74:68:d5:f6:25:5e:13:a7:91:ec:8e:4f:62:b9:a3:70:d4:
         d4:79:ab:cb:d6:b7:f5:ea:98:5f:9b:54:7b:7d:9f:72:72:57:
         d4:93:72:3f:f7:56:a3:c6:bf:3c:86:9c:e9:c8:90:64:2c:0d:
         61:3c:a0:5e:72:2b:22:10:03:d3:56:02:fe:59:d7:a4:7c:72:
         2d:98:fc:b5:b1:14:f4:f5:76:6e:c8:0d:99:42:c2:28:50:1c:
         2d:6d:f4:0b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfLAdnonR7teIdm+zHX9lKyudeBYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTEyMDAxMDQ1WhcNMjUxMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MWRkMGYyOWJmMWM0MzcwZGE0ZDZjNWU0YjhlY2VlZmI1
MDM0NDI2NDJmM2Y1ZjVkM2ZmYmE1MmI4Mjk4YzllMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVSUSsNSw+li5lmv4IDTlU7pUOUarrmp9Qn4lyfFb6a1oN
2BYLqAjQVvuZ/ii8gfv32l514/neA8VyhhhbLYp1uVUpiPW3utrpUcuWZuLtGmMS
kkStH836lVFmPBuZvqsfrLznkawvCtcGgp8SvBSD085kPIXtb69M4ska01TSVtWW
FYTdRbF2byFYWHQEGRgy3vpEcaJy9Gye0+zPWMyo40P8LM1O15/3HOaU4MZI1ikW
4dFdbkYJNzMHpKksfncuP2wOT+ucu9/dXdqOzYHta7dpfBCmpNzwXBUL7EbMCc2N
hnwvmZLgPJsTtmcMOfkAYB6h+7zBK38cD16Le5ojAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULRsbebeqy7nKiIUsSHvfnAo9I9wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk5NjY4Y2E1LTZhNDUtNDFjNy04ZmUzLTBkNWNkM2NmN2E1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEBslYwDQYJKoZIhvcNAQELBQADggEBACX4t27ZB7fXcwFdN5+e4COJbljN
Ml0rGAYqtzRxJQ7JTeMrWbXPun6dLZrhT1dEwxZCESwhom7+uuFbPtnPDDcaeajz
eDEVpxjCi0wdX+jLalmApJjRM40Qb0tzOs/Pb4o0eD3osAkr4BTfHuNblMi86nN+
J4NmvtsvwPIOgWtv8S+zxW8KmuMUYywAit5VXPJwsDhcWzO/if6iqYADUeK/ceJ0
aNX2JV4Tp5Hsjk9iuaNw1NR5q8vWt/XqmF+bVHt9n3JyV9STcj/3VqPGvzyGnOnI
kGQsDWE8oF5yKyIQA9NWAv5Z16R8ci2Y/LWxFPT1dm7IDZlCwihQHC1t9As=
-----END CERTIFICATE-----