Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f1333b09-ab13-4cea-a083-8bb75228384e.roa
File:                     f1333b09-ab13-4cea-a083-8bb75228384e.roa (raw, json)
Hash identifier:          OQizPvIkE+65t9+grMi3mxTgjSpQ/Va5rM43j4pP1sA=
Subject key identifier:   11:BE:BE:3B:4F:53:EE:50:E3:EF:C8:FF:8D:B5:DA:E0:E9:E8:C4:A9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       77E5B3CB69D20722D5809E11655E76D56810614B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f1333b09-ab13-4cea-a083-8bb75228384e.roa
Signing time:             Sun 02 Nov 2025 00:31:21 +0000
ROA not before:           Sun 02 Nov 2025 00:31:21 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.84.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:e5:b3:cb:69:d2:07:22:d5:80:9e:11:65:5e:76:d5:68:10:61:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:31:21 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=04a5d3306d6f66e81bda25047af003a8c2f90556b3adeca3176096828bcf99d0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:23:4c:3e:92:ad:b5:54:61:c9:21:50:14:e5:
                    c0:7b:29:92:4a:9c:4a:fd:f7:c5:5c:d9:9b:96:b4:
                    2e:4a:da:4f:3f:59:1c:80:b8:98:77:45:1d:cd:04:
                    05:6d:a7:5b:97:99:e9:a9:37:31:f6:4c:c1:be:6c:
                    9d:d8:62:1a:0f:cc:02:2f:07:06:2e:1f:66:c6:66:
                    70:25:24:a0:64:51:14:e6:0d:38:c3:32:b5:b8:41:
                    49:0f:8d:97:c6:e8:f1:19:93:2a:d0:2b:1a:31:98:
                    bf:5b:4d:84:52:41:b1:8a:23:2a:86:71:9f:c7:ce:
                    93:58:11:c3:7f:60:54:66:9f:e3:4c:c1:2f:19:99:
                    83:c1:ab:e5:a9:45:3d:ce:4c:9c:ed:1b:78:41:74:
                    ed:c5:91:b5:44:1d:27:8f:8e:ec:5d:5a:a6:81:5b:
                    fd:98:a6:73:ce:42:05:e7:16:ea:94:06:54:70:74:
                    7d:a9:15:2f:ad:11:22:cd:e8:a9:50:f3:52:8a:e2:
                    f5:02:4e:44:ca:a9:87:71:85:18:6c:9a:70:98:cb:
                    56:02:bc:7e:2d:64:51:c6:d4:b9:9d:4c:9a:e1:6e:
                    9b:9f:7d:8a:e4:30:91:9f:a9:5b:a5:20:64:4d:5b:
                    37:ab:c3:5b:c5:7c:79:68:e6:cf:63:3d:d1:f3:1b:
                    d7:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:BE:BE:3B:4F:53:EE:50:E3:EF:C8:FF:8D:B5:DA:E0:E9:E8:C4:A9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f1333b09-ab13-4cea-a083-8bb75228384e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.84.0/23

    Signature Algorithm: sha256WithRSAEncryption
         95:a6:b3:2b:67:9e:ff:2f:bc:ce:6f:bb:48:3b:b1:ee:2f:f1:
         23:26:d2:16:c9:5d:da:80:e2:79:d4:cc:c4:3e:d9:5c:28:7a:
         b1:ed:4d:06:f2:21:ae:5d:1d:0d:e8:35:52:e8:82:16:fb:a5:
         db:ba:7d:88:8c:ca:34:8f:9e:80:7e:15:3f:c7:ef:e5:78:07:
         8c:34:9e:d2:07:16:64:c9:f9:f9:d6:3b:fd:94:2f:02:97:6a:
         f5:83:2b:b8:46:d5:c3:fc:97:b9:1c:cb:41:c1:6a:a6:78:13:
         65:20:e8:80:89:32:cb:2a:52:1a:53:2a:87:50:e7:ad:8d:6d:
         4d:f4:70:cd:9c:f8:63:ad:aa:c1:69:26:48:fd:93:c3:ce:2f:
         74:37:0d:5e:31:fd:61:ba:96:34:d6:a5:c6:84:f3:79:5d:1c:
         10:4f:ff:f3:ed:b4:a8:1e:77:80:4b:81:dd:e7:1d:06:93:0f:
         ca:c5:1c:1e:fb:a0:4b:b5:06:64:ee:42:b2:75:f1:bc:67:83:
         a6:31:b3:c0:42:cc:9d:4c:a5:0b:55:ce:94:16:9b:f4:5b:ee:
         cd:91:77:e9:aa:19:b5:ed:c9:5f:c8:21:92:12:61:f8:2d:7b:
         14:ba:aa:fd:21:2e:74:cc:aa:34:09:41:48:f3:a5:78:56:16:
         4c:df:14:95
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUd+Wzy2nSByLVgJ4RZV521WgQYUswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDAzMTIxWhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNGE1ZDMzMDZkNmY2NmU4MWJkYTI1MDQ3YWYwMDNhOGMy
ZjkwNTU2YjNhZGVjYTMxNzYwOTY4MjhiY2Y5OWQwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3I0w+kq21VGHJIVAU5cB7KZJKnEr998Vc2ZuWtC5K2k8/
WRyAuJh3RR3NBAVtp1uXmempNzH2TMG+bJ3YYhoPzAIvBwYuH2bGZnAlJKBkURTm
DTjDMrW4QUkPjZfG6PEZkyrQKxoxmL9bTYRSQbGKIyqGcZ/HzpNYEcN/YFRmn+NM
wS8ZmYPBq+WpRT3OTJztG3hBdO3FkbVEHSePjuxdWqaBW/2YpnPOQgXnFuqUBlRw
dH2pFS+tESLN6KlQ81KK4vUCTkTKqYdxhRhsmnCYy1YCvH4tZFHG1LmdTJrhbpuf
fYrkMJGfqVulIGRNWzerw1vFfHlo5s9jPdHzG9cJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEb6+O09T7lDj78j/jbXa4OnoxKkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YxMzMzYjA5LWFiMTMtNGNlYS1hMDgzLThiYjc1MjI4Mzg0ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFjl1QwDQYJKoZIhvcNAQELBQADggEBAJWmsytnnv8vvM5vu0g7se4v8SMm
0hbJXdqA4nnUzMQ+2VwoerHtTQbyIa5dHQ3oNVLoghb7pdu6fYiMyjSPnoB+FT/H
7+V4B4w0ntIHFmTJ+fnWO/2ULwKXavWDK7hG1cP8l7kcy0HBaqZ4E2Ug6ICJMssq
UhpTKodQ562NbU30cM2c+GOtqsFpJkj9k8POL3Q3DV4x/WG6ljTWpcaE83ldHBBP
//PttKged4BLgd3nHQaTD8rFHB77oEu1BmTuQrJ18bxng6Yxs8BCzJ1MpQtVzpQW
m/Rb7s2Rd+mqGbXtyV/IIZISYfgtexS6qv0hLnTMqjQJQUjzpXhWFkzfFJU=
-----END CERTIFICATE-----