Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f2f664cf-8e1a-45a6-8d3b-99d9b7a40e41.roa
File:                     f2f664cf-8e1a-45a6-8d3b-99d9b7a40e41.roa (raw, json)
Hash identifier:          JTUjaAobD+GLvkWEn3CqWIurppYxGbQDJgd+59KOkRc=
Subject key identifier:   9F:D9:5D:06:D2:7A:26:7C:B7:5D:5C:F0:8C:E9:DD:D9:3D:BE:4B:24
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4FD4E52E26731722F7119863B938E38FFAE71ED8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f2f664cf-8e1a-45a6-8d3b-99d9b7a40e41.roa
Signing time:             Tue 18 Nov 2025 00:00:10 +0000
ROA not before:           Tue 18 Nov 2025 00:00:10 +0000
ROA not after:            Mon 16 Feb 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        98.88.14.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:d4:e5:2e:26:73:17:22:f7:11:98:63:b9:38:e3:8f:fa:e7:1e:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 18 00:00:10 2025 GMT
            Not After : Feb 16 23:59:59 2026 GMT
        Subject: serialNumber=a1a0856a7c9ac9ce7c2229c16ccc6f67325ef989e04df2412cede1ce0e83dd16, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f6:11:de:c5:df:36:d7:07:33:39:bf:0d:6b:
                    d9:31:65:7f:3a:e2:03:28:0c:4f:21:9d:bc:6d:45:
                    6a:29:94:e1:49:5e:e9:99:1a:c5:1e:65:95:55:b8:
                    10:e2:65:d8:b0:13:f1:24:25:17:66:26:a3:b0:54:
                    ce:84:13:e2:1c:a4:c5:d6:f6:86:61:ec:4e:07:21:
                    a1:af:1e:71:b1:af:c5:07:fd:c5:5e:a1:b9:c2:24:
                    fe:ff:4f:75:33:d5:82:ee:06:bf:49:67:78:81:5f:
                    34:3b:87:c3:d5:79:f7:a2:43:15:8a:d0:8d:7d:02:
                    f0:45:0c:51:7a:a1:27:fa:b6:6a:44:41:ef:35:ad:
                    8c:ae:9c:db:a1:d0:c4:95:4b:85:91:42:f2:f0:65:
                    ad:28:61:c2:3f:cf:e8:ea:32:21:98:ae:fb:15:d7:
                    7c:52:c3:2c:15:cf:52:8d:9b:5e:0c:e7:36:df:a5:
                    47:d6:99:94:60:bf:28:0a:48:6e:6d:84:c7:d4:7e:
                    7d:cf:c7:27:94:9d:de:7b:ea:7e:5a:59:64:db:a3:
                    95:28:f0:1e:7a:2b:61:f6:d8:f1:24:d8:d4:84:da:
                    5b:3b:33:52:69:24:a7:a7:8d:ec:21:31:ef:1e:ef:
                    55:67:22:8f:da:fd:3e:4c:67:b4:2a:18:da:4f:19:
                    b5:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:D9:5D:06:D2:7A:26:7C:B7:5D:5C:F0:8C:E9:DD:D9:3D:BE:4B:24
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f2f664cf-8e1a-45a6-8d3b-99d9b7a40e41.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  98.88.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:c8:ce:10:f1:7e:7c:6e:37:f8:12:b8:e6:d7:6d:2e:08:c5:
         7c:c6:85:e1:b6:45:91:e3:75:84:dc:6f:a2:97:49:c4:e1:9b:
         ea:b8:e1:e0:8c:ad:a3:e3:86:59:7b:b4:51:d9:08:52:f2:5f:
         96:9c:20:e8:b4:99:f2:91:36:48:b7:85:c3:58:d6:6a:54:8e:
         7b:cf:04:3e:9d:ab:d8:85:b3:ca:fe:68:fe:44:b6:94:51:48:
         e4:66:93:e3:9d:22:ca:f5:c3:4b:53:de:b2:ec:67:f6:55:74:
         49:46:0d:49:ec:60:9e:f4:b7:b3:7e:39:f5:d9:e8:fc:41:6c:
         89:c9:a0:44:35:27:26:77:f5:db:ac:ee:5c:76:e1:60:c8:a5:
         b3:50:f5:e7:03:d4:27:08:d1:0e:ca:fc:a7:a5:cb:c6:3f:7a:
         98:d0:46:be:06:9d:a5:a0:58:2e:28:fc:a3:6d:4d:35:79:e3:
         60:cb:19:ab:21:cd:d1:07:1e:1e:dc:be:d1:7d:8e:3f:c6:d2:
         f4:f4:f8:4e:01:b8:f0:56:28:74:b5:ed:7f:d8:1f:41:4b:a4:
         46:17:a5:dd:50:94:7a:e7:7c:64:9b:46:21:1a:a9:f2:c8:8f:
         ed:ca:c3:66:a5:87:c3:2c:77:4b:8e:2b:c5:67:e5:99:46:70:
         14:35:cd:e1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUT9TlLiZzFyL3EZhjuTjjj/rnHtgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTE4MDAwMDEwWhcNMjYwMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMWEwODU2YTdjOWFjOWNlN2MyMjI5YzE2Y2NjNmY2NzMy
NWVmOTg5ZTA0ZGYyNDEyY2VkZTFjZTBlODNkZDE2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCq9hHexd821wczOb8Na9kxZX864gMoDE8hnbxtRWoplOFJ
XumZGsUeZZVVuBDiZdiwE/EkJRdmJqOwVM6EE+IcpMXW9oZh7E4HIaGvHnGxr8UH
/cVeobnCJP7/T3Uz1YLuBr9JZ3iBXzQ7h8PVefeiQxWK0I19AvBFDFF6oSf6tmpE
Qe81rYyunNuh0MSVS4WRQvLwZa0oYcI/z+jqMiGYrvsV13xSwywVz1KNm14M5zbf
pUfWmZRgvygKSG5thMfUfn3PxyeUnd576n5aWWTbo5Uo8B56K2H22PEk2NSE2ls7
M1JpJKenjewhMe8e71VnIo/a/T5MZ7QqGNpPGbVHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUn9ldBtJ6Jny3XVzwjOnd2T2+SyQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YyZjY2NGNmLThlMWEtNDVhNi04ZDNiLTk5ZDliN2E0MGU0MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFiWA4wDQYJKoZIhvcNAQELBQADggEBADfIzhDxfnxuN/gSuObXbS4IxXzG
heG2RZHjdYTcb6KXScThm+q44eCMraPjhll7tFHZCFLyX5acIOi0mfKRNki3hcNY
1mpUjnvPBD6dq9iFs8r+aP5EtpRRSORmk+OdIsr1w0tT3rLsZ/ZVdElGDUnsYJ70
t7N+OfXZ6PxBbInJoEQ1JyZ39dus7lx24WDIpbNQ9ecD1CcI0Q7K/Kely8Y/epjQ
Rr4GnaWgWC4o/KNtTTV542DLGashzdEHHh7cvtF9jj/G0vT0+E4BuPBWKHS17X/Y
H0FLpEYXpd1QlHrnfGSbRiEaqfLIj+3Kw2alh8Msd0uOK8Vn5ZlGcBQ1zeE=
-----END CERTIFICATE-----