Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/31b86582-b332-47ae-b6ee-9404d32cb156.roa
File:                     31b86582-b332-47ae-b6ee-9404d32cb156.roa (raw, json)
Hash identifier:          miXmCepFlp9Yz3lLdZvMSxrpNjKHyhbomnhWwVz717E=
Subject key identifier:   A7:B8:14:1D:9F:08:F1:87:9D:C2:15:25:85:4B:32:E9:9F:55:1D:BA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       29F87C8D2C648C5777AD2AEBBA77F65695413824
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/31b86582-b332-47ae-b6ee-9404d32cb156.roa
Signing time:             Wed 15 Oct 2025 17:52:55 +0000
ROA not before:           Wed 15 Oct 2025 17:52:55 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.86.148.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:f8:7c:8d:2c:64:8c:57:77:ad:2a:eb:ba:77:f6:56:95:41:38:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 15 17:52:55 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=cab76adc2d7502d742a42b3f39c6268e0fbe8abe64e6b6e1e0bc5eeb696e30aa, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:4d:08:cb:49:63:b5:d7:03:2f:da:db:b9:ba:
                    fa:83:91:ac:12:b0:67:7d:19:66:f8:a1:02:66:e4:
                    3b:e2:1c:23:e4:34:9d:97:93:06:e7:eb:10:71:cb:
                    01:08:bc:5d:92:e7:5e:45:6a:8f:e7:66:0b:16:85:
                    40:d0:70:c4:f3:e9:13:d9:8e:93:91:a5:14:b8:b7:
                    82:57:58:7f:dd:da:fb:50:50:c7:81:ff:4c:28:0a:
                    4e:1c:45:80:9e:e4:cf:04:37:36:68:0b:76:22:93:
                    76:13:8a:d5:11:29:b4:ea:2d:78:15:9c:c4:62:a6:
                    d7:f6:28:0e:d1:ad:c3:91:10:d1:9d:c7:ca:ee:31:
                    cb:53:0e:d0:18:6b:fd:c7:e7:31:03:aa:7e:a7:bc:
                    08:fb:15:2e:c8:4c:da:e6:b2:b5:e4:67:0f:df:ba:
                    45:ea:dc:bd:1a:30:d3:a3:fc:c5:a8:25:f0:64:62:
                    3a:75:34:22:20:f1:e1:4e:df:25:cb:a7:b1:4b:19:
                    5d:c2:2e:15:dd:9f:f2:20:f0:91:38:d8:0b:d7:94:
                    e7:26:8f:c3:e9:c4:23:f0:60:0d:38:55:c9:57:7a:
                    31:cf:5a:14:46:09:91:13:e0:58:f2:85:26:94:96:
                    0f:6e:eb:fb:f2:08:3d:37:93:b0:3e:a5:5b:e7:92:
                    6c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:B8:14:1D:9F:08:F1:87:9D:C2:15:25:85:4B:32:E9:9F:55:1D:BA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/31b86582-b332-47ae-b6ee-9404d32cb156.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.86.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:2a:72:d1:0d:ea:d0:26:bd:ea:0e:63:2e:88:89:57:a4:e7:
         f5:23:b4:ea:94:08:ca:04:8f:2f:9c:ca:d6:32:d0:9e:e7:d0:
         c9:d1:60:d4:e7:8e:e9:76:13:3b:7b:2f:37:4b:77:e3:c4:88:
         1a:55:d8:c0:60:bd:6d:e2:e4:b6:32:bd:4b:7a:e4:7a:53:aa:
         41:53:51:28:30:92:c7:ea:34:96:7c:00:06:b7:ff:46:6c:6c:
         16:e7:0a:31:7d:88:5c:7f:a9:0c:f6:57:d0:61:e8:a8:c4:8f:
         96:44:e1:2a:f7:50:33:5b:3b:6b:61:95:4b:17:6c:79:7f:15:
         36:13:1d:3f:e7:73:14:55:2b:37:1d:12:12:ab:ff:5f:f2:d8:
         d1:e6:35:57:59:76:82:55:29:b7:df:a5:a6:f4:a0:05:54:71:
         4b:1a:22:6f:59:0e:8a:ef:3a:1f:6c:b5:b8:5d:40:a9:ba:20:
         f2:d2:2d:2e:cd:67:48:51:53:86:ae:1a:05:d4:56:c1:43:b2:
         fb:9d:ed:26:36:92:30:8f:6a:49:bf:cd:a5:57:05:f2:cb:e8:
         e3:89:3e:0f:62:a0:40:30:98:a7:5c:8e:f0:b9:6d:70:e5:93:
         fd:7d:7c:17:c5:f2:db:1c:1f:2f:0d:ad:87:9d:06:52:5b:68:
         4b:28:e9:6a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKfh8jSxkjFd3rSrrunf2VpVBOCQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE1MTc1MjU1WhcNMjUxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYWI3NmFkYzJkNzUwMmQ3NDJhNDJiM2YzOWM2MjY4ZTBm
YmU4YWJlNjRlNmI2ZTFlMGJjNWVlYjY5NmUzMGFhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMTQjLSWO11wMv2tu5uvqDkawSsGd9GWb4oQJm5DviHCPk
NJ2Xkwbn6xBxywEIvF2S515Fao/nZgsWhUDQcMTz6RPZjpORpRS4t4JXWH/d2vtQ
UMeB/0woCk4cRYCe5M8ENzZoC3Yik3YTitURKbTqLXgVnMRiptf2KA7RrcORENGd
x8ruMctTDtAYa/3H5zEDqn6nvAj7FS7ITNrmsrXkZw/fukXq3L0aMNOj/MWoJfBk
Yjp1NCIg8eFO3yXLp7FLGV3CLhXdn/Ig8JE42AvXlOcmj8PpxCPwYA04VclXejHP
WhRGCZET4FjyhSaUlg9u6/vyCD03k7A+pVvnkmwvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUp7gUHZ8I8YedwhUlhUsy6Z9VHbowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMxYjg2NTgyLWIzMzItNDdhZS1iNmVlLTk0MDRkMzJjYjE1Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJjVpQwDQYJKoZIhvcNAQELBQADggEBAGsqctEN6tAmveoOYy6IiVek5/Uj
tOqUCMoEjy+cytYy0J7n0MnRYNTnjul2Ezt7LzdLd+PEiBpV2MBgvW3i5LYyvUt6
5HpTqkFTUSgwksfqNJZ8AAa3/0ZsbBbnCjF9iFx/qQz2V9Bh6KjEj5ZE4Sr3UDNb
O2thlUsXbHl/FTYTHT/ncxRVKzcdEhKr/1/y2NHmNVdZdoJVKbffpab0oAVUcUsa
Im9ZDorvOh9stbhdQKm6IPLSLS7NZ0hRU4auGgXUVsFDsvud7SY2kjCPakm/zaVX
BfLL6OOJPg9ioEAwmKdcjvC5bXDlk/19fBfF8tscHy8NrYedBlJbaEso6Wo=
-----END CERTIFICATE-----