Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3e94431f-b4dd-44cc-ac53-846af09314e0.roa
File:                     3e94431f-b4dd-44cc-ac53-846af09314e0.roa (raw, json)
Hash identifier:          jMbSDHIrno32mMhkV77HPVgYdRq+rPefqzo7RSQBEDU=
Subject key identifier:   4D:97:FA:9F:E8:E5:A3:B3:A0:EB:CF:BD:2B:FB:AD:9B:17:15:83:B0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6373BDAE598CB971774EB4B408DDEEF148743316
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3e94431f-b4dd-44cc-ac53-846af09314e0.roa
Signing time:             Wed 15 Oct 2025 18:12:44 +0000
ROA not before:           Wed 15 Oct 2025 18:12:44 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.86.128.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:73:bd:ae:59:8c:b9:71:77:4e:b4:b4:08:dd:ee:f1:48:74:33:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 15 18:12:44 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=278d9e3814d49b98464505eccfb1780f3c8d722dcac9cc9c1099adccb98729fd, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:00:f7:44:42:ba:44:4c:64:4c:e2:63:c6:6a:
                    76:c8:eb:d7:52:98:26:86:a6:0e:26:18:01:ea:06:
                    c0:27:65:29:ff:a2:6b:38:6b:e6:13:06:06:d2:1e:
                    fc:a4:fd:48:1e:54:0a:f9:9b:64:38:0d:26:21:40:
                    a7:95:6e:c6:b4:ad:c8:44:cf:58:24:c2:6d:70:07:
                    b1:36:9a:86:85:d5:16:69:ea:7e:6f:10:96:c2:ab:
                    84:6c:9e:51:3e:61:a1:e8:40:b3:c3:ab:e5:75:a6:
                    bb:4c:f0:b0:f4:1a:76:2b:7d:bc:2b:50:93:0a:7b:
                    91:5c:90:bb:15:21:9e:8a:21:84:73:5f:4c:29:1a:
                    ca:f5:d8:b8:f7:62:49:39:fa:e1:8a:ed:a3:45:67:
                    1b:04:c7:07:46:63:bc:16:f6:5a:3f:58:2f:49:53:
                    d8:49:9e:fb:e7:ee:21:da:1e:23:91:1f:ac:ff:97:
                    92:cb:a8:6b:d6:41:0d:5f:01:46:76:ec:92:d3:95:
                    34:a8:60:2e:7b:c1:66:ba:78:39:dd:30:38:fb:68:
                    f5:20:6f:61:bd:b3:d9:6f:ac:61:09:a2:43:ed:22:
                    c9:81:1b:24:e5:b5:e2:28:b9:73:b7:dd:ab:b2:aa:
                    de:0b:67:f3:91:db:69:23:ee:cb:2c:69:3d:95:37:
                    58:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:97:FA:9F:E8:E5:A3:B3:A0:EB:CF:BD:2B:FB:AD:9B:17:15:83:B0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3e94431f-b4dd-44cc-ac53-846af09314e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.86.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         bd:2a:cb:8d:f7:d6:8b:17:1d:1a:2e:9a:25:c0:76:f0:61:49:
         0d:1c:76:52:31:3e:7c:fd:7c:6b:16:53:00:22:b6:dc:22:39:
         ce:15:23:37:36:53:78:ad:ff:00:ad:f6:52:c3:d7:85:34:de:
         7a:20:8b:04:f5:da:26:ac:34:9e:ed:e8:d0:08:83:7f:55:e0:
         df:bb:85:ef:e4:71:01:2d:47:7e:4e:f6:26:58:f8:bc:a4:c3:
         4c:f8:96:59:71:ac:92:7a:8b:ee:ae:ea:13:7e:17:a7:b3:92:
         08:b0:a2:e8:e3:92:e2:a6:9c:84:97:6f:f7:c2:cb:a5:2d:c9:
         57:d2:fb:2a:72:2e:67:57:24:00:21:b3:1a:76:39:02:7c:46:
         c3:93:f0:6f:68:f3:e1:41:8c:39:47:fb:f6:85:4a:1f:d9:86:
         20:8a:db:29:6d:79:3b:67:a5:f4:a6:ac:83:f3:75:1e:2c:de:
         0d:9d:af:a0:42:b3:b2:fc:b2:d4:e1:ad:54:b7:29:c0:e5:05:
         cd:24:8c:a9:49:dd:f3:5f:3f:6e:b2:b3:fe:18:e3:69:04:a7:
         05:4c:c9:17:50:9e:3c:1c:13:eb:41:54:f1:3f:6a:86:74:58:
         14:56:27:2b:a7:ba:04:da:ff:28:25:a4:db:7a:20:a4:7f:f2:
         3f:e1:e5:87
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY3O9rlmMuXF3TrS0CN3u8Uh0MxYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE1MTgxMjQ0WhcNMjUxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNzhkOWUzODE0ZDQ5Yjk4NDY0NTA1ZWNjZmIxNzgwZjNj
OGQ3MjJkY2FjOWNjOWMxMDk5YWRjY2I5ODcyOWZkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKAPdEQrpETGRM4mPGanbI69dSmCaGpg4mGAHqBsAnZSn/
oms4a+YTBgbSHvyk/UgeVAr5m2Q4DSYhQKeVbsa0rchEz1gkwm1wB7E2moaF1RZp
6n5vEJbCq4RsnlE+YaHoQLPDq+V1prtM8LD0GnYrfbwrUJMKe5FckLsVIZ6KIYRz
X0wpGsr12Lj3Ykk5+uGK7aNFZxsExwdGY7wW9lo/WC9JU9hJnvvn7iHaHiORH6z/
l5LLqGvWQQ1fAUZ27JLTlTSoYC57wWa6eDndMDj7aPUgb2G9s9lvrGEJokPtIsmB
GyTlteIouXO33auyqt4LZ/OR22kj7sssaT2VN1iXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTZf6n+jlo7Og68+9K/utmxcVg7AwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNlOTQ0MzFmLWI0ZGQtNDRjYy1hYzUzLTg0NmFmMDkzMTRlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARjVoAwDQYJKoZIhvcNAQELBQADggEBAL0qy4331osXHRoumiXAdvBhSQ0c
dlIxPnz9fGsWUwAittwiOc4VIzc2U3it/wCt9lLD14U03nogiwT12iasNJ7t6NAI
g39V4N+7he/kcQEtR35O9iZY+Lykw0z4lllxrJJ6i+6u6hN+F6ezkgiwoujjkuKm
nISXb/fCy6UtyVfS+ypyLmdXJAAhsxp2OQJ8RsOT8G9o8+FBjDlH+/aFSh/ZhiCK
2ylteTtnpfSmrIPzdR4s3g2dr6BCs7L8stThrVS3KcDlBc0kjKlJ3fNfP26ys/4Y
42kEpwVMyRdQnjwcE+tBVPE/aoZ0WBRWJyunugTa/yglpNt6IKR/8j/h5Yc=
-----END CERTIFICATE-----