Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5adf633d-95e5-488d-80ff-102a50794cfd.roa
File:                     5adf633d-95e5-488d-80ff-102a50794cfd.roa (raw, json)
Hash identifier:          FSEy53BCNuiU9qXrCWQqNfxKLRzDSkdlYg9f2iyx3jg=
Subject key identifier:   C6:14:0E:51:DD:00:AC:3D:F3:99:09:63:A3:A1:E6:77:32:D1:A5:5E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6A1A752BBAC4926396B2BA8EE87363C2A0372887
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5adf633d-95e5-488d-80ff-102a50794cfd.roa
Signing time:             Sat 25 Oct 2025 00:30:51 +0000
ROA not before:           Sat 25 Oct 2025 00:30:51 +0000
ROA not after:            Sat 29 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        198.99.3.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:1a:75:2b:ba:c4:92:63:96:b2:ba:8e:e8:73:63:c2:a0:37:28:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 25 00:30:51 2025 GMT
            Not After : Nov 29 23:59:59 2025 GMT
        Subject: serialNumber=3f3e1cffd9b9b4cae0a8264f3fa7cc2392c24a13426a25452d4ae6844c489313, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:48:ba:9f:0f:33:73:5d:86:f4:9f:90:aa:9a:
                    35:85:c5:29:ef:52:ef:ab:51:88:67:15:2c:57:4d:
                    88:10:35:e8:36:27:a2:91:4c:b2:cb:ee:eb:c5:68:
                    6b:0a:3c:c3:13:17:cb:69:07:fe:df:f9:b4:77:5c:
                    1c:a0:f9:d2:26:4a:54:98:3d:53:dc:85:bd:16:0c:
                    b1:31:ca:f0:0e:41:61:1c:d3:08:7b:62:1b:e0:19:
                    34:3d:50:58:16:24:a7:2d:63:bb:97:4f:f7:e7:b4:
                    4c:20:22:51:61:99:eb:b2:cc:48:ed:9f:f3:ed:f3:
                    e7:f2:ba:c2:de:dd:b5:87:01:fd:b6:5a:47:15:11:
                    0f:34:b2:4d:f2:23:37:a5:43:09:41:76:e1:0f:86:
                    a2:ed:44:d3:08:75:9c:09:4c:21:ac:63:35:12:49:
                    cc:ff:81:25:a1:6f:9e:6c:fd:56:a3:75:61:0a:8f:
                    51:b8:fb:f0:12:cf:ee:99:e4:3f:c8:85:31:fc:02:
                    d1:21:d5:49:37:f1:62:bd:e9:6f:2d:01:4e:18:47:
                    0e:bd:9a:83:0a:72:5f:38:80:9f:6b:7d:c6:35:34:
                    d9:c0:af:6e:de:4d:49:04:73:6f:40:47:63:a0:71:
                    bf:c3:76:41:c9:49:1c:ad:6f:72:b3:06:13:82:96:
                    8c:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:14:0E:51:DD:00:AC:3D:F3:99:09:63:A3:A1:E6:77:32:D1:A5:5E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5adf633d-95e5-488d-80ff-102a50794cfd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.99.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:b5:c3:fe:cc:bc:79:15:6e:e9:4a:a5:84:29:e9:6c:c5:4a:
         ab:9f:3b:de:d7:ad:b4:9e:bc:ad:7b:d2:19:b8:28:b5:db:54:
         a1:e8:92:24:f4:95:2f:c0:5e:58:e9:46:f4:46:7c:d4:25:78:
         ff:ec:f4:0c:9b:0a:9d:b3:fc:42:91:a8:53:96:0c:e7:8b:8f:
         30:35:f4:78:c0:48:de:09:3e:1f:fc:97:f4:99:80:cf:d2:f5:
         cc:eb:c6:bd:53:4e:b3:57:10:4a:23:3c:8b:4d:9f:5e:62:20:
         04:dc:4b:89:33:d3:01:50:d1:b5:7c:6e:ef:9f:e7:88:28:95:
         ef:b5:16:91:c2:21:16:a5:88:6b:07:ad:92:6b:8f:73:03:9c:
         ad:b4:3f:f7:6e:f2:59:0b:86:0b:d1:7c:f1:f6:b5:9e:b9:b6:
         e1:1a:29:e8:d6:c9:ee:03:55:c0:a4:5a:7a:23:62:1b:cc:51:
         63:e2:47:ee:d2:75:44:35:10:41:28:81:4d:8c:6e:36:46:cd:
         af:81:eb:c3:c0:4e:98:8d:92:d1:4a:86:5e:83:a5:87:74:8c:
         af:eb:81:cc:68:a3:2f:86:b8:e4:2d:42:c8:e6:af:9f:31:a1:
         81:dd:47:95:61:85:69:f7:a6:c9:fe:e3:0d:34:35:a8:b3:5c:
         f9:01:58:36
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUahp1K7rEkmOWsrqO6HNjwqA3KIcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI1MDAzMDUxWhcNMjUxMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZjNlMWNmZmQ5YjliNGNhZTBhODI2NGYzZmE3Y2MyMzky
YzI0YTEzNDI2YTI1NDUyZDRhZTY4NDRjNDg5MzEzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJSLqfDzNzXYb0n5CqmjWFxSnvUu+rUYhnFSxXTYgQNeg2
J6KRTLLL7uvFaGsKPMMTF8tpB/7f+bR3XByg+dImSlSYPVPchb0WDLExyvAOQWEc
0wh7YhvgGTQ9UFgWJKctY7uXT/fntEwgIlFhmeuyzEjtn/Pt8+fyusLe3bWHAf22
WkcVEQ80sk3yIzelQwlBduEPhqLtRNMIdZwJTCGsYzUSScz/gSWhb55s/VajdWEK
j1G4+/ASz+6Z5D/IhTH8AtEh1Uk38WK96W8tAU4YRw69moMKcl84gJ9rfcY1NNnA
r27eTUkEc29AR2Ogcb/DdkHJSRytb3KzBhOCloztAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxhQOUd0ArD3zmQljo6HmdzLRpV4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVhZGY2MzNkLTk1ZTUtNDg4ZC04MGZmLTEwMmE1MDc5NGNmZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADGYwMwDQYJKoZIhvcNAQELBQADggEBAIC1w/7MvHkVbulKpYQp6WzFSquf
O97XrbSevK170hm4KLXbVKHokiT0lS/AXljpRvRGfNQleP/s9AybCp2z/EKRqFOW
DOeLjzA19HjASN4JPh/8l/SZgM/S9czrxr1TTrNXEEojPItNn15iIATcS4kz0wFQ
0bV8bu+f54gole+1FpHCIRaliGsHrZJrj3MDnK20P/du8lkLhgvRfPH2tZ65tuEa
KejWye4DVcCkWnojYhvMUWPiR+7SdUQ1EEEogU2MbjZGza+B68PATpiNktFKhl6D
pYd0jK/rgcxooy+GuOQtQsjmr58xoYHdR5VhhWn3psn+4w00NaizXPkBWDY=
-----END CERTIFICATE-----