Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a94972a-5622-44f7-85a8-f166881512cb.roa
File:                     6a94972a-5622-44f7-85a8-f166881512cb.roa (raw, json)
Hash identifier:          za2ylgaWKL0aK64mUa0BrqAPn2raCr5FW0jVNpasUps=
Subject key identifier:   FF:32:F2:C9:EE:9E:FA:22:A7:34:23:E3:E2:DD:C1:AE:EB:75:5C:D7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       20C13E8F09F6DA1AD5C9B80267B3A274CE745217
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a94972a-5622-44f7-85a8-f166881512cb.roa
Signing time:             Sun 26 Oct 2025 00:10:10 +0000
ROA not before:           Sun 26 Oct 2025 00:10:10 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.134.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:c1:3e:8f:09:f6:da:1a:d5:c9:b8:02:67:b3:a2:74:ce:74:52:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 00:10:10 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=ebfdac1b1dd190432b00511b57971e12890c9364c44cf16d50fd9300e30a12b5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:77:67:dd:b6:1e:97:f9:60:1c:07:32:c6:00:
                    28:34:83:ea:36:94:a8:08:af:0a:54:97:f9:ac:ff:
                    2d:28:17:44:6d:4b:39:1c:2b:2d:3b:52:80:2c:c9:
                    2c:c3:51:cd:3c:48:0f:50:b4:f3:75:99:46:53:bd:
                    5e:1b:8d:f2:26:6e:19:a2:ab:ad:01:dc:9a:95:e9:
                    b2:1b:a9:9f:16:10:4e:66:b6:27:a8:4a:9f:70:79:
                    0c:6a:6d:4c:44:46:41:fa:d1:c7:28:48:fe:44:1a:
                    31:de:5b:5d:b4:8c:8a:e2:85:89:f0:8c:53:01:c5:
                    42:93:8f:95:25:24:7c:95:47:7c:6c:f7:79:85:dd:
                    2d:23:6d:0a:ad:64:4a:33:af:43:44:1b:0b:ca:9d:
                    ba:c1:f5:5d:5e:65:5b:ae:6f:e9:c1:bc:77:e9:a1:
                    00:1e:9d:af:e0:d9:a0:f9:d9:19:b3:81:9e:be:84:
                    47:bf:e1:94:ec:85:49:f8:cb:9b:1e:cf:e8:86:cf:
                    87:21:ce:02:3e:c2:47:33:85:60:c7:c8:60:73:cd:
                    b4:d1:64:35:d2:98:ef:13:d8:ca:bf:67:bf:a7:94:
                    79:1f:39:06:4b:3c:5f:db:6e:0d:18:1d:57:1e:91:
                    9b:dc:28:19:2e:9d:6b:89:93:1f:fb:97:22:c6:45:
                    12:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:32:F2:C9:EE:9E:FA:22:A7:34:23:E3:E2:DD:C1:AE:EB:75:5C:D7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a94972a-5622-44f7-85a8-f166881512cb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:e3:c1:d3:6f:d4:67:7a:fa:cf:b8:57:01:5c:0d:41:58:41:
         bb:fd:e3:10:3e:19:4a:dc:1c:c4:2c:b9:c0:2c:e1:14:1e:cd:
         a5:c3:3d:70:6b:8e:49:a6:41:ca:57:db:9c:74:e6:1c:19:60:
         1f:b1:ed:74:fe:cf:80:bc:ff:1f:2d:52:8c:09:1d:3a:be:8e:
         ab:7a:64:17:14:8d:67:1a:7c:94:c3:6d:f5:3c:9e:4b:42:6b:
         7c:77:8c:4d:28:1d:11:4a:bd:85:94:2b:9f:40:a4:33:c6:d5:
         f2:40:d9:ec:75:fd:ff:03:8b:73:eb:ec:f5:fb:38:f2:b7:a4:
         df:e6:f1:d9:eb:5b:a8:92:d7:78:10:65:4a:aa:e5:1e:06:c5:
         8c:fe:9e:57:9e:c3:23:ab:38:95:fc:76:d8:b3:e1:36:25:0d:
         93:62:38:ce:07:a5:1d:7c:21:18:c1:b1:05:2d:e3:e9:c1:da:
         47:4d:b6:30:62:c0:bf:2a:48:94:e9:df:72:84:cc:c5:40:b5:
         91:70:95:4d:39:65:14:03:2c:6f:4d:d8:c8:08:6f:5b:b1:a9:
         9b:56:e8:9e:a3:07:d9:ea:63:43:0f:89:2a:cb:1c:5a:41:62:
         ba:d3:5a:83:c5:eb:d7:15:40:e2:29:38:09:fd:c0:40:07:7e:
         61:28:9c:ca
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIME+jwn22hrVybgCZ7OidM50UhcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDAxMDEwWhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlYmZkYWMxYjFkZDE5MDQzMmIwMDUxMWI1Nzk3MWUxMjg5
MGM5MzY0YzQ0Y2YxNmQ1MGZkOTMwMGUzMGExMmI1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/d2fdth6X+WAcBzLGACg0g+o2lKgIrwpUl/ms/y0oF0Rt
SzkcKy07UoAsySzDUc08SA9QtPN1mUZTvV4bjfImbhmiq60B3JqV6bIbqZ8WEE5m
tieoSp9weQxqbUxERkH60ccoSP5EGjHeW120jIrihYnwjFMBxUKTj5UlJHyVR3xs
93mF3S0jbQqtZEozr0NEGwvKnbrB9V1eZVuub+nBvHfpoQAena/g2aD52RmzgZ6+
hEe/4ZTshUn4y5sez+iGz4chzgI+wkczhWDHyGBzzbTRZDXSmO8T2Mq/Z7+nlHkf
OQZLPF/bbg0YHVcekZvcKBkunWuJkx/7lyLGRRJVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/zLyye6e+iKnNCPj4t3Brut1XNcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZhOTQ5NzJhLTU2MjItNDRmNy04NWE4LWYxNjY4ODE1MTJjYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTYYwDQYJKoZIhvcNAQELBQADggEBAATjwdNv1Gd6+s+4VwFcDUFYQbv9
4xA+GUrcHMQsucAs4RQezaXDPXBrjkmmQcpX25x05hwZYB+x7XT+z4C8/x8tUowJ
HTq+jqt6ZBcUjWcafJTDbfU8nktCa3x3jE0oHRFKvYWUK59ApDPG1fJA2ex1/f8D
i3Pr7PX7OPK3pN/m8dnrW6iS13gQZUqq5R4GxYz+nleewyOrOJX8dtiz4TYlDZNi
OM4HpR18IRjBsQUt4+nB2kdNtjBiwL8qSJTp33KEzMVAtZFwlU05ZRQDLG9N2MgI
b1uxqZtW6J6jB9nqY0MPiSrLHFpBYrrTWoPF69cVQOIpOAn9wEAHfmEonMo=
-----END CERTIFICATE-----