Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/79a3066d-ab33-44e5-b364-14423e757820.roa
File:                     79a3066d-ab33-44e5-b364-14423e757820.roa (raw, json)
Hash identifier:          8zVnGNkyITPAp31pn9OaLv//zacpNWRTfA36+v/SloE=
Subject key identifier:   DA:95:C4:15:7A:0E:40:A7:9C:C0:E9:21:D9:C7:B3:5B:77:52:3D:A4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5BAAEA69862952266A3FC95A58039AAF375746EC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/79a3066d-ab33-44e5-b364-14423e757820.roa
Signing time:             Fri 03 Oct 2025 00:52:10 +0000
ROA not before:           Fri 03 Oct 2025 00:52:10 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.245.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:aa:ea:69:86:29:52:26:6a:3f:c9:5a:58:03:9a:af:37:57:46:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:52:10 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=56b614dcc63d3aa1dd14e540af73b50ac6266ad7834757a2928fb6fcc587e953, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:56:85:20:5f:d1:96:e0:ec:c9:39:cc:e9:f6:
                    4e:77:d6:98:63:90:39:6b:1b:1c:fc:91:cb:cf:8d:
                    5d:1d:76:b6:2e:6d:83:aa:a9:c9:33:44:70:82:21:
                    f5:fb:51:d7:da:d3:c4:60:3e:e7:ec:5e:4a:d6:39:
                    49:ec:f4:2f:e8:22:2a:64:7a:ee:9c:29:f1:bf:04:
                    b4:b3:5d:7d:de:d6:69:7c:59:13:ae:a0:98:a1:e0:
                    18:b8:d8:46:7e:91:ce:78:e7:93:9b:df:92:56:59:
                    d3:19:82:0d:37:6c:9d:43:db:9c:a8:08:88:c9:ed:
                    19:7b:f8:b6:8c:27:22:58:0f:87:ba:00:07:50:1a:
                    0e:02:66:52:06:73:9b:7b:5f:a8:71:8b:bc:94:e4:
                    7d:f5:05:e0:62:2b:57:77:85:b8:2d:92:34:5a:23:
                    e2:59:98:d3:8e:eb:5f:ff:1a:25:03:51:4e:42:02:
                    66:48:07:61:e3:94:b4:d7:c6:24:ab:bf:88:04:ac:
                    6b:aa:f5:3d:ed:eb:d1:90:e0:ae:f7:f3:f3:0d:4e:
                    ae:66:55:da:2b:17:53:e5:e4:92:f1:14:32:1a:6a:
                    ff:46:f7:18:26:4a:3f:56:7a:ee:60:e1:d5:ef:f7:
                    24:d9:1d:74:2b:64:cc:25:74:ea:d5:11:b8:bc:17:
                    7d:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:95:C4:15:7A:0E:40:A7:9C:C0:E9:21:D9:C7:B3:5B:77:52:3D:A4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/79a3066d-ab33-44e5-b364-14423e757820.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:38:43:02:9e:c5:8d:27:22:34:06:e3:aa:43:85:50:81:87:
         de:0c:d4:d7:42:9a:31:1b:94:52:69:e1:54:3a:54:df:69:a4:
         9e:37:af:a3:80:47:31:ee:55:bc:d7:98:de:c8:29:a2:0d:5b:
         8c:95:30:6a:34:d4:e7:cc:b0:cb:d1:10:7d:51:f9:df:a0:94:
         58:e8:91:40:2f:3e:6e:90:0f:a5:b8:5b:2e:c0:3d:d6:25:8e:
         ff:b2:16:8e:66:33:46:f2:06:07:69:d7:f1:ce:21:ff:7f:ec:
         4b:32:06:16:c0:e4:cc:06:6c:c9:81:35:16:45:7f:90:ba:89:
         53:ee:b2:39:0c:99:7f:85:36:f4:46:98:04:99:ba:29:54:62:
         59:83:80:d4:7d:97:0f:2a:4d:72:55:dd:81:c4:d1:f9:e8:0c:
         4a:1c:77:30:7d:fb:92:33:32:2b:f0:7a:e0:03:4f:49:40:bd:
         d2:fb:72:e2:f9:cc:b3:54:ca:49:b7:a1:b9:6d:a6:94:54:a4:
         b0:7c:78:28:93:98:7f:cc:be:0c:f1:ed:81:74:aa:93:5f:54:
         a4:c7:15:23:8d:d0:c4:ec:b6:9c:f7:8d:0e:9a:95:dc:a9:8c:
         b6:71:9f:e8:51:02:0f:a9:f2:9e:ef:d2:24:12:8f:91:73:ef:
         58:24:8b:4d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUW6rqaYYpUiZqP8laWAOarzdXRuwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDA1MjEwWhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NmI2MTRkY2M2M2QzYWExZGQxNGU1NDBhZjczYjUwYWM2
MjY2YWQ3ODM0NzU3YTI5MjhmYjZmY2M1ODdlOTUzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVVoUgX9GW4OzJOczp9k531phjkDlrGxz8kcvPjV0ddrYu
bYOqqckzRHCCIfX7Udfa08RgPufsXkrWOUns9C/oIipkeu6cKfG/BLSzXX3e1ml8
WROuoJih4Bi42EZ+kc5455Ob35JWWdMZgg03bJ1D25yoCIjJ7Rl7+LaMJyJYD4e6
AAdQGg4CZlIGc5t7X6hxi7yU5H31BeBiK1d3hbgtkjRaI+JZmNOO61//GiUDUU5C
AmZIB2HjlLTXxiSrv4gErGuq9T3t69GQ4K738/MNTq5mVdorF1Pl5JLxFDIaav9G
9xgmSj9Weu5g4dXv9yTZHXQrZMwldOrVEbi8F31hAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2pXEFXoOQKecwOkh2cezW3dSPaQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc5YTMwNjZkLWFiMzMtNDRlNS1iMzY0LTE0NDIzZTc1NzgyMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTfUwDQYJKoZIhvcNAQELBQADggEBALU4QwKexY0nIjQG46pDhVCBh94M
1NdCmjEblFJp4VQ6VN9ppJ43r6OARzHuVbzXmN7IKaINW4yVMGo01OfMsMvREH1R
+d+glFjokUAvPm6QD6W4Wy7APdYljv+yFo5mM0byBgdp1/HOIf9/7EsyBhbA5MwG
bMmBNRZFf5C6iVPusjkMmX+FNvRGmASZuilUYlmDgNR9lw8qTXJV3YHE0fnoDEoc
dzB9+5IzMivweuADT0lAvdL7cuL5zLNUykm3obltppRUpLB8eCiTmH/Mvgzx7YF0
qpNfVKTHFSON0MTstpz3jQ6aldypjLZxn+hRAg+p8p7v0iQSj5Fz71gki00=
-----END CERTIFICATE-----