Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/94d8fc77-2869-4b60-a712-41b7854d5fd5.roa
File:                     94d8fc77-2869-4b60-a712-41b7854d5fd5.roa (raw, json)
Hash identifier:          zd/CPadV/bnoyN2oaqnbXpq5kkumjnEFSk6tYWzKW70=
Subject key identifier:   92:A7:CD:0F:D5:B9:90:FF:4A:B0:0F:8C:74:DE:C4:CF:0C:DA:BE:1E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       53FCE6A501EFCA0248DA4C69D4B9B5A5C9C4754D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/94d8fc77-2869-4b60-a712-41b7854d5fd5.roa
Signing time:             Fri 03 Oct 2025 00:53:01 +0000
ROA not before:           Fri 03 Oct 2025 00:53:01 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.156.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:fc:e6:a5:01:ef:ca:02:48:da:4c:69:d4:b9:b5:a5:c9:c4:75:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:53:01 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=808b953f8e3c3b49808054a86143ecc0e392ce9f2162c7136a9b8bcaf43c8480, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:15:31:01:d2:5b:4b:48:88:c3:2a:b9:f0:1e:
                    b0:b9:df:23:8a:2f:71:74:51:dd:62:fa:14:04:a1:
                    b8:d9:2c:9f:6d:99:5f:90:1e:23:4f:ab:8b:c5:95:
                    5a:ab:d1:df:f2:66:72:19:fc:44:e6:d2:af:35:1c:
                    32:0a:1a:6f:e3:05:f5:be:00:11:9c:46:21:f1:a9:
                    0d:11:2b:37:4b:44:1e:3b:d3:28:1c:6b:f2:ca:95:
                    80:ae:91:94:fb:2d:94:8a:0b:d0:69:f9:72:60:5b:
                    2c:b1:f5:17:fa:c6:a7:f5:22:da:89:78:df:3c:b5:
                    16:46:68:cb:ab:f4:ab:53:78:d7:ab:4f:2a:2c:6a:
                    55:d7:f2:c3:3f:73:d1:ec:94:b2:29:b9:58:6a:ba:
                    cd:ef:c7:fd:08:7e:45:4d:55:96:c1:2e:1c:88:56:
                    53:d0:98:d4:1d:26:6d:d9:cc:87:93:c8:0f:27:a5:
                    2b:c5:8d:5a:9a:6e:77:67:9a:67:b5:b5:5b:37:fc:
                    b3:bb:14:82:df:de:17:a9:03:74:fe:d8:ca:3e:87:
                    1f:eb:a2:cd:74:0f:97:da:2e:2c:02:28:b2:6c:65:
                    53:01:50:da:3c:73:ea:7d:e3:ae:a2:19:82:9b:29:
                    19:c4:9b:2c:1e:f1:ae:2a:a9:e4:3c:73:fc:b7:39:
                    d8:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:A7:CD:0F:D5:B9:90:FF:4A:B0:0F:8C:74:DE:C4:CF:0C:DA:BE:1E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/94d8fc77-2869-4b60-a712-41b7854d5fd5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:02:72:19:fe:49:50:44:9f:96:7e:7a:3b:79:ca:fe:62:e9:
         56:e3:c3:41:d0:db:53:5b:de:a3:03:ef:4b:5f:24:aa:b6:06:
         58:27:ec:9e:3e:9a:71:a4:52:09:f8:63:79:38:87:37:9b:d4:
         1c:f2:96:67:31:e1:3c:e5:9c:ab:15:dd:3b:88:c0:51:87:07:
         22:75:51:13:82:89:4a:f5:68:12:31:69:83:de:f6:91:2a:16:
         b4:9c:4c:00:dc:fb:70:14:6c:18:9d:0e:b1:2c:84:30:52:b5:
         ee:de:f7:d2:1d:d0:02:48:00:d9:db:a4:85:66:94:22:b1:c3:
         70:95:58:33:7d:40:f7:7d:d9:04:c7:72:d2:96:e6:c2:d9:85:
         18:73:cd:3e:f2:e0:dc:e5:2d:93:79:9a:d2:53:a0:4b:ea:48:
         d9:3a:b6:4e:71:fa:6c:e2:71:64:5d:21:19:05:5c:0e:cc:41:
         65:bd:a9:8d:30:25:2d:33:9e:8d:05:ff:d2:19:37:fa:ed:19:
         82:5d:b9:a1:fc:b1:31:6b:fc:ac:37:9f:50:e0:fd:eb:32:68:
         e6:c3:0e:e5:4b:1a:bc:4a:c4:d6:c7:e9:ec:66:a8:b3:84:14:
         4c:7c:11:42:76:a2:29:91:9c:38:d3:c3:14:fd:19:76:f8:b3:
         dc:f4:01:1f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU/zmpQHvygJI2kxp1Lm1pcnEdU0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDA1MzAxWhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MDhiOTUzZjhlM2MzYjQ5ODA4MDU0YTg2MTQzZWNjMGUz
OTJjZTlmMjE2MmM3MTM2YTliOGJjYWY0M2M4NDgwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvFTEB0ltLSIjDKrnwHrC53yOKL3F0Ud1i+hQEobjZLJ9t
mV+QHiNPq4vFlVqr0d/yZnIZ/ETm0q81HDIKGm/jBfW+ABGcRiHxqQ0RKzdLRB47
0ygca/LKlYCukZT7LZSKC9Bp+XJgWyyx9Rf6xqf1ItqJeN88tRZGaMur9KtTeNer
TyosalXX8sM/c9HslLIpuVhqus3vx/0IfkVNVZbBLhyIVlPQmNQdJm3ZzIeTyA8n
pSvFjVqabndnmme1tVs3/LO7FILf3hepA3T+2Mo+hx/ros10D5faLiwCKLJsZVMB
UNo8c+p9466iGYKbKRnEmywe8a4qqeQ8c/y3Odh5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkqfND9W5kP9KsA+MdN7Ezwzavh4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk0ZDhmYzc3LTI4NjktNGI2MC1hNzEyLTQxYjc4NTRkNWZkNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTZwwDQYJKoZIhvcNAQELBQADggEBADYCchn+SVBEn5Z+ejt5yv5i6Vbj
w0HQ21Nb3qMD70tfJKq2Blgn7J4+mnGkUgn4Y3k4hzeb1Bzylmcx4TzlnKsV3TuI
wFGHByJ1UROCiUr1aBIxaYPe9pEqFrScTADc+3AUbBidDrEshDBSte7e99Id0AJI
ANnbpIVmlCKxw3CVWDN9QPd92QTHctKW5sLZhRhzzT7y4NzlLZN5mtJToEvqSNk6
tk5x+mzicWRdIRkFXA7MQWW9qY0wJS0zno0F/9IZN/rtGYJduaH8sTFr/Kw3n1Dg
/esyaObDDuVLGrxKxNbH6exmqLOEFEx8EUJ2oimRnDjTwxT9GXb4s9z0AR8=
-----END CERTIFICATE-----