Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba42d1eb-63d0-4036-b8e0-07971ece5ddb.roa
File:                     ba42d1eb-63d0-4036-b8e0-07971ece5ddb.roa (raw, json)
Hash identifier:          pol1wTOsrM7A2ZqL2S9rY5vxQKcyJtT0e7AOPWzacsU=
Subject key identifier:   F3:C6:C7:A7:C0:42:D8:59:8B:CE:CE:87:18:FB:15:73:BF:3F:BC:08
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       46A50D29C6EB1FE2E7A99D79064D999ACF6380F1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba42d1eb-63d0-4036-b8e0-07971ece5ddb.roa
Signing time:             Wed 15 Oct 2025 15:02:57 +0000
ROA not before:           Wed 15 Oct 2025 15:02:57 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.86.186.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:a5:0d:29:c6:eb:1f:e2:e7:a9:9d:79:06:4d:99:9a:cf:63:80:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 15 15:02:57 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=4a3930e0957872ab9d8ca135d7f1c0015b4d138756b32c63de337609bb5ef320, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:9e:47:59:a5:56:94:a4:82:84:e4:a5:78:9d:
                    28:53:d8:d9:4c:f6:90:3e:c0:8a:10:4b:18:31:dd:
                    b5:54:74:5d:68:01:23:77:f0:f9:8e:7b:68:52:c9:
                    bd:14:29:77:04:34:63:0f:27:87:5b:93:ca:b9:30:
                    3c:b0:34:f8:e6:7b:d4:dc:ba:1d:35:ac:7b:6e:7b:
                    e0:fd:17:b2:a2:4f:63:35:d3:ae:76:d5:a7:4c:3a:
                    b7:d6:37:38:5b:10:2d:3e:04:9e:df:e2:ad:48:19:
                    07:95:72:4a:98:19:3a:2d:af:13:61:24:53:1b:d3:
                    e7:55:8f:cf:58:b2:74:51:ad:2e:92:6b:04:ba:44:
                    64:b1:fb:08:19:98:c7:b3:7c:09:ea:a2:50:7d:b0:
                    59:6d:a1:80:ca:76:dd:94:2e:9b:ef:e5:c2:8e:d4:
                    49:66:e2:b7:3f:21:ff:37:8a:84:d2:3b:5f:d9:e7:
                    84:b9:50:3a:fa:73:9c:99:4e:20:2b:de:f9:98:46:
                    70:d4:21:1c:e1:07:80:05:eb:4a:de:39:32:f0:6f:
                    e7:8a:fc:ca:54:97:51:c3:7e:ba:2b:9b:d8:03:d1:
                    c3:76:7b:53:81:7b:f4:61:a7:60:2d:d5:6c:cc:a0:
                    0d:f5:4e:e3:4b:ae:1c:5d:0a:50:6f:71:5d:43:5c:
                    02:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:C6:C7:A7:C0:42:D8:59:8B:CE:CE:87:18:FB:15:73:BF:3F:BC:08
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba42d1eb-63d0-4036-b8e0-07971ece5ddb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.86.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:06:d6:4f:17:11:1f:66:9f:26:db:24:87:8c:e2:1c:70:be:
         59:ec:7a:73:f9:ee:5f:b8:3e:c8:fd:f9:82:d4:70:f4:f6:03:
         e0:6c:c0:81:fe:d6:1d:58:c6:e2:94:f6:27:be:12:38:a9:06:
         43:bd:fe:5c:ac:e3:81:22:09:96:21:bb:9f:29:6e:47:64:91:
         c4:40:16:c9:f5:1d:92:c5:7f:40:3f:0d:74:05:25:1e:b7:6c:
         69:65:ac:84:6d:7c:05:3c:7a:39:52:98:a8:1f:03:7e:47:a8:
         37:20:e8:be:c7:55:9e:fa:21:77:ce:2f:19:11:94:c7:0e:6f:
         9d:1d:06:c3:c7:5b:ef:34:2a:29:84:68:cd:08:4d:48:ae:77:
         21:f6:59:05:c6:5c:8a:04:dc:7f:c5:9c:12:ff:36:bf:ff:5a:
         97:3a:1a:0c:25:0f:c6:7b:0a:1c:e8:39:8e:4f:4c:69:3a:60:
         8e:3c:bd:86:ef:bb:c8:75:31:9f:a8:13:cd:a7:11:b7:87:97:
         02:f6:ad:54:6b:18:d3:98:df:df:94:ed:2a:3c:ca:83:e4:70:
         07:b0:86:49:de:43:bf:e6:92:45:39:67:cd:46:5f:12:4f:3a:
         da:53:b5:18:06:c3:41:a8:9c:5b:fd:53:dc:b1:ff:c3:22:f3:
         7d:b2:81:e9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURqUNKcbrH+LnqZ15Bk2Zms9jgPEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE1MTUwMjU3WhcNMjUxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0YTM5MzBlMDk1Nzg3MmFiOWQ4Y2ExMzVkN2YxYzAwMTVi
NGQxMzg3NTZiMzJjNjNkZTMzNzYwOWJiNWVmMzIwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCMnkdZpVaUpIKE5KV4nShT2NlM9pA+wIoQSxgx3bVUdF1o
ASN38PmOe2hSyb0UKXcENGMPJ4dbk8q5MDywNPjme9Tcuh01rHtue+D9F7KiT2M1
06521adMOrfWNzhbEC0+BJ7f4q1IGQeVckqYGTotrxNhJFMb0+dVj89YsnRRrS6S
awS6RGSx+wgZmMezfAnqolB9sFltoYDKdt2ULpvv5cKO1Elm4rc/If83ioTSO1/Z
54S5UDr6c5yZTiAr3vmYRnDUIRzhB4AF60reOTLwb+eK/MpUl1HDfrorm9gD0cN2
e1OBe/Rhp2At1WzMoA31TuNLrhxdClBvcV1DXAJZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU88bHp8BC2FmLzs6HGPsVc78/vAgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JhNDJkMWViLTYzZDAtNDAzNi1iOGUwLTA3OTcxZWNlNWRkYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjVrowDQYJKoZIhvcNAQELBQADggEBAHgG1k8XER9mnybbJIeM4hxwvlns
enP57l+4Psj9+YLUcPT2A+BswIH+1h1YxuKU9ie+EjipBkO9/lys44EiCZYhu58p
bkdkkcRAFsn1HZLFf0A/DXQFJR63bGllrIRtfAU8ejlSmKgfA35HqDcg6L7HVZ76
IXfOLxkRlMcOb50dBsPHW+80KimEaM0ITUiudyH2WQXGXIoE3H/FnBL/Nr//Wpc6
GgwlD8Z7ChzoOY5PTGk6YI48vYbvu8h1MZ+oE82nEbeHlwL2rVRrGNOY39+U7So8
yoPkcAewhkneQ7/mkkU5Z81GXxJPOtpTtRgGw0GonFv9U9yx/8Mi832ygek=
-----END CERTIFICATE-----