Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/beb0af32-61c3-4bc0-bda5-bcc144dd8f91.roa
File:                     beb0af32-61c3-4bc0-bda5-bcc144dd8f91.roa (raw, json)
Hash identifier:          3YyAZYLnnLqsEgpQIVZfNLrrvU27M+QicETWnPWXlTo=
Subject key identifier:   C5:4E:70:09:E1:72:B6:66:0F:1A:D8:9C:A3:37:ED:EC:3A:4E:55:38
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2189F52CBC9924D0CEF35C6C7F0A4E2930EAC617
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/beb0af32-61c3-4bc0-bda5-bcc144dd8f91.roa
Signing time:             Wed 01 Oct 2025 00:52:52 +0000
ROA not before:           Wed 01 Oct 2025 00:52:52 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        98.77.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:89:f5:2c:bc:99:24:d0:ce:f3:5c:6c:7f:0a:4e:29:30:ea:c6:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:52:52 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=aa46c2ee82f2e6423cb76f6fcccb195c59e8b2bd124415cddb621c3bcd4158ce, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:63:02:37:b2:da:e5:d7:56:de:0e:75:09:60:
                    08:50:c5:a5:91:5a:e3:8b:ae:4b:16:eb:df:60:99:
                    25:2b:47:da:a6:dd:11:20:8f:80:a7:f9:50:e6:69:
                    27:e3:30:ec:de:cc:94:10:d2:ff:95:44:68:92:c7:
                    d1:fa:17:29:ae:08:d8:5b:38:43:12:b2:e4:79:5d:
                    fa:4c:e9:a9:8d:5b:d8:f5:6a:17:9d:18:2e:df:3a:
                    05:58:db:15:53:01:e8:3f:af:d6:4f:b6:aa:0c:af:
                    60:61:34:b3:54:bf:e3:c3:aa:ed:7e:ae:9a:a0:5f:
                    e0:26:11:af:8c:0d:8d:b1:78:a9:72:2a:82:56:19:
                    24:59:5c:aa:bd:33:37:f8:63:62:7f:1b:86:5e:23:
                    64:a3:98:a1:52:05:d5:06:65:f6:9c:48:9d:37:4f:
                    cd:da:6a:f7:bd:4a:28:fb:41:b6:ec:cc:49:9c:c4:
                    b9:67:51:f3:f9:99:c4:d5:e0:d4:c0:30:af:7e:1b:
                    02:6f:2f:b9:38:b6:b0:7f:c3:c3:5a:95:44:08:0b:
                    2c:18:a3:5a:0c:7e:e3:3f:90:66:6d:cb:c2:40:f8:
                    3b:b0:2d:9b:19:90:11:89:26:ec:37:99:6e:a2:73:
                    26:fd:b4:a2:d1:f4:11:da:18:7c:40:d7:b8:2d:af:
                    d0:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:4E:70:09:E1:72:B6:66:0F:1A:D8:9C:A3:37:ED:EC:3A:4E:55:38
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/beb0af32-61c3-4bc0-bda5-bcc144dd8f91.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  98.77.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         66:38:30:ed:fb:b7:90:c0:65:94:53:3a:38:a4:d4:32:2f:66:
         7e:53:c7:01:01:ea:f5:ad:a7:2f:27:33:fb:b8:c3:b9:88:61:
         c0:ff:1d:c4:d2:39:77:80:04:cb:f9:b7:89:9a:45:07:62:c1:
         34:89:c5:40:51:59:a7:26:56:50:d6:2c:34:39:dd:3a:ee:cc:
         39:12:79:9d:79:8c:65:2f:9b:6d:bc:07:81:3f:ec:44:f1:1a:
         7f:25:ae:30:33:d0:1a:b4:c9:00:2c:be:98:8f:df:b4:d9:3b:
         94:67:16:9e:76:56:63:05:a4:ea:48:78:db:93:e5:0b:56:cc:
         60:c8:40:6f:c2:46:1c:6f:23:4c:16:b1:7c:f0:6a:35:31:53:
         6c:c2:fe:b3:a1:bc:ad:49:1c:92:f1:33:be:e5:97:81:47:ce:
         56:ef:5b:73:49:91:ab:2b:de:1c:e3:0b:9d:c8:ed:1f:aa:25:
         e6:bd:13:39:6c:2b:d6:5d:03:0b:21:4b:69:72:f7:0a:a4:f9:
         99:cc:54:12:1d:91:6e:cf:7c:a4:be:8e:2f:ce:29:9b:e8:3e:
         de:07:84:6a:63:7e:fe:4f:ed:40:9d:b1:26:60:b3:13:21:ef:
         23:5a:6b:fb:bd:53:e1:96:1f:2f:54:24:c9:aa:06:07:df:3a:
         2d:99:57:d9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUIYn1LLyZJNDO81xsfwpOKTDqxhcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDA1MjUyWhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYTQ2YzJlZTgyZjJlNjQyM2NiNzZmNmZjY2NiMTk1YzU5
ZThiMmJkMTI0NDE1Y2RkYjYyMWMzYmNkNDE1OGNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNYwI3strl11beDnUJYAhQxaWRWuOLrksW699gmSUrR9qm
3REgj4Cn+VDmaSfjMOzezJQQ0v+VRGiSx9H6FymuCNhbOEMSsuR5XfpM6amNW9j1
ahedGC7fOgVY2xVTAeg/r9ZPtqoMr2BhNLNUv+PDqu1+rpqgX+AmEa+MDY2xeKly
KoJWGSRZXKq9Mzf4Y2J/G4ZeI2SjmKFSBdUGZfacSJ03T83aave9Sij7QbbszEmc
xLlnUfP5mcTV4NTAMK9+GwJvL7k4trB/w8NalUQICywYo1oMfuM/kGZty8JA+Duw
LZsZkBGJJuw3mW6icyb9tKLR9BHaGHxA17gtr9CXAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUxU5wCeFytmYPGticozft7DpOVTgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JlYjBhZjMyLTYxYzMtNGJjMC1iZGE1LWJjYzE0NGRkOGY5MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBiTTANBgkqhkiG9w0BAQsFAAOCAQEAZjgw7fu3kMBllFM6OKTUMi9mflPH
AQHq9a2nLycz+7jDuYhhwP8dxNI5d4AEy/m3iZpFB2LBNInFQFFZpyZWUNYsNDnd
Ou7MORJ5nXmMZS+bbbwHgT/sRPEafyWuMDPQGrTJACy+mI/ftNk7lGcWnnZWYwWk
6kh425PlC1bMYMhAb8JGHG8jTBaxfPBqNTFTbML+s6G8rUkckvEzvuWXgUfOVu9b
c0mRqyveHOMLncjtH6ol5r0TOWwr1l0DCyFLaXL3CqT5mcxUEh2Rbs98pL6OL84p
m+g+3geEamN+/k/tQJ2xJmCzEyHvI1pr+71T4ZYfL1QkyaoGB986LZlX2Q==
-----END CERTIFICATE-----