Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c1d2c06d-5355-465b-8d51-dfef82b5d000.roa
File:                     c1d2c06d-5355-465b-8d51-dfef82b5d000.roa (raw, json)
Hash identifier:          vIME+CY4SYezJBZXkWPg66Ku8KubiRU5ZnuNt7tPJYA=
Subject key identifier:   61:63:B5:52:1D:5D:7A:19:B5:34:B2:37:CC:1E:C1:0B:FB:1B:C0:48
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0ADEB7E3392CE1E19400AF5F11865C7BA24DFA6C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c1d2c06d-5355-465b-8d51-dfef82b5d000.roa
Signing time:             Tue 21 Oct 2025 00:10:55 +0000
ROA not before:           Tue 21 Oct 2025 00:10:55 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        161.99.128.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:de:b7:e3:39:2c:e1:e1:94:00:af:5f:11:86:5c:7b:a2:4d:fa:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 21 00:10:55 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=097e3272476b644758b3471f2083bf5ff486440b87ae1173ce656b47722c8fcb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:73:d7:c6:be:17:40:05:f4:4b:8e:e0:fd:94:
                    7d:2e:6a:4c:00:1b:7e:26:d1:0d:ef:99:ac:d6:48:
                    79:2d:ca:1e:d7:b4:4b:6e:86:06:85:0b:d6:c3:a2:
                    5c:c7:d8:e5:81:8e:0e:eb:b2:32:6b:8b:08:df:09:
                    90:82:82:68:f7:cf:b4:9a:0b:d3:10:5c:33:d1:5b:
                    34:97:9b:3c:cf:17:f3:f8:7c:8a:87:ca:ae:bf:f0:
                    56:83:8d:07:38:5c:89:8d:6d:c1:32:49:c3:f6:3d:
                    54:da:eb:fb:54:57:99:09:c0:b8:07:79:b5:31:18:
                    2f:bd:37:1f:c6:f0:2a:09:7c:9c:3b:66:6d:94:49:
                    ee:fb:7b:28:c6:15:33:26:f4:ef:00:83:2f:87:db:
                    24:a0:33:a7:d8:da:32:83:2c:a3:e7:e9:4c:65:18:
                    eb:d2:6b:a9:b3:cc:52:73:57:d4:ad:35:82:7f:36:
                    2e:cf:91:b6:70:35:ea:e7:d5:c9:07:69:49:85:70:
                    1f:76:de:55:13:4a:b1:98:35:21:93:ad:f1:5b:cf:
                    f6:36:c3:fe:40:b1:a9:1f:3d:50:35:8c:96:79:ae:
                    89:bb:76:57:f3:d4:48:d9:94:61:cc:81:ae:36:47:
                    85:29:34:bb:e9:d6:71:af:37:0d:15:87:2f:ae:01:
                    af:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:63:B5:52:1D:5D:7A:19:B5:34:B2:37:CC:1E:C1:0B:FB:1B:C0:48
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c1d2c06d-5355-465b-8d51-dfef82b5d000.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.99.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         63:3e:4d:02:c3:f4:38:a9:ae:da:f0:fb:69:35:69:1a:1a:4e:
         d9:98:75:3b:9e:b0:e3:65:62:0e:64:11:40:f1:4d:ae:32:48:
         38:b0:ab:44:6e:4f:9f:b6:cb:0b:63:88:77:27:d3:19:92:d2:
         cb:8f:1b:db:bd:8a:1f:79:04:dc:c7:0e:ca:0b:84:d6:ec:52:
         33:aa:8d:d1:f9:23:dc:2e:20:aa:9d:86:54:c4:fc:2e:aa:f6:
         3c:f9:8d:84:f0:32:5b:0a:2b:cb:60:a1:2f:8e:61:03:ad:f1:
         2e:9d:98:cf:ec:21:0e:19:71:97:ba:32:44:fb:11:f6:6c:ec:
         9b:75:9c:d8:f4:6a:d8:2b:67:78:07:1d:b9:2d:60:9e:ff:48:
         92:31:24:d1:0f:24:61:e4:5b:9c:10:d3:4c:95:3f:76:30:03:
         f9:cd:54:3e:37:a6:8c:18:67:60:63:a1:de:82:db:ae:79:af:
         7c:b5:d4:c7:d6:c0:a8:bf:a1:f1:e9:99:39:73:32:5b:a5:90:
         df:0c:11:9b:fd:7f:d8:60:03:d9:8e:f0:c0:1f:11:91:22:4c:
         df:3b:3b:68:99:f0:fe:c4:fb:39:79:85:e3:2b:c8:fd:35:a5:
         a3:a1:39:b0:fe:78:4a:1c:1b:cd:d1:ae:b6:39:7d:27:26:a4:
         2d:6f:06:bb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCt634zks4eGUAK9fEYZce6JN+mwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIxMDAxMDU1WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AwOTdlMzI3MjQ3NmI2NDQ3NThiMzQ3MWYyMDgzYmY1ZmY0
ODY0NDBiODdhZTExNzNjZTY1NmI0NzcyMmM4ZmNiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWc9fGvhdABfRLjuD9lH0uakwAG34m0Q3vmazWSHktyh7X
tEtuhgaFC9bDolzH2OWBjg7rsjJriwjfCZCCgmj3z7SaC9MQXDPRWzSXmzzPF/P4
fIqHyq6/8FaDjQc4XImNbcEyScP2PVTa6/tUV5kJwLgHebUxGC+9Nx/G8CoJfJw7
Zm2USe77eyjGFTMm9O8Agy+H2ySgM6fY2jKDLKPn6UxlGOvSa6mzzFJzV9StNYJ/
Ni7PkbZwNern1ckHaUmFcB923lUTSrGYNSGTrfFbz/Y2w/5AsakfPVA1jJZ5rom7
dlfz1EjZlGHMga42R4UpNLvp1nGvNw0Vhy+uAa+TAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYWO1Uh1dehm1NLI3zB7BC/sbwEgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MxZDJjMDZkLTUzNTUtNDY1Yi04ZDUxLWRmZWY4MmI1ZDAwMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAehY4AwDQYJKoZIhvcNAQELBQADggEBAGM+TQLD9Diprtrw+2k1aRoaTtmY
dTuesONlYg5kEUDxTa4ySDiwq0RuT5+2ywtjiHcn0xmS0suPG9u9ih95BNzHDsoL
hNbsUjOqjdH5I9wuIKqdhlTE/C6q9jz5jYTwMlsKK8tgoS+OYQOt8S6dmM/sIQ4Z
cZe6MkT7EfZs7Jt1nNj0atgrZ3gHHbktYJ7/SJIxJNEPJGHkW5wQ00yVP3YwA/nN
VD43powYZ2Bjod6C2655r3y11MfWwKi/ofHpmTlzMlulkN8MEZv9f9hgA9mO8MAf
EZEiTN87O2iZ8P7E+zl5heMryP01paOhObD+eEocG83RrrY5fScmpC1vBrs=
-----END CERTIFICATE-----