Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e058d31b-3014-4814-ac5b-23691c28a52e.roa
File:                     e058d31b-3014-4814-ac5b-23691c28a52e.roa (raw, json)
Hash identifier:          IUVl3B6rtgbk8oCCQP1QzKipfceQ+wW9rJ/88cKXlig=
Subject key identifier:   CA:A4:EA:98:BA:B0:4C:E6:A7:B2:8A:86:D3:9E:36:4B:48:D7:63:2B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       33A6833CAD278A8A45CFF7AF1E0E19C0345EFBAA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e058d31b-3014-4814-ac5b-23691c28a52e.roa
Signing time:             Wed 15 Oct 2025 16:41:29 +0000
ROA not before:           Wed 15 Oct 2025 16:41:29 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.86.208.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:a6:83:3c:ad:27:8a:8a:45:cf:f7:af:1e:0e:19:c0:34:5e:fb:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 15 16:41:29 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=28a20aff800c4ea15352788f9287932b2d29b6ec58f631d4e8a30eac06f05083, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:7c:4a:86:38:a9:b8:a6:d9:57:0c:6a:93:34:
                    d2:84:a6:cd:07:1e:fb:95:8e:35:dc:92:e7:57:a6:
                    26:18:c0:83:81:f2:3d:92:fa:88:13:77:cd:45:7e:
                    3a:58:69:5f:83:a9:d5:64:f3:97:9c:00:f6:11:47:
                    4c:5e:9e:02:25:31:d1:8d:f7:88:b0:8b:5e:06:06:
                    db:fc:01:33:2c:8c:ec:00:8c:c7:03:71:93:99:33:
                    6a:47:be:1b:eb:ba:a7:a6:f8:5f:a4:86:60:53:c0:
                    42:50:c4:04:36:ee:f1:c0:7c:6f:9d:93:c2:17:bf:
                    7f:a9:7d:ec:57:71:24:02:07:96:c2:cf:5b:0c:24:
                    50:d6:66:ce:08:80:05:cd:3a:aa:13:24:68:2b:de:
                    b9:df:2a:e3:9f:f3:d3:e1:2e:bf:01:c9:61:0e:34:
                    92:1e:eb:92:3e:d4:38:ac:60:32:f4:ab:ab:98:1a:
                    da:96:8d:57:f9:f9:02:fb:10:4b:5a:3e:8c:b3:02:
                    4f:15:e4:2c:32:da:93:9e:78:e3:af:0f:3a:f4:1b:
                    f8:54:21:8c:38:c3:53:85:56:9d:73:bf:30:e3:a0:
                    f6:29:c6:59:98:81:1a:d4:c5:fc:a1:8d:4a:ed:f6:
                    c3:15:cc:e4:1b:ea:13:00:6a:ed:ae:4a:36:86:82:
                    79:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:A4:EA:98:BA:B0:4C:E6:A7:B2:8A:86:D3:9E:36:4B:48:D7:63:2B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e058d31b-3014-4814-ac5b-23691c28a52e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.86.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:89:89:83:a6:c9:28:6b:af:6a:10:6c:fd:63:02:44:39:5c:
         6b:d9:92:ab:dc:4a:07:4d:90:24:f1:39:ba:13:c6:c1:44:08:
         0c:bc:77:67:91:a9:55:25:f2:42:71:16:6b:bf:ec:3d:a9:b7:
         66:06:be:eb:69:57:1e:10:7d:fc:51:97:30:50:86:ac:4c:12:
         98:42:28:72:e3:22:50:30:08:37:64:ce:a2:d3:ad:51:e3:b2:
         5b:8d:e5:d3:b7:fc:c3:9b:92:84:c5:99:36:c9:e1:e5:cf:a9:
         df:dc:7c:10:22:db:40:c5:45:39:8a:6c:1f:05:2e:5b:8c:88:
         9c:a2:5b:6d:01:4e:01:6f:11:5e:b1:5a:b9:64:f3:08:4c:73:
         f3:e0:6e:b1:04:28:90:d1:df:4c:d5:8e:ed:10:41:83:6a:ba:
         53:26:93:e7:81:bd:62:e3:d1:e4:93:af:9f:67:9a:f8:3d:2b:
         d0:f4:6e:1d:61:08:a8:e4:5a:9a:51:71:f0:50:fd:89:57:84:
         d2:34:8e:81:5f:c9:83:02:bc:63:df:65:50:03:7f:85:52:98:
         48:c3:7a:cf:5b:3e:0a:2b:a9:d0:27:72:74:a0:66:87:d8:ab:
         b6:b7:9d:46:64:5b:a7:97:d5:03:22:19:e4:d1:74:e3:ee:3b:
         2c:20:cb:48
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUM6aDPK0niopFz/evHg4ZwDRe+6owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE1MTY0MTI5WhcNMjUxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AyOGEyMGFmZjgwMGM0ZWExNTM1Mjc4OGY5Mjg3OTMyYjJk
MjliNmVjNThmNjMxZDRlOGEzMGVhYzA2ZjA1MDgzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLfEqGOKm4ptlXDGqTNNKEps0HHvuVjjXckudXpiYYwIOB
8j2S+ogTd81FfjpYaV+DqdVk85ecAPYRR0xengIlMdGN94iwi14GBtv8ATMsjOwA
jMcDcZOZM2pHvhvruqem+F+khmBTwEJQxAQ27vHAfG+dk8IXv3+pfexXcSQCB5bC
z1sMJFDWZs4IgAXNOqoTJGgr3rnfKuOf89PhLr8ByWEONJIe65I+1DisYDL0q6uY
GtqWjVf5+QL7EEtaPoyzAk8V5Cwy2pOeeOOvDzr0G/hUIYw4w1OFVp1zvzDjoPYp
xlmYgRrUxfyhjUrt9sMVzOQb6hMAau2uSjaGgnmHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUyqTqmLqwTOansoqG0542S0jXYyswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UwNThkMzFiLTMwMTQtNDgxNC1hYzViLTIzNjkxYzI4YTUyZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJjVtAwDQYJKoZIhvcNAQELBQADggEBAA2JiYOmyShrr2oQbP1jAkQ5XGvZ
kqvcSgdNkCTxOboTxsFECAy8d2eRqVUl8kJxFmu/7D2pt2YGvutpVx4QffxRlzBQ
hqxMEphCKHLjIlAwCDdkzqLTrVHjsluN5dO3/MObkoTFmTbJ4eXPqd/cfBAi20DF
RTmKbB8FLluMiJyiW20BTgFvEV6xWrlk8whMc/PgbrEEKJDR30zVju0QQYNqulMm
k+eBvWLj0eSTr59nmvg9K9D0bh1hCKjkWppRcfBQ/YlXhNI0joFfyYMCvGPfZVAD
f4VSmEjDes9bPgorqdAncnSgZofYq7a3nUZkW6eX1QMiGeTRdOPuOywgy0g=
-----END CERTIFICATE-----