Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/117944a8-f5d7-4113-af1e-0bbe021ee718.roa
File:                     117944a8-f5d7-4113-af1e-0bbe021ee718.roa (raw, json)
Hash identifier:          Vsd4Zy61nsLJ5XDc2+pYGd5AkMBcpsbZjc8hXvKEh98=
Subject key identifier:   3B:C5:01:53:30:E2:42:45:5D:79:B5:D3:07:52:F1:02:D0:E3:78:42
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       415BAF5A2A7521CCD761DE42F7867D2229336FE2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/117944a8-f5d7-4113-af1e-0bbe021ee718.roa
Signing time:             Wed 15 Oct 2025 16:41:58 +0000
ROA not before:           Wed 15 Oct 2025 16:41:58 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.86.253.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:5b:af:5a:2a:75:21:cc:d7:61:de:42:f7:86:7d:22:29:33:6f:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 15 16:41:58 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=b069960d711a82c8c50836419cc28b1645742a8e13bdda4de0869e9dad79b846, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:03:32:93:f9:b5:09:ad:16:77:4a:9b:51:3a:
                    86:9f:8c:bd:37:d6:5c:0b:9b:ad:48:77:60:83:a9:
                    fe:b0:be:8e:58:35:29:4c:50:b8:65:b0:de:40:1f:
                    57:16:f4:d5:62:92:b1:94:5b:cd:a6:a7:ac:4f:b1:
                    43:ba:a3:5f:85:b3:2b:3d:5a:3e:2a:d7:b6:1b:b3:
                    1e:8c:a2:3f:c3:97:12:da:9b:d3:32:6f:16:a9:84:
                    27:54:74:3f:74:9a:a7:e6:79:fa:38:30:d4:6e:e6:
                    14:6f:8a:09:92:85:f4:6d:2a:d6:cb:26:1a:7b:98:
                    c7:eb:4a:04:45:bb:fd:b2:f5:65:d5:ed:7b:8a:fe:
                    27:9e:59:b3:d1:09:2e:ef:ef:eb:d3:78:5d:8f:78:
                    b9:f0:b4:80:e7:39:8e:ea:b2:06:6f:16:fa:89:4a:
                    b7:72:eb:e0:dc:0e:62:61:64:fb:db:5f:b4:f4:9c:
                    6e:31:f3:40:28:77:8d:1a:55:d1:42:72:a1:85:e6:
                    53:64:19:69:78:26:a7:f6:6f:8b:da:01:34:ec:ca:
                    86:b5:8d:72:b8:8c:cf:ff:e2:99:46:5c:b5:5c:8f:
                    60:e0:9c:33:d4:4c:4e:1d:b0:de:45:ec:da:3f:05:
                    24:d3:68:d2:d2:51:1b:7e:40:5a:5a:f4:0f:13:12:
                    44:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:C5:01:53:30:E2:42:45:5D:79:B5:D3:07:52:F1:02:D0:E3:78:42
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/117944a8-f5d7-4113-af1e-0bbe021ee718.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.86.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:ae:27:dc:27:67:8d:37:c4:ed:9b:95:56:da:5a:c1:a7:ec:
         9e:a7:cf:b6:6a:c9:ee:9e:a2:18:09:da:07:98:6d:86:75:56:
         67:3b:79:29:05:57:63:a2:31:ac:3c:6d:39:ba:14:49:21:39:
         97:0d:7c:c4:3a:bc:2c:83:1b:85:a2:f6:68:81:6c:6d:e3:3c:
         92:71:ca:fa:2d:c9:dd:8b:90:9d:0b:dd:e4:94:22:81:ed:2f:
         e0:57:6f:4b:dd:0d:87:61:55:01:4c:04:69:75:42:df:e0:df:
         5f:5f:76:49:2e:45:08:06:9f:a6:4c:9e:92:7e:b7:05:09:08:
         bf:f4:62:a3:ca:6a:f4:d6:2a:4a:bd:78:de:3f:cf:d6:3e:71:
         be:80:59:26:67:c5:d3:5c:b3:40:40:c6:ca:d9:ba:d4:91:bd:
         6d:ab:f7:9e:5b:56:fa:5e:f2:19:61:88:aa:5a:f4:e6:42:9e:
         ca:8c:ab:52:8c:7e:b7:46:5f:cd:61:cd:06:cb:85:a3:96:d6:
         c0:8f:98:71:ed:04:65:3c:67:77:ae:47:4e:93:d7:e1:0a:bb:
         cc:02:2c:f6:58:a8:61:80:88:7d:8b:54:fd:1a:b7:0e:ed:b4:
         5e:87:ee:d0:2a:cc:de:96:54:69:de:d8:93:ae:43:4f:73:88:
         a4:9f:3e:10
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQVuvWip1IczXYd5C94Z9Iikzb+IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE1MTY0MTU4WhcNMjUxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMDY5OTYwZDcxMWE4MmM4YzUwODM2NDE5Y2MyOGIxNjQ1
NzQyYThlMTNiZGRhNGRlMDg2OWU5ZGFkNzliODQ2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjAzKT+bUJrRZ3SptROoafjL031lwLm61Id2CDqf6wvo5Y
NSlMULhlsN5AH1cW9NVikrGUW82mp6xPsUO6o1+Fsys9Wj4q17Ybsx6Moj/DlxLa
m9MybxaphCdUdD90mqfmefo4MNRu5hRvigmShfRtKtbLJhp7mMfrSgRFu/2y9WXV
7XuK/ieeWbPRCS7v7+vTeF2PeLnwtIDnOY7qsgZvFvqJSrdy6+DcDmJhZPvbX7T0
nG4x80Aod40aVdFCcqGF5lNkGWl4Jqf2b4vaATTsyoa1jXK4jM//4plGXLVcj2Dg
nDPUTE4dsN5F7No/BSTTaNLSURt+QFpa9A8TEkQdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUO8UBUzDiQkVdebXTB1LxAtDjeEIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzExNzk0NGE4LWY1ZDctNDExMy1hZjFlLTBiYmUwMjFlZTcxOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjVv0wDQYJKoZIhvcNAQELBQADggEBAL6uJ9wnZ403xO2blVbaWsGn7J6n
z7Zqye6eohgJ2geYbYZ1Vmc7eSkFV2OiMaw8bTm6FEkhOZcNfMQ6vCyDG4Wi9miB
bG3jPJJxyvotyd2LkJ0L3eSUIoHtL+BXb0vdDYdhVQFMBGl1Qt/g319fdkkuRQgG
n6ZMnpJ+twUJCL/0YqPKavTWKkq9eN4/z9Y+cb6AWSZnxdNcs0BAxsrZutSRvW2r
955bVvpe8hlhiKpa9OZCnsqMq1KMfrdGX81hzQbLhaOW1sCPmHHtBGU8Z3euR06T
1+EKu8wCLPZYqGGAiH2LVP0atw7ttF6H7tAqzN6WVGne2JOuQ09ziKSfPhA=
-----END CERTIFICATE-----