Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1708c9ff-3127-454f-89db-7342094cdf97.roa
File:                     1708c9ff-3127-454f-89db-7342094cdf97.roa (raw, json)
Hash identifier:          2KJKWxV5S2FvqJbilwFD03AReZADJgnTIdr07RLAU1o=
Subject key identifier:   62:59:B8:D8:31:B6:FD:C4:74:CB:D7:0A:24:C6:3B:9B:96:C9:28:81
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       70A46B3D82696A6ED5E4D6ED3FC1277D73011F1D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1708c9ff-3127-454f-89db-7342094cdf97.roa
Signing time:             Wed 01 Oct 2025 00:51:17 +0000
ROA not before:           Wed 01 Oct 2025 00:51:17 +0000
ROA not after:            Wed 05 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.133.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:a4:6b:3d:82:69:6a:6e:d5:e4:d6:ed:3f:c1:27:7d:73:01:1f:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  1 00:51:17 2025 GMT
            Not After : Nov  5 23:59:59 2025 GMT
        Subject: serialNumber=4590d7422f065c17af7b64ce7d125f3c4f4a3b7a291039d958ba66574dc83578, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:a6:d6:46:64:30:61:54:4a:14:7d:60:d1:4d:
                    3d:fa:c3:ee:8f:1d:e1:06:01:84:01:b0:79:e5:a3:
                    a4:73:64:50:8e:88:05:5f:51:51:b1:d4:88:f9:4e:
                    6e:12:34:21:56:52:94:a5:32:41:1e:77:1c:61:d2:
                    22:25:2d:66:b6:7c:e6:e7:5f:d1:94:09:8b:5d:f8:
                    00:1c:c8:26:e3:03:f4:f9:22:14:8b:2e:22:45:44:
                    e4:75:92:25:00:97:4e:18:72:c0:55:87:1e:43:2c:
                    8c:a4:f2:db:d5:7d:e8:ed:86:55:eb:b5:90:56:3b:
                    18:18:69:40:f1:b8:4d:1c:84:76:58:59:31:7b:38:
                    64:82:ef:2d:85:ad:1a:66:7a:95:2c:c2:3b:67:b6:
                    48:40:60:d1:ea:57:45:0a:ee:19:49:6d:d9:ad:18:
                    8c:cc:17:d2:08:f7:d2:61:34:d9:fe:36:8a:41:ca:
                    80:a3:29:24:db:13:60:d4:8d:57:fb:b0:74:e2:78:
                    c7:86:bd:a7:26:25:f6:dc:5f:73:cd:b0:e2:8c:59:
                    d0:8d:61:3c:dd:dd:76:b7:71:c8:98:43:e2:83:15:
                    65:3a:47:97:3f:46:f9:b1:6c:e6:b2:76:9b:5d:ff:
                    b7:6f:0a:b1:d0:56:3a:c0:48:89:05:ae:bd:29:34:
                    bb:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:59:B8:D8:31:B6:FD:C4:74:CB:D7:0A:24:C6:3B:9B:96:C9:28:81
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1708c9ff-3127-454f-89db-7342094cdf97.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:64:8f:c8:23:58:92:d1:d4:60:f8:33:be:52:e3:6d:52:54:
         b0:c3:2e:79:a8:e3:a7:db:33:31:f7:02:1d:dc:2c:50:a1:0b:
         ab:bc:b8:16:ae:68:31:5d:94:45:c3:71:d8:2c:1d:81:6a:b4:
         e5:07:53:e3:38:35:69:78:4d:3d:00:33:2d:7f:86:f4:f0:bb:
         54:90:89:71:93:5e:f4:7e:19:89:7f:23:d8:56:0d:dd:d3:3f:
         f5:fd:3e:8f:18:7e:ed:2e:dd:26:d3:ea:23:01:03:8b:ee:10:
         fa:35:8f:6e:0b:35:61:27:3f:6b:50:d5:64:39:82:bd:46:76:
         0b:3f:1c:06:10:8c:2e:99:8c:cb:04:e6:07:e5:2e:66:ee:9e:
         50:cf:0e:e0:16:4c:0e:a3:6b:13:ba:a6:93:b5:12:2b:5e:a0:
         9a:fd:45:44:e7:1e:38:7c:a5:8a:c2:d6:85:2c:b0:0c:57:21:
         8e:21:d0:55:59:47:de:ac:2c:dd:fc:14:d3:3d:a9:d3:ab:07:
         50:b1:44:96:1a:b0:58:80:33:ad:97:e5:19:68:6b:c7:c0:82:
         c5:6d:b9:df:81:31:b1:8f:93:50:af:b8:a4:f5:ad:4f:bc:4b:
         f7:2e:4a:7b:7b:3b:f7:3b:83:e5:0d:cd:df:b6:5b:4b:24:d5:
         5d:bf:8a:99
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcKRrPYJpam7V5NbtP8EnfXMBHx0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAxMDA1MTE3WhcNMjUxMTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NTkwZDc0MjJmMDY1YzE3YWY3YjY0Y2U3ZDEyNWYzYzRm
NGEzYjdhMjkxMDM5ZDk1OGJhNjY1NzRkYzgzNTc4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWptZGZDBhVEoUfWDRTT36w+6PHeEGAYQBsHnlo6RzZFCO
iAVfUVGx1Ij5Tm4SNCFWUpSlMkEedxxh0iIlLWa2fObnX9GUCYtd+AAcyCbjA/T5
IhSLLiJFROR1kiUAl04YcsBVhx5DLIyk8tvVfejthlXrtZBWOxgYaUDxuE0chHZY
WTF7OGSC7y2FrRpmepUswjtntkhAYNHqV0UK7hlJbdmtGIzMF9II99JhNNn+NopB
yoCjKSTbE2DUjVf7sHTieMeGvacmJfbcX3PNsOKMWdCNYTzd3Xa3cciYQ+KDFWU6
R5c/RvmxbOaydptd/7dvCrHQVjrASIkFrr0pNLuhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYlm42DG2/cR0y9cKJMY7m5bJKIEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE3MDhjOWZmLTMxMjctNDU0Zi04OWRiLTczNDIwOTRjZGY5Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTYUwDQYJKoZIhvcNAQELBQADggEBAAdkj8gjWJLR1GD4M75S421SVLDD
Lnmo46fbMzH3Ah3cLFChC6u8uBauaDFdlEXDcdgsHYFqtOUHU+M4NWl4TT0AMy1/
hvTwu1SQiXGTXvR+GYl/I9hWDd3TP/X9Po8Yfu0u3SbT6iMBA4vuEPo1j24LNWEn
P2tQ1WQ5gr1Gdgs/HAYQjC6ZjMsE5gflLmbunlDPDuAWTA6jaxO6ppO1EiteoJr9
RUTnHjh8pYrC1oUssAxXIY4h0FVZR96sLN38FNM9qdOrB1CxRJYasFiAM62X5Rlo
a8fAgsVtud+BMbGPk1CvuKT1rU+8S/cuSnt7O/c7g+UNzd+2W0sk1V2/ipk=
-----END CERTIFICATE-----