Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2044cf14-ba54-49f0-96be-8316c0a7e7e4.roa
File:                     2044cf14-ba54-49f0-96be-8316c0a7e7e4.roa (raw, json)
Hash identifier:          IQVhvOPSMHpz3G//Nz3oWLeBJ7nLsbab75ddnf7WZkc=
Subject key identifier:   BE:85:BA:9D:01:03:81:39:64:49:AC:DE:72:17:F5:8E:76:37:2E:28
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3FA5012F27E7D85447A67E49688F413DC20C31E5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2044cf14-ba54-49f0-96be-8316c0a7e7e4.roa
Signing time:             Wed 08 Oct 2025 00:42:12 +0000
ROA not before:           Wed 08 Oct 2025 00:42:12 +0000
ROA not after:            Wed 12 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.188.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:a5:01:2f:27:e7:d8:54:47:a6:7e:49:68:8f:41:3d:c2:0c:31:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  8 00:42:12 2025 GMT
            Not After : Nov 12 23:59:59 2025 GMT
        Subject: serialNumber=2bec321cc3d1eb99769bcc0d8d357b852a19d49f8603cf3c77a58ee8c2894637, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:99:cd:ea:cb:7b:c1:46:56:ea:83:d2:fb:14:
                    05:72:74:0b:4d:79:29:58:f1:99:79:49:a8:c8:b2:
                    fc:41:d8:87:07:86:55:60:e2:5c:95:91:2f:c5:7d:
                    c2:ca:c0:46:56:9b:f0:1f:87:c3:ff:ce:51:c1:66:
                    62:52:91:99:fd:55:d9:f3:06:c1:f4:07:27:95:0b:
                    9c:d4:b2:70:f2:bd:04:6e:a6:d6:30:a5:e8:c4:87:
                    5c:ca:db:89:53:32:54:04:6e:f4:b6:ac:e2:be:f3:
                    0e:96:d6:a3:d9:05:d5:8c:2d:36:19:b4:34:a0:dc:
                    66:af:4a:78:d3:19:a9:b5:71:76:af:36:ea:c0:97:
                    25:35:f7:44:a2:0d:a4:2b:a4:88:dd:4c:84:22:d3:
                    48:d4:5c:de:d6:73:3c:96:64:c3:c4:44:be:da:82:
                    a6:4c:0d:9c:68:cd:06:ed:81:0d:47:bf:01:b6:c8:
                    d6:ff:9a:21:79:ca:42:50:4a:e8:0d:e8:8d:e9:1a:
                    c4:65:f4:ea:c8:bb:4c:31:10:09:37:84:be:34:f8:
                    83:18:9a:f7:4b:44:e0:da:9c:92:0a:c5:5b:c6:a9:
                    91:2e:20:a9:59:84:2a:cc:42:c3:dc:d1:28:13:a2:
                    0b:d9:e8:b4:de:fd:e0:4e:36:6b:fd:0e:9a:a5:54:
                    f8:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:85:BA:9D:01:03:81:39:64:49:AC:DE:72:17:F5:8E:76:37:2E:28
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2044cf14-ba54-49f0-96be-8316c0a7e7e4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.188.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:b3:60:4c:f9:d7:10:d0:88:4c:57:f7:97:b8:18:dd:77:fc:
         a9:32:0d:41:07:df:07:77:48:92:14:74:a3:1d:64:fc:e6:b4:
         28:85:8f:c3:f9:70:b1:57:77:0c:f6:83:51:07:e0:ae:28:db:
         7c:37:b4:ad:a6:85:e6:30:2e:6d:7b:8b:cd:39:b8:8d:9d:48:
         85:0b:26:d3:8c:ad:82:dc:e4:3b:a9:77:87:e7:a7:bb:cd:f3:
         51:69:41:d4:49:c5:a5:ac:33:f7:d2:95:fb:71:38:72:6a:76:
         46:21:f8:69:ad:f9:10:bf:ef:ed:94:61:e4:91:e1:88:1f:00:
         80:f4:9e:75:8d:ea:07:5f:e2:e9:a9:3f:4a:d7:30:69:96:9a:
         7f:9d:04:31:a8:b9:11:73:54:34:84:de:71:68:54:73:85:49:
         97:53:80:ff:cb:7d:38:53:ae:4a:8b:6b:41:f2:55:28:74:43:
         b1:f6:3f:97:b2:ed:e1:24:92:61:2c:9f:25:c8:bc:cd:96:58:
         6c:2c:e1:db:76:87:ea:a4:fa:2a:87:6a:6f:c7:29:86:79:d8:
         62:61:0a:26:b2:e1:f2:13:58:01:96:61:ee:2b:1c:6e:21:6d:
         4c:d4:6c:2e:94:2c:82:3b:6f:63:85:50:0b:21:b6:72:62:ad:
         38:ca:b3:ee
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUP6UBLyfn2FRHpn5JaI9BPcIMMeUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA4MDA0MjEyWhcNMjUxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYmVjMzIxY2MzZDFlYjk5NzY5YmNjMGQ4ZDM1N2I4NTJh
MTlkNDlmODYwM2NmM2M3N2E1OGVlOGMyODk0NjM3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQmc3qy3vBRlbqg9L7FAVydAtNeSlY8Zl5SajIsvxB2IcH
hlVg4lyVkS/FfcLKwEZWm/Afh8P/zlHBZmJSkZn9VdnzBsH0ByeVC5zUsnDyvQRu
ptYwpejEh1zK24lTMlQEbvS2rOK+8w6W1qPZBdWMLTYZtDSg3GavSnjTGam1cXav
NurAlyU190SiDaQrpIjdTIQi00jUXN7WczyWZMPERL7agqZMDZxozQbtgQ1HvwG2
yNb/miF5ykJQSugN6I3pGsRl9OrIu0wxEAk3hL40+IMYmvdLRODanJIKxVvGqZEu
IKlZhCrMQsPc0SgTogvZ6LTe/eBONmv9DpqlVPj7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvoW6nQEDgTlkSazechf1jnY3LigwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIwNDRjZjE0LWJhNTQtNDlmMC05NmJlLTgzMTZjMGE3ZTdlNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFjl7wwDQYJKoZIhvcNAQELBQADggEBABGzYEz51xDQiExX95e4GN13/Kky
DUEH3wd3SJIUdKMdZPzmtCiFj8P5cLFXdwz2g1EH4K4o23w3tK2mheYwLm17i805
uI2dSIULJtOMrYLc5Dupd4fnp7vN81FpQdRJxaWsM/fSlftxOHJqdkYh+Gmt+RC/
7+2UYeSR4YgfAID0nnWN6gdf4umpP0rXMGmWmn+dBDGouRFzVDSE3nFoVHOFSZdT
gP/LfThTrkqLa0HyVSh0Q7H2P5ey7eEkkmEsnyXIvM2WWGws4dt2h+qk+iqHam/H
KYZ52GJhCiay4fITWAGWYe4rHG4hbUzUbC6ULII7b2OFUAshtnJirTjKs+4=
-----END CERTIFICATE-----