Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/225a41e5-dde6-424c-b8ee-427d2be83488.roa
File:                     225a41e5-dde6-424c-b8ee-427d2be83488.roa (raw, json)
Hash identifier:          ifI6JoSLn/0O2vI3CghumW3O/e3YYvghz4HlniSbbkw=
Subject key identifier:   F3:BC:89:56:67:9C:5B:A5:03:F4:1B:D5:A3:DE:2C:35:C5:26:17:C4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3460362EDCC90097604D7E431BFBF55E401CAF80
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/225a41e5-dde6-424c-b8ee-427d2be83488.roa
Signing time:             Fri 03 Oct 2025 00:52:57 +0000
ROA not before:           Fri 03 Oct 2025 00:52:57 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.130.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:60:36:2e:dc:c9:00:97:60:4d:7e:43:1b:fb:f5:5e:40:1c:af:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:52:57 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=b418a062651ae9f1863a983d976dda7e9a76c6ae51844a59bdb9e775d85a6e3c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:6b:24:aa:43:18:2e:03:08:60:6b:8c:3d:a6:
                    08:f7:a4:1b:15:11:b8:a2:08:17:80:51:f7:cb:45:
                    c9:3c:5d:18:2f:d3:ed:d4:c3:90:4e:53:d5:3f:64:
                    fb:11:fb:8f:34:af:53:71:31:b7:23:23:24:1c:62:
                    1d:bb:49:3f:0f:58:4c:67:9f:b5:81:ef:8b:ab:57:
                    f2:0a:76:5b:27:c3:92:44:4f:d8:55:bd:78:17:a3:
                    ca:fb:d3:62:a3:70:b4:b2:c1:e3:0c:0b:41:df:b4:
                    76:6b:63:70:3d:ca:33:af:81:b8:bb:47:ac:0c:02:
                    e2:25:f7:80:f2:63:48:32:4b:40:d7:0d:9a:43:f5:
                    36:f0:c7:19:b9:a1:24:67:65:7b:07:68:19:50:4e:
                    51:02:e2:58:6f:cd:5f:7b:41:66:ec:61:99:3d:b0:
                    43:c6:bc:38:10:4b:39:92:46:fc:18:c3:75:aa:92:
                    d1:be:68:bd:9d:76:45:a2:77:33:29:84:b1:3c:c7:
                    39:e4:7a:89:d8:ea:73:aa:e0:84:57:bd:e5:04:0a:
                    35:e6:60:b3:69:fd:4a:f8:c4:a9:9b:93:8b:e3:36:
                    1a:f8:7b:ba:69:e6:c9:da:69:e2:52:85:2b:93:57:
                    6c:c1:81:93:91:c5:40:e7:9d:c7:16:ef:41:d8:d4:
                    d0:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:BC:89:56:67:9C:5B:A5:03:F4:1B:D5:A3:DE:2C:35:C5:26:17:C4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/225a41e5-dde6-424c-b8ee-427d2be83488.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:a5:77:6e:4e:73:35:cc:7c:23:79:2d:83:9f:90:70:9d:a2:
         62:30:87:59:60:fc:54:64:f5:e5:5e:b6:f0:13:29:3a:1e:0a:
         7b:f0:07:77:7e:55:3a:83:60:00:da:1a:75:e1:5a:3b:3d:66:
         51:9e:31:dd:93:75:c7:6b:45:83:da:4a:45:4a:be:4f:51:3e:
         19:6a:bd:d7:e5:7b:81:2f:7f:ac:9a:a1:57:89:e6:eb:9e:da:
         77:cc:92:5f:53:b7:eb:21:53:29:9c:a3:d2:b1:6d:50:07:3d:
         1f:d5:cb:93:ba:4e:bb:84:f6:fd:82:2d:34:0e:1a:98:1f:14:
         ee:ba:ab:c4:4a:45:35:e4:a3:b9:8a:14:7a:2d:97:e1:10:4b:
         d1:63:67:30:a5:fe:db:31:34:c8:7a:13:de:9d:7e:64:da:ac:
         1f:69:6c:ff:98:25:30:70:46:46:80:e3:ef:33:7d:c0:42:8f:
         ea:b3:5d:52:d8:9d:0a:04:b1:f9:83:92:a5:73:42:69:c2:79:
         99:c9:38:dd:4d:06:bf:90:34:dc:f4:76:fb:59:45:c1:91:99:
         a9:26:ec:0d:89:7b:00:15:dd:c6:54:ff:c8:0b:62:c4:c1:d0:
         85:fa:82:6d:59:cc:8a:2e:56:80:4a:bb:d0:07:46:4e:21:bc:
         aa:c4:3c:08
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNGA2LtzJAJdgTX5DG/v1XkAcr4AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDA1MjU3WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNDE4YTA2MjY1MWFlOWYxODYzYTk4M2Q5NzZkZGE3ZTlh
NzZjNmFlNTE4NDRhNTliZGI5ZTc3NWQ4NWE2ZTNjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDfaySqQxguAwhga4w9pgj3pBsVEbiiCBeAUffLRck8XRgv
0+3Uw5BOU9U/ZPsR+480r1NxMbcjIyQcYh27ST8PWExnn7WB74urV/IKdlsnw5JE
T9hVvXgXo8r702KjcLSyweMMC0HftHZrY3A9yjOvgbi7R6wMAuIl94DyY0gyS0DX
DZpD9Tbwxxm5oSRnZXsHaBlQTlEC4lhvzV97QWbsYZk9sEPGvDgQSzmSRvwYw3Wq
ktG+aL2ddkWidzMphLE8xznkeonY6nOq4IRXveUECjXmYLNp/Ur4xKmbk4vjNhr4
e7pp5snaaeJShSuTV2zBgZORxUDnnccW70HY1NDlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU87yJVmecW6UD9BvVo94sNcUmF8QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIyNWE0MWU1LWRkZTYtNDI0Yy1iOGVlLTQyN2QyYmU4MzQ4OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTYIwDQYJKoZIhvcNAQELBQADggEBAGmld25OczXMfCN5LYOfkHCdomIw
h1lg/FRk9eVetvATKToeCnvwB3d+VTqDYADaGnXhWjs9ZlGeMd2TdcdrRYPaSkVK
vk9RPhlqvdfle4Evf6yaoVeJ5uue2nfMkl9Tt+shUymco9KxbVAHPR/Vy5O6TruE
9v2CLTQOGpgfFO66q8RKRTXko7mKFHotl+EQS9FjZzCl/tsxNMh6E96dfmTarB9p
bP+YJTBwRkaA4+8zfcBCj+qzXVLYnQoEsfmDkqVzQmnCeZnJON1NBr+QNNz0dvtZ
RcGRmakm7A2JewAV3cZU/8gLYsTB0IX6gm1ZzIouVoBKu9AHRk4hvKrEPAg=
-----END CERTIFICATE-----