Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28c57d0d-e861-474b-b383-3d563f8d44e6.roa
File:                     28c57d0d-e861-474b-b383-3d563f8d44e6.roa (raw, json)
Hash identifier:          4/Fxq7z9h9cIiXUicfMsVIAc7AAqCxfe3aWM5HCivAI=
Subject key identifier:   66:85:0B:3B:3A:4F:11:0E:A2:20:53:4F:8E:E8:62:57:73:00:39:FC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       21145F2086C7CEEE804E9CC900A8EFA014EF1FAE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28c57d0d-e861-474b-b383-3d563f8d44e6.roa
Signing time:             Wed 08 Oct 2025 00:43:00 +0000
ROA not before:           Wed 08 Oct 2025 00:43:00 +0000
ROA not after:            Wed 12 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.96.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:14:5f:20:86:c7:ce:ee:80:4e:9c:c9:00:a8:ef:a0:14:ef:1f:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  8 00:43:00 2025 GMT
            Not After : Nov 12 23:59:59 2025 GMT
        Subject: serialNumber=0f32e4c40ccaeb5787f369e06ce302928fdd08bdf3e266e8e5cbda68e71d50e8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:62:e9:1b:8f:f4:af:4d:2e:05:ab:12:ce:3d:
                    a9:d7:8c:15:da:02:c7:ba:72:3c:ad:1e:da:3a:79:
                    af:ce:a4:43:4f:10:67:a3:4d:e4:b1:25:b2:63:de:
                    01:3b:a6:4e:d9:ed:23:da:50:dd:8f:14:e4:8a:fb:
                    b9:f9:c7:16:f2:6f:06:a5:89:84:d4:7c:14:6d:a9:
                    48:69:ea:1d:db:8d:e2:c9:09:8d:ca:be:dd:7e:c7:
                    f4:d9:9a:6c:3f:b7:5d:05:f6:29:5d:14:c3:b5:8c:
                    0b:c5:71:0c:4d:b4:fe:44:92:32:93:79:f4:86:2c:
                    df:4d:73:f6:5d:99:45:8e:b4:ae:e0:ea:da:90:6e:
                    3e:ef:62:ac:b9:00:fc:6b:82:3b:73:8c:26:a6:11:
                    18:c4:c0:8a:a7:e0:13:a5:e6:ad:ff:bf:53:41:c6:
                    8f:56:2f:b8:9d:f5:e2:08:08:d4:23:4f:d1:2a:24:
                    e7:23:5f:b4:25:e5:62:a0:08:66:6f:7d:62:56:2f:
                    41:4a:9a:5f:94:e3:fe:d1:66:ea:ec:29:9d:10:00:
                    42:fb:c3:09:0b:07:7e:d3:4c:b2:d5:a5:5f:20:c1:
                    73:7d:12:72:2d:b9:f9:44:37:73:79:e8:d7:b5:17:
                    2b:e6:be:d0:ff:31:e4:1f:34:d2:ae:42:7c:a7:71:
                    6d:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:85:0B:3B:3A:4F:11:0E:A2:20:53:4F:8E:E8:62:57:73:00:39:FC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28c57d0d-e861-474b-b383-3d563f8d44e6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6e:eb:b3:63:04:80:17:d8:12:61:79:ea:4b:1a:c0:74:ee:8d:
         f2:28:9e:6e:e2:14:b4:0d:75:5b:e5:21:90:d2:d2:1c:69:c9:
         00:77:6b:2c:11:d7:8e:e1:b4:c5:10:51:2f:38:15:93:ed:fd:
         0b:5b:98:80:49:46:10:5f:68:d3:6f:1a:84:ab:fb:37:f7:21:
         18:71:63:2b:ac:a8:b5:dd:0d:cc:1e:95:c2:67:0f:7b:21:d0:
         d2:31:80:f6:6f:1c:66:67:18:de:6b:9b:8d:d2:e1:e8:f0:77:
         69:f2:68:ed:19:25:8e:11:be:d7:be:62:c4:53:a1:f9:c7:5e:
         58:29:32:25:e0:68:c9:85:d3:96:21:76:76:4b:2d:bc:f1:8a:
         64:bf:04:27:df:5f:50:43:3d:dc:32:7b:0f:30:8c:e2:43:d8:
         38:2f:36:2e:56:e2:d0:cd:56:d4:5e:23:89:79:cd:d4:07:a9:
         db:88:c3:0d:2f:31:1d:7a:ab:52:f5:7b:77:a1:9f:eb:11:c4:
         ab:af:bb:03:7f:44:77:c1:57:22:80:59:35:47:e9:c4:ba:2b:
         50:da:44:29:73:ff:6b:85:0e:ae:c9:c2:87:73:4a:b8:ce:d5:
         c4:33:eb:34:91:c1:b7:29:85:f5:d3:3c:a3:5d:0d:36:e4:c7:
         21:9e:94:30
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIRRfIIbHzu6ATpzJAKjvoBTvH64wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA4MDA0MzAwWhcNMjUxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwZjMyZTRjNDBjY2FlYjU3ODdmMzY5ZTA2Y2UzMDI5Mjhm
ZGQwOGJkZjNlMjY2ZThlNWNiZGE2OGU3MWQ1MGU4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtYukbj/SvTS4FqxLOPanXjBXaAse6cjytHto6ea/OpENP
EGejTeSxJbJj3gE7pk7Z7SPaUN2PFOSK+7n5xxbybwaliYTUfBRtqUhp6h3bjeLJ
CY3Kvt1+x/TZmmw/t10F9ildFMO1jAvFcQxNtP5EkjKTefSGLN9Nc/ZdmUWOtK7g
6tqQbj7vYqy5APxrgjtzjCamERjEwIqn4BOl5q3/v1NBxo9WL7id9eIICNQjT9Eq
JOcjX7Ql5WKgCGZvfWJWL0FKml+U4/7RZursKZ0QAEL7wwkLB37TTLLVpV8gwXN9
EnItuflEN3N56Ne1FyvmvtD/MeQfNNKuQnyncW35AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZoULOzpPEQ6iIFNPjuhiV3MAOfwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI4YzU3ZDBkLWU4NjEtNDc0Yi1iMzgzLTNkNTYzZjhkNDRlNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjl2AwDQYJKoZIhvcNAQELBQADggEBAG7rs2MEgBfYEmF56ksawHTujfIo
nm7iFLQNdVvlIZDS0hxpyQB3aywR147htMUQUS84FZPt/QtbmIBJRhBfaNNvGoSr
+zf3IRhxYyusqLXdDcwelcJnD3sh0NIxgPZvHGZnGN5rm43S4ejwd2nyaO0ZJY4R
vte+YsRTofnHXlgpMiXgaMmF05YhdnZLLbzximS/BCffX1BDPdwyew8wjOJD2Dgv
Ni5W4tDNVtReI4l5zdQHqduIww0vMR16q1L1e3ehn+sRxKuvuwN/RHfBVyKAWTVH
6cS6K1DaRClz/2uFDq7JwodzSrjO1cQz6zSRwbcphfXTPKNdDTbkxyGelDA=
-----END CERTIFICATE-----