Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2c50577a-0584-4873-b250-87c171b5c8e2.roa
File:                     2c50577a-0584-4873-b250-87c171b5c8e2.roa (raw, json)
Hash identifier:          ePjww0Y4OC3mu/GPQIZKGKjFv9iFSrHusTozMkCfcJc=
Subject key identifier:   5D:2A:23:3A:55:85:3F:69:A4:B8:3B:B7:D5:DB:60:86:A9:F8:CC:BD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2D72F343F34A10AB1CAE57FBA2FB09C9B8371C54
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2c50577a-0584-4873-b250-87c171b5c8e2.roa
Signing time:             Fri 03 Oct 2025 00:51:14 +0000
ROA not before:           Fri 03 Oct 2025 00:51:14 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.131.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:72:f3:43:f3:4a:10:ab:1c:ae:57:fb:a2:fb:09:c9:b8:37:1c:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:51:14 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=9fff2a2e066db1cc2114b9b28cf71ee605c12b6c2da3f5fb620825cdfd139b70, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:93:4a:70:93:b6:4d:f4:ac:e4:44:96:b7:c5:
                    77:e8:d3:a0:63:54:b6:d0:b9:e8:df:cc:84:11:68:
                    e6:7a:b1:d5:e3:19:4e:8d:1e:62:ed:83:39:89:92:
                    57:f3:31:83:15:11:dd:92:77:e6:cf:b2:d5:f4:c5:
                    f2:88:0c:1d:f7:94:2d:5a:8a:7c:17:9c:ea:15:01:
                    91:df:77:0a:41:a1:a4:44:df:66:47:2f:40:3a:78:
                    3d:39:e8:e9:e1:a9:b6:a7:76:33:1d:cc:1a:68:c3:
                    d9:74:55:89:4e:e3:2a:00:a0:93:a1:66:58:a2:bd:
                    d0:29:ad:a5:8a:94:94:25:38:8b:f9:3f:97:78:47:
                    ce:ab:87:91:59:d7:44:df:2a:9d:25:ca:26:fa:5a:
                    55:49:ca:2e:7e:94:1b:65:16:ae:62:b8:5f:1c:73:
                    aa:22:7c:0f:de:94:d0:db:e4:77:aa:4e:13:87:23:
                    54:c4:b2:bc:67:a2:e9:18:67:6d:57:6b:1b:fa:3e:
                    52:fd:f2:77:dc:ec:5c:b2:eb:e1:38:09:36:53:d8:
                    04:18:22:2a:89:83:9f:73:14:4f:fc:38:be:98:0c:
                    67:d0:19:75:17:67:8a:ae:70:9c:8e:f1:a0:24:b2:
                    e8:b0:02:30:b1:be:98:7d:89:dc:37:97:2e:bf:c7:
                    27:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:2A:23:3A:55:85:3F:69:A4:B8:3B:B7:D5:DB:60:86:A9:F8:CC:BD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2c50577a-0584-4873-b250-87c171b5c8e2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:90:f8:3f:92:35:4b:91:4d:7e:8f:f1:8d:d2:67:ec:e2:53:
         3a:31:4e:11:33:9a:0e:b9:24:49:08:df:cc:bb:b7:ad:d0:01:
         f2:fd:39:01:d2:40:67:23:b3:18:16:9c:4a:28:13:cd:e1:9d:
         6c:a9:ad:6d:94:d4:cc:91:25:de:c0:e2:77:47:5e:e2:d4:c9:
         86:6b:5e:58:b2:5f:d0:4c:5a:cd:67:da:9a:d6:1d:9a:b1:58:
         8a:dd:8b:b9:9e:d2:69:24:6a:8c:1d:b5:30:d9:56:79:17:b4:
         d2:d1:c1:f7:6b:da:fc:20:be:ac:0a:b0:67:c5:52:4d:ec:96:
         cf:09:44:25:4c:a2:d1:0f:18:7e:c7:75:a2:2c:8a:17:d3:05:
         d3:44:57:fc:04:1e:65:e8:7a:ef:bb:b9:65:77:73:23:ab:46:
         93:01:1e:55:5a:ce:22:e2:db:18:df:51:16:12:a1:9b:75:ef:
         02:10:cb:e4:cb:61:c0:cf:4b:6d:e9:ad:a4:06:45:d0:31:41:
         99:04:2c:df:29:86:15:a6:c4:ba:71:a4:63:77:78:a0:22:59:
         85:aa:ea:8f:6a:f1:26:d6:50:9e:9d:61:28:62:a0:20:ba:a7:
         c7:77:8e:cb:54:30:c9:ed:20:cc:68:9e:51:45:9c:f8:9b:5a:
         9f:d4:fc:aa
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULXLzQ/NKEKscrlf7ovsJybg3HFQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDA1MTE0WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZmZmMmEyZTA2NmRiMWNjMjExNGI5YjI4Y2Y3MWVlNjA1
YzEyYjZjMmRhM2Y1ZmI2MjA4MjVjZGZkMTM5YjcwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRk0pwk7ZN9KzkRJa3xXfo06BjVLbQuejfzIQRaOZ6sdXj
GU6NHmLtgzmJklfzMYMVEd2Sd+bPstX0xfKIDB33lC1ainwXnOoVAZHfdwpBoaRE
32ZHL0A6eD056OnhqbandjMdzBpow9l0VYlO4yoAoJOhZliivdApraWKlJQlOIv5
P5d4R86rh5FZ10TfKp0lyib6WlVJyi5+lBtlFq5iuF8cc6oifA/elNDb5HeqThOH
I1TEsrxnoukYZ21Xaxv6PlL98nfc7Fyy6+E4CTZT2AQYIiqJg59zFE/8OL6YDGfQ
GXUXZ4qucJyO8aAksuiwAjCxvph9idw3ly6/xydtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXSojOlWFP2mkuDu31dtghqn4zL0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJjNTA1NzdhLTA1ODQtNDg3My1iMjUwLTg3YzE3MWI1YzhlMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTYMwDQYJKoZIhvcNAQELBQADggEBADiQ+D+SNUuRTX6P8Y3SZ+ziUzox
ThEzmg65JEkI38y7t63QAfL9OQHSQGcjsxgWnEooE83hnWyprW2U1MyRJd7A4ndH
XuLUyYZrXliyX9BMWs1n2prWHZqxWIrdi7me0mkkaowdtTDZVnkXtNLRwfdr2vwg
vqwKsGfFUk3sls8JRCVMotEPGH7HdaIsihfTBdNEV/wEHmXoeu+7uWV3cyOrRpMB
HlVaziLi2xjfURYSoZt17wIQy+TLYcDPS23praQGRdAxQZkELN8phhWmxLpxpGN3
eKAiWYWq6o9q8SbWUJ6dYShioCC6p8d3jstUMMntIMxonlFFnPibWp/U/Ko=
-----END CERTIFICATE-----