Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2d95bd62-e681-4cef-a026-fbb2d2eb1ef1.roa
File:                     2d95bd62-e681-4cef-a026-fbb2d2eb1ef1.roa (raw, json)
Hash identifier:          eTh875v5f/urqOZg3hDySKjjcWSRZzlrZeMMAlLpxNA=
Subject key identifier:   B4:C2:B0:E3:3D:17:76:EC:E3:35:F7:EB:11:5A:57:82:AB:2E:28:35
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2ACC8B0172958200BFAC8160A093FFB2CF58B19F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2d95bd62-e681-4cef-a026-fbb2d2eb1ef1.roa
Signing time:             Fri 03 Oct 2025 15:01:09 +0000
ROA not before:           Fri 03 Oct 2025 15:01:09 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.87.128.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:cc:8b:01:72:95:82:00:bf:ac:81:60:a0:93:ff:b2:cf:58:b1:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 15:01:09 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=4ee8aaadaa19a9be1638ff147d706c5f44b249cdec1b2fe67092d9bf278b7f74, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ec:98:60:4d:95:6a:20:ac:87:9b:4f:d7:26:
                    d1:f5:8b:ee:cc:45:65:15:ad:4c:98:2d:c2:ac:0c:
                    23:d0:fd:2f:63:a8:9e:fe:34:07:5b:ea:4b:0a:5d:
                    3d:10:75:a6:b1:6c:2d:a5:72:3d:78:df:dd:7e:14:
                    64:53:d8:ed:64:c0:05:66:8a:2b:fd:37:ab:ed:13:
                    63:dd:cb:cd:f5:38:3b:da:97:df:3d:d7:41:9f:59:
                    b2:70:b9:68:27:83:f9:e9:1a:3a:c8:54:10:29:72:
                    59:3b:30:2f:cb:05:99:f7:37:7f:d1:c4:a5:65:c3:
                    3f:6e:1a:c8:e1:f7:94:55:d9:63:44:6a:6d:1a:4e:
                    db:db:49:37:06:1c:18:15:81:99:4a:90:83:49:2e:
                    e2:91:e1:74:45:4e:ff:9c:98:31:ca:66:d1:a8:d8:
                    2f:cf:d5:3b:a9:a1:89:a1:e9:9b:8b:8e:8b:7c:ff:
                    be:bb:e8:72:9b:0f:29:00:81:bd:d0:3c:03:70:33:
                    9b:84:ce:a2:1c:0e:72:c6:65:85:53:a1:25:62:99:
                    fe:0f:c0:3f:17:1f:5a:5d:52:11:cf:d7:5c:05:09:
                    30:a3:d9:0b:5f:9b:51:c4:d1:68:08:56:ec:c8:83:
                    02:6b:c9:09:4c:8a:e9:46:38:e2:20:6e:c8:5c:c3:
                    cc:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:C2:B0:E3:3D:17:76:EC:E3:35:F7:EB:11:5A:57:82:AB:2E:28:35
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2d95bd62-e681-4cef-a026-fbb2d2eb1ef1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.87.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         82:15:6b:f4:d4:c2:0f:33:82:69:b0:1c:35:42:15:1a:a3:d1:
         f8:32:86:df:14:20:ba:45:f5:30:0e:78:bc:e9:e2:18:84:e0:
         88:e2:d8:5e:4b:b3:67:2b:fd:c1:4f:5c:1f:69:6b:35:25:8a:
         d1:be:be:9a:2b:bb:2c:4f:fe:b0:42:37:50:73:65:e4:44:be:
         e8:dc:b2:89:3a:7c:c3:7d:77:69:3d:f2:4a:eb:a3:b3:05:a4:
         67:f4:c7:6f:2c:12:97:67:4a:cb:ac:68:6c:40:ec:45:a2:b1:
         6d:e8:0e:be:5f:2b:85:80:ae:b8:d1:14:7c:a3:14:58:96:f4:
         32:b5:af:03:46:bf:f4:37:8e:62:6e:fd:ef:3a:9d:58:9a:fa:
         4d:eb:2d:dc:c8:11:64:0b:9d:fe:38:62:ef:5a:4a:4e:56:1f:
         89:70:4f:58:fc:d0:26:8a:f8:83:d8:68:8f:d8:18:b6:00:fc:
         d6:e9:05:aa:54:7a:cf:26:11:e4:86:05:e2:b9:90:f4:4f:c2:
         97:42:80:1b:4b:36:27:f5:76:6e:e6:3f:67:73:5e:7e:7d:d6:
         39:ba:0a:4f:72:80:a3:7e:dd:79:8f:c9:e6:ab:87:eb:4c:e3:
         1b:1c:c5:ac:74:e7:77:61:9b:7a:88:17:7a:4c:85:c6:03:48:
         27:98:e6:f9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKsyLAXKVggC/rIFgoJP/ss9YsZ8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMTUwMTA5WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZWU4YWFhZGFhMTlhOWJlMTYzOGZmMTQ3ZDcwNmM1ZjQ0
YjI0OWNkZWMxYjJmZTY3MDkyZDliZjI3OGI3Zjc0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCg7JhgTZVqIKyHm0/XJtH1i+7MRWUVrUyYLcKsDCPQ/S9j
qJ7+NAdb6ksKXT0QdaaxbC2lcj14391+FGRT2O1kwAVmiiv9N6vtE2Pdy831ODva
l98910GfWbJwuWgng/npGjrIVBApclk7MC/LBZn3N3/RxKVlwz9uGsjh95RV2WNE
am0aTtvbSTcGHBgVgZlKkINJLuKR4XRFTv+cmDHKZtGo2C/P1TupoYmh6ZuLjot8
/7676HKbDykAgb3QPANwM5uEzqIcDnLGZYVToSVimf4PwD8XH1pdUhHP11wFCTCj
2Qtfm1HE0WgIVuzIgwJryQlMiulGOOIgbshcw8z/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtMKw4z0XduzjNffrEVpXgqsuKDUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJkOTViZDYyLWU2ODEtNGNlZi1hMDI2LWZiYjJkMmViMWVmMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZjV4AwDQYJKoZIhvcNAQELBQADggEBAIIVa/TUwg8zgmmwHDVCFRqj0fgy
ht8UILpF9TAOeLzp4hiE4Iji2F5Ls2cr/cFPXB9pazUlitG+vporuyxP/rBCN1Bz
ZeREvujcsok6fMN9d2k98krro7MFpGf0x28sEpdnSsusaGxA7EWisW3oDr5fK4WA
rrjRFHyjFFiW9DK1rwNGv/Q3jmJu/e86nVia+k3rLdzIEWQLnf44Yu9aSk5WH4lw
T1j80CaK+IPYaI/YGLYA/NbpBapUes8mEeSGBeK5kPRPwpdCgBtLNif1dm7mP2dz
Xn591jm6Ck9ygKN+3XmPyearh+tM4xscxax053dhm3qIF3pMhcYDSCeY5vk=
-----END CERTIFICATE-----