Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/34136975-3039-4a02-91e5-6ea288798aa0.roa
File:                     34136975-3039-4a02-91e5-6ea288798aa0.roa (raw, json)
Hash identifier:          qtKrQDiQifvQh8i7/AGK4SylnPeSqm+owj8W8+JRaik=
Subject key identifier:   01:CA:E0:C4:19:17:C0:1F:68:76:C1:AA:F6:88:D9:17:78:6C:77:2B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5CD5A7233DBDE9B41C11D50F5973539D616F569F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/34136975-3039-4a02-91e5-6ea288798aa0.roa
Signing time:             Fri 03 Oct 2025 00:52:03 +0000
ROA not before:           Fri 03 Oct 2025 00:52:03 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.187.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:d5:a7:23:3d:bd:e9:b4:1c:11:d5:0f:59:73:53:9d:61:6f:56:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:52:03 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=6447b7ad3d2ca44632a76957a06434cc2219434f1de9c80686ab758cff742159, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:65:b2:76:45:45:70:22:53:48:20:cf:8b:33:
                    39:73:65:38:8f:cf:f8:64:7d:b3:c1:9e:a4:61:62:
                    3f:78:1a:58:79:a9:39:17:38:3f:ef:64:d0:07:d4:
                    37:2f:62:c7:39:0a:b9:3b:2c:f0:9d:70:63:b5:77:
                    7e:4d:13:f5:06:14:4c:72:e3:7e:fc:f3:4a:9b:7c:
                    66:2a:60:77:79:c1:87:79:11:19:44:33:c7:fd:02:
                    d6:6d:c4:1c:80:d3:a3:67:0a:7a:5b:0f:a5:b0:75:
                    20:8e:49:7b:9f:ec:61:2e:36:42:6d:16:67:35:26:
                    96:53:7b:24:be:d7:44:e1:e8:b9:c1:cd:46:64:8d:
                    c5:86:52:b8:74:e8:d6:22:cd:ce:e4:37:3a:a2:1c:
                    3b:e6:62:81:83:1e:d7:74:04:76:09:71:02:17:cf:
                    ef:06:ff:4b:2c:59:63:8c:cb:cd:3d:e2:87:3e:7e:
                    d5:3c:b2:df:b3:06:7e:48:ef:ab:67:87:c7:f6:81:
                    4d:b0:22:e4:00:84:33:7c:be:e4:21:5e:75:1a:19:
                    f7:65:73:30:73:9f:41:bb:9a:b2:9b:c5:df:d7:10:
                    18:bb:a8:f7:24:d3:17:4d:97:ef:d5:42:77:b2:bf:
                    2e:d5:8b:86:1d:57:b4:9c:5a:59:bb:ce:32:c8:8f:
                    65:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:CA:E0:C4:19:17:C0:1F:68:76:C1:AA:F6:88:D9:17:78:6C:77:2B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/34136975-3039-4a02-91e5-6ea288798aa0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:e0:fd:eb:77:b0:6b:ba:16:fa:a3:3d:2e:3c:ac:ec:d7:8b:
         13:0d:25:e9:61:b0:a5:91:2a:92:bf:ca:d2:11:b7:e7:9c:bb:
         bd:8a:c8:7c:ca:d9:c5:45:e4:d8:2f:5a:99:b1:d6:a7:de:6c:
         71:63:fb:1a:7f:db:63:13:0e:9d:e9:11:4b:f2:ca:a9:3f:bb:
         ac:b1:73:bd:e1:46:36:17:b1:cf:d8:dc:37:f7:e7:67:b8:f1:
         f9:45:04:50:79:f8:31:1f:97:e7:1e:0c:47:4d:e1:70:29:51:
         5b:4b:38:3c:ab:98:af:4e:21:4c:f5:48:a0:6f:91:7e:d3:2f:
         2d:73:0e:b2:4a:71:7c:f8:a9:0d:e3:c2:a8:2e:fd:99:51:a0:
         6f:7f:20:f0:bc:a3:8a:82:d1:d9:f5:2c:6d:83:c2:c3:c7:bb:
         cd:50:9f:b8:2d:f5:f3:8f:7a:d0:e5:f3:77:f7:4d:fa:21:5b:
         ac:dc:af:93:c8:7d:c0:1f:e4:15:55:75:c8:21:99:69:47:16:
         37:4d:f2:7e:50:19:83:60:88:56:32:ac:61:2f:6f:48:44:37:
         b7:92:32:41:ff:c2:ce:42:aa:8a:ec:e6:db:0c:5c:75:59:0b:
         78:51:4d:f2:07:b4:60:56:bf:3d:70:4c:d3:cb:0d:c0:03:d9:
         73:5b:3d:20
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXNWnIz296bQcEdUPWXNTnWFvVp8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDA1MjAzWhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NDQ3YjdhZDNkMmNhNDQ2MzJhNzY5NTdhMDY0MzRjYzIy
MTk0MzRmMWRlOWM4MDY4NmFiNzU4Y2ZmNzQyMTU5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1ZbJ2RUVwIlNIIM+LMzlzZTiPz/hkfbPBnqRhYj94Glh5
qTkXOD/vZNAH1DcvYsc5Crk7LPCdcGO1d35NE/UGFExy437880qbfGYqYHd5wYd5
ERlEM8f9AtZtxByA06NnCnpbD6WwdSCOSXuf7GEuNkJtFmc1JpZTeyS+10Th6LnB
zUZkjcWGUrh06NYizc7kNzqiHDvmYoGDHtd0BHYJcQIXz+8G/0ssWWOMy8094oc+
ftU8st+zBn5I76tnh8f2gU2wIuQAhDN8vuQhXnUaGfdlczBzn0G7mrKbxd/XEBi7
qPck0xdNl+/VQneyvy7Vi4YdV7ScWlm7zjLIj2UjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAcrgxBkXwB9odsGq9ojZF3hsdyswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM0MTM2OTc1LTMwMzktNGEwMi05MWU1LTZlYTI4ODc5OGFhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTbswDQYJKoZIhvcNAQELBQADggEBABvg/et3sGu6FvqjPS48rOzXixMN
JelhsKWRKpK/ytIRt+ecu72KyHzK2cVF5NgvWpmx1qfebHFj+xp/22MTDp3pEUvy
yqk/u6yxc73hRjYXsc/Y3Df352e48flFBFB5+DEfl+ceDEdN4XApUVtLODyrmK9O
IUz1SKBvkX7TLy1zDrJKcXz4qQ3jwqgu/ZlRoG9/IPC8o4qC0dn1LG2DwsPHu81Q
n7gt9fOPetDl83f3TfohW6zcr5PIfcAf5BVVdcghmWlHFjdN8n5QGYNgiFYyrGEv
b0hEN7eSMkH/ws5Cqors5tsMXHVZC3hRTfIHtGBWvz1wTNPLDcAD2XNbPSA=
-----END CERTIFICATE-----