Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/396fb735-ddd1-4676-8f03-961ccd29c7fb.roa
File:                     396fb735-ddd1-4676-8f03-961ccd29c7fb.roa (raw, json)
Hash identifier:          +6YXmKmDhyJYesUcjP1UbbCAx/Sqh+AwOIS+HMOTu9A=
Subject key identifier:   B5:BC:66:DE:40:DD:03:5F:66:67:18:B0:FC:EC:92:37:A8:4F:A2:9F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7C580A237219D913D091DD9B364CF7084A56C68A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/396fb735-ddd1-4676-8f03-961ccd29c7fb.roa
Signing time:             Wed 08 Oct 2025 00:42:13 +0000
ROA not before:           Wed 08 Oct 2025 00:42:13 +0000
ROA not after:            Wed 12 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.162.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:58:0a:23:72:19:d9:13:d0:91:dd:9b:36:4c:f7:08:4a:56:c6:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  8 00:42:13 2025 GMT
            Not After : Nov 12 23:59:59 2025 GMT
        Subject: serialNumber=a0c4cbfabcc54908f356a08936d11435340231fe23b0767e481b080a4402d5e9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ac:9a:25:54:34:3b:f3:ca:91:da:c8:ff:e0:
                    bd:2d:61:60:6f:a4:1e:bb:8d:5d:a6:2a:b9:0f:4f:
                    d3:4d:d7:0c:49:38:69:00:a6:54:dc:78:6c:cc:43:
                    cd:74:76:37:9c:c5:c3:56:26:36:d6:a9:8f:78:b8:
                    3c:c1:c3:6e:7a:93:d0:46:25:2f:c7:f3:11:71:50:
                    f5:b1:e5:2c:19:09:f8:7e:ab:3a:0e:70:87:09:98:
                    47:99:66:c1:6f:5b:15:84:b2:ca:ff:55:9b:03:29:
                    06:bb:7c:a1:5c:a9:55:f6:4c:26:0e:e7:91:9f:81:
                    a8:71:90:bb:7c:57:c1:4f:0c:d3:87:e4:a1:28:87:
                    0f:98:db:64:2f:2e:db:e0:a6:41:85:2d:55:c2:8c:
                    70:ac:d2:46:68:93:40:76:c2:9a:85:0e:1a:46:df:
                    37:f7:8d:c7:e1:1f:9f:02:32:49:9a:dc:7c:57:07:
                    54:b6:64:9e:d4:39:67:85:e5:0c:fb:08:80:1e:6a:
                    68:c0:66:f8:ba:c5:34:20:a9:84:c7:a7:95:31:57:
                    a5:24:fb:0f:d5:d5:c1:4e:14:29:9c:80:b6:4a:87:
                    58:1f:b7:43:27:18:16:6d:47:3e:ff:00:7c:e9:32:
                    85:50:4e:b9:9e:00:86:3e:d1:2d:4b:b1:40:88:af:
                    66:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:BC:66:DE:40:DD:03:5F:66:67:18:B0:FC:EC:92:37:A8:4F:A2:9F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/396fb735-ddd1-4676-8f03-961ccd29c7fb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:a7:14:47:fc:16:53:8f:d8:3c:8e:30:1c:9c:17:2f:4a:07:
         ad:2a:e3:c2:eb:f2:cc:dd:82:19:e1:37:cd:6a:bd:52:34:c5:
         a1:9e:00:66:92:00:dc:67:ed:a4:ee:8b:a4:fe:c5:45:4d:d8:
         f2:4c:2f:98:83:f8:04:f3:01:44:6c:86:02:1f:1b:74:a9:3b:
         aa:92:a1:f6:97:33:cb:71:1f:aa:bb:40:a3:34:6c:e2:1e:7c:
         62:58:37:e6:54:e3:0d:2a:d9:d3:ab:ce:e8:13:83:af:7a:e0:
         02:a2:93:78:e8:5d:a2:9f:8d:ac:11:ed:fb:59:49:c8:c4:ec:
         2a:56:35:58:ce:49:c6:e2:a4:19:18:2d:4b:91:1d:2f:b0:78:
         98:b3:80:36:f4:ba:46:e7:bd:46:30:7c:75:17:8a:3e:76:63:
         ef:30:45:8d:b6:ae:7e:63:9f:51:f2:e5:46:9d:83:bc:13:07:
         bc:7b:af:45:6a:21:d0:ec:f7:96:51:89:e1:fb:56:06:89:b9:
         6a:a6:2d:52:2c:cc:cb:a0:6f:fb:9e:d5:1f:8c:f9:f4:6f:70:
         bb:70:5f:18:00:35:5e:b7:a5:ba:10:da:59:42:0d:ec:9b:c7:
         de:3a:aa:60:da:55:c3:d9:95:56:1d:2f:4b:41:39:72:bc:42:
         5b:f4:07:52
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfFgKI3IZ2RPQkd2bNkz3CEpWxoowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA4MDA0MjEzWhcNMjUxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMGM0Y2JmYWJjYzU0OTA4ZjM1NmEwODkzNmQxMTQzNTM0
MDIzMWZlMjNiMDc2N2U0ODFiMDgwYTQ0MDJkNWU5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHrJolVDQ788qR2sj/4L0tYWBvpB67jV2mKrkPT9NN1wxJ
OGkAplTceGzMQ810djecxcNWJjbWqY94uDzBw256k9BGJS/H8xFxUPWx5SwZCfh+
qzoOcIcJmEeZZsFvWxWEssr/VZsDKQa7fKFcqVX2TCYO55GfgahxkLt8V8FPDNOH
5KEohw+Y22QvLtvgpkGFLVXCjHCs0kZok0B2wpqFDhpG3zf3jcfhH58CMkma3HxX
B1S2ZJ7UOWeF5Qz7CIAeamjAZvi6xTQgqYTHp5UxV6Uk+w/V1cFOFCmcgLZKh1gf
t0MnGBZtRz7/AHzpMoVQTrmeAIY+0S1LsUCIr2bpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtbxm3kDdA19mZxiw/OySN6hPop8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM5NmZiNzM1LWRkZDEtNDY3Ni04ZjAzLTk2MWNjZDI5YzdmYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjl6IwDQYJKoZIhvcNAQELBQADggEBAICnFEf8FlOP2DyOMBycFy9KB60q
48Lr8szdghnhN81qvVI0xaGeAGaSANxn7aTui6T+xUVN2PJML5iD+ATzAURshgIf
G3SpO6qSofaXM8txH6q7QKM0bOIefGJYN+ZU4w0q2dOrzugTg6964AKik3joXaKf
jawR7ftZScjE7CpWNVjOScbipBkYLUuRHS+weJizgDb0ukbnvUYwfHUXij52Y+8w
RY22rn5jn1Hy5Uadg7wTB7x7r0VqIdDs95ZRieH7VgaJuWqmLVIszMugb/ue1R+M
+fRvcLtwXxgANV63pboQ2llCDeybx946qmDaVcPZlVYdL0tBOXK8Qlv0B1I=
-----END CERTIFICATE-----