Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f75e33f-8f58-46da-b4bf-d7c70812287b.roa
File:                     3f75e33f-8f58-46da-b4bf-d7c70812287b.roa (raw, json)
Hash identifier:          Oi6htiQYmaZ5QWdoNXyFg1guWgbkeaF9nj8eueW9qNM=
Subject key identifier:   38:F3:10:6A:77:6C:98:53:A1:DB:04:9F:3D:E4:A7:B4:1B:55:C2:19
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       36BD2052B7E95733F2246FF0EE558093E49C8425
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f75e33f-8f58-46da-b4bf-d7c70812287b.roa
Signing time:             Wed 15 Oct 2025 18:01:19 +0000
ROA not before:           Wed 15 Oct 2025 18:01:19 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.86.208.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:bd:20:52:b7:e9:57:33:f2:24:6f:f0:ee:55:80:93:e4:9c:84:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 15 18:01:19 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=d8f67eef955e5a4217a8ef90bca6379283203a1e1a068e63dfecc37b52177689, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:10:6e:c1:52:39:e6:13:d1:09:26:5b:86:12:
                    05:af:29:b9:03:58:4c:d6:21:b5:5d:08:b0:e7:17:
                    0b:ba:8c:cd:1f:36:d9:d8:2d:a5:77:42:b3:bb:0f:
                    01:08:f4:ae:c0:ea:48:3f:9d:51:ef:20:ca:da:3c:
                    59:ef:31:14:ce:e3:dc:69:16:dd:58:a3:31:48:33:
                    83:ab:25:d9:97:85:2a:6b:74:85:5a:6a:ff:a4:57:
                    df:c0:93:e6:f2:20:96:bf:b8:54:e9:16:e2:17:23:
                    59:e7:1f:51:69:0f:be:7c:d0:94:1f:95:42:9a:f8:
                    5e:ed:aa:03:8d:b4:a7:7f:86:e7:dc:42:a4:71:2c:
                    81:0a:02:17:fb:24:a2:8d:5f:8f:e7:45:fe:11:43:
                    04:41:f4:50:03:17:5e:de:09:97:e7:21:eb:04:fc:
                    e7:a8:70:ab:3d:19:fd:f6:5e:f0:03:69:7a:2a:30:
                    d1:de:2a:51:02:c5:0c:07:5a:52:28:77:3a:33:19:
                    f3:53:b7:de:97:e8:3c:84:22:30:e8:94:b4:b5:b6:
                    3a:5c:9e:ed:57:5d:30:1d:43:fa:4c:e3:fd:2b:34:
                    af:28:04:df:4d:53:34:01:40:18:21:3d:f1:1c:fc:
                    81:5f:05:7a:d8:a1:90:f8:41:09:20:eb:3a:99:d8:
                    de:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:F3:10:6A:77:6C:98:53:A1:DB:04:9F:3D:E4:A7:B4:1B:55:C2:19
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f75e33f-8f58-46da-b4bf-d7c70812287b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.86.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         25:a9:d3:7a:f8:41:bc:a3:42:44:29:96:67:d6:82:d5:8b:49:
         14:e8:39:d5:5b:fb:b9:bf:b9:b6:a9:12:f2:87:9c:b4:1b:0c:
         26:35:c9:64:f9:1d:4b:a8:b7:53:d2:72:d9:2a:07:c9:ca:44:
         59:c8:a4:0a:ce:97:6b:f8:a7:e6:21:b2:89:2a:bd:af:4c:d0:
         9d:b8:fc:b5:3b:a3:45:c9:ad:30:b3:ec:0a:c9:27:e0:29:b4:
         4b:33:bb:4a:0b:c2:5a:da:5d:4a:cd:c4:90:a1:be:7c:11:c8:
         19:5f:f9:60:89:df:1d:3b:e3:05:6a:0e:ec:ed:e8:2a:18:ae:
         b3:21:3a:06:96:8a:5d:fc:47:8e:f0:dc:e2:6d:97:09:88:19:
         f8:b1:bb:d0:d3:61:f1:49:38:5e:fa:ff:66:77:43:e7:5f:f2:
         9d:fe:99:23:84:f1:0e:95:c4:ce:5b:c5:48:9f:89:f8:31:c8:
         e8:82:f9:4a:00:14:fb:6a:fd:7d:fe:b9:46:01:d0:c2:f4:bc:
         0c:2f:33:38:bc:0a:32:80:4c:e0:c7:16:f2:84:aa:9d:58:41:
         0d:33:f3:8b:16:9d:00:a4:a1:d8:78:ce:0f:08:00:57:71:6b:
         76:aa:48:82:40:b7:b4:a2:88:cb:46:25:27:da:c0:62:68:05:
         fa:dd:77:0c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNr0gUrfpVzPyJG/w7lWAk+SchCUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE1MTgwMTE5WhcNMjUxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BkOGY2N2VlZjk1NWU1YTQyMTdhOGVmOTBiY2E2Mzc5Mjgz
MjAzYTFlMWEwNjhlNjNkZmVjYzM3YjUyMTc3Njg5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCaEG7BUjnmE9EJJluGEgWvKbkDWEzWIbVdCLDnFwu6jM0f
NtnYLaV3QrO7DwEI9K7A6kg/nVHvIMraPFnvMRTO49xpFt1YozFIM4OrJdmXhSpr
dIVaav+kV9/Ak+byIJa/uFTpFuIXI1nnH1FpD7580JQflUKa+F7tqgONtKd/hufc
QqRxLIEKAhf7JKKNX4/nRf4RQwRB9FADF17eCZfnIesE/OeocKs9Gf32XvADaXoq
MNHeKlECxQwHWlIodzozGfNTt96X6DyEIjDolLS1tjpcnu1XXTAdQ/pM4/0rNK8o
BN9NUzQBQBghPfEc/IFfBXrYoZD4QQkg6zqZ2N49AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOPMQandsmFOh2wSfPeSntBtVwhkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNmNzVlMzNmLThmNTgtNDZkYS1iNGJmLWQ3YzcwODEyMjg3Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjVtAwDQYJKoZIhvcNAQELBQADggEBACWp03r4QbyjQkQplmfWgtWLSRTo
OdVb+7m/ubapEvKHnLQbDCY1yWT5HUuot1PSctkqB8nKRFnIpArOl2v4p+Yhsokq
va9M0J24/LU7o0XJrTCz7ArJJ+AptEszu0oLwlraXUrNxJChvnwRyBlf+WCJ3x07
4wVqDuzt6CoYrrMhOgaWil38R47w3OJtlwmIGfixu9DTYfFJOF76/2Z3Q+df8p3+
mSOE8Q6VxM5bxUififgxyOiC+UoAFPtq/X3+uUYB0ML0vAwvMzi8CjKATODHFvKE
qp1YQQ0z84sWnQCkodh4zg8IAFdxa3aqSIJAt7SiiMtGJSfawGJoBfrddww=
-----END CERTIFICATE-----