Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/423ab5d9-486f-4148-a91c-859792458d5c.roa
File:                     423ab5d9-486f-4148-a91c-859792458d5c.roa (raw, json)
Hash identifier:          R8p7fEcZzg+FgfbxAaD1GiHiTsgMPJQwKNo7/fHr0B0=
Subject key identifier:   4E:59:01:06:1D:E8:EF:25:71:55:AA:E5:AE:D1:39:0F:58:6C:7E:7E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7CD9D87FD93F31188D877404BDF6BA99C2AF257E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/423ab5d9-486f-4148-a91c-859792458d5c.roa
Signing time:             Tue 30 Sep 2025 00:22:05 +0000
ROA not before:           Tue 30 Sep 2025 00:22:05 +0000
ROA not after:            Tue 04 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        198.99.2.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:d9:d8:7f:d9:3f:31:18:8d:87:74:04:bd:f6:ba:99:c2:af:25:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep 30 00:22:05 2025 GMT
            Not After : Nov  4 23:59:59 2025 GMT
        Subject: serialNumber=6d2ebc2a1aab9bf8899cb489d66586ef716b10f0d208e00d7ae9a735c7c1a3e6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:3e:83:3f:ae:a7:25:33:cc:2a:45:42:6b:4c:
                    a4:15:c0:ad:af:ff:bf:a3:30:28:5c:2f:35:e8:b5:
                    89:93:3b:4b:13:a0:fc:9c:72:9a:71:f7:e7:22:dd:
                    bc:b2:b1:8a:39:2d:11:14:f7:b9:c0:f2:9e:c7:62:
                    d5:64:d1:51:e8:58:b2:4d:d8:e5:8e:f6:ed:36:b7:
                    08:d3:92:0b:9c:2c:dc:38:b3:cc:2a:e1:45:65:0e:
                    b1:5d:2b:43:c5:48:82:87:3d:d3:df:ff:3e:d6:2e:
                    c2:84:1e:d5:1e:06:36:96:d5:c3:c0:bb:3f:9a:00:
                    18:96:47:38:69:1b:07:da:6a:77:5a:54:f8:72:cd:
                    56:c0:19:40:8a:9c:59:e0:95:75:19:90:c3:a4:57:
                    5f:be:c3:d3:7e:b6:36:9c:0c:75:b9:30:4e:9c:2e:
                    18:f2:0d:37:5f:7c:6d:09:c9:99:7b:b8:6e:2a:c7:
                    49:c6:9c:97:b8:7e:ed:7c:31:9f:d3:95:83:10:34:
                    f7:46:cf:93:82:43:a0:ae:ef:77:05:67:7d:46:df:
                    f6:4c:c7:44:e0:56:7e:17:02:64:68:2f:8f:9e:4c:
                    0b:18:8b:8c:15:6f:4a:26:91:0e:61:6e:17:e9:12:
                    b5:87:b0:65:26:f0:ed:08:34:76:5f:9f:8b:a8:20:
                    36:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:59:01:06:1D:E8:EF:25:71:55:AA:E5:AE:D1:39:0F:58:6C:7E:7E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/423ab5d9-486f-4148-a91c-859792458d5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.99.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:92:c5:62:7b:83:3a:71:f9:9a:1f:24:1e:cc:31:a7:19:e3:
         b7:f7:cf:9b:3c:20:61:ef:ac:ef:3c:25:cd:47:1b:40:30:f4:
         b4:c0:cb:26:2d:bd:7d:a4:ed:2a:27:18:91:30:0f:0b:4b:6a:
         83:7b:59:76:05:fc:07:b7:37:8a:93:b3:6a:4a:6a:04:fc:be:
         7d:43:31:9c:9e:bb:71:1a:33:27:aa:c8:82:48:43:15:97:12:
         81:81:ed:0f:78:0a:9c:4f:f6:1e:78:f5:51:40:c2:93:4c:bf:
         a4:7b:b5:c0:54:ef:3c:8e:72:57:ab:59:10:cc:57:47:d9:a7:
         8d:3d:3b:55:cb:bb:05:79:4a:16:0a:17:7f:6d:12:f3:d1:fc:
         65:b0:6c:a1:2e:cf:5b:05:3a:36:00:e0:8f:b3:af:cd:dd:66:
         49:51:d3:6c:b2:9d:7d:70:7b:b7:45:26:bf:b9:b9:e8:ae:29:
         0d:c7:d7:10:df:86:4b:6d:d1:59:4e:c5:3d:4f:29:ff:52:63:
         7f:06:54:74:38:a7:cd:f0:74:9a:1c:e4:00:5f:4f:d7:0a:a9:
         c2:c7:fd:37:c6:b3:a4:85:7e:83:19:d2:a0:e3:8b:07:4d:b8:
         7a:f6:28:19:30:89:7c:b7:5f:80:cb:51:41:2a:45:46:64:ed:
         de:42:75:0a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfNnYf9k/MRiNh3QEvfa6mcKvJX4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTMwMDAyMjA1WhcNMjUxMTA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZDJlYmMyYTFhYWI5YmY4ODk5Y2I0ODlkNjY1ODZlZjcx
NmIxMGYwZDIwOGUwMGQ3YWU5YTczNWM3YzFhM2U2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5PoM/rqclM8wqRUJrTKQVwK2v/7+jMChcLzXotYmTO0sT
oPyccppx9+ci3byysYo5LREU97nA8p7HYtVk0VHoWLJN2OWO9u02twjTkgucLNw4
s8wq4UVlDrFdK0PFSIKHPdPf/z7WLsKEHtUeBjaW1cPAuz+aABiWRzhpGwfaanda
VPhyzVbAGUCKnFnglXUZkMOkV1++w9N+tjacDHW5ME6cLhjyDTdffG0JyZl7uG4q
x0nGnJe4fu18MZ/TlYMQNPdGz5OCQ6Cu73cFZ31G3/ZMx0TgVn4XAmRoL4+eTAsY
i4wVb0omkQ5hbhfpErWHsGUm8O0INHZfn4uoIDaBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTlkBBh3o7yVxVarlrtE5D1hsfn4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQyM2FiNWQ5LTQ4NmYtNDE0OC1hOTFjLTg1OTc5MjQ1OGQ1Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADGYwIwDQYJKoZIhvcNAQELBQADggEBADOSxWJ7gzpx+ZofJB7MMacZ47f3
z5s8IGHvrO88Jc1HG0Aw9LTAyyYtvX2k7SonGJEwDwtLaoN7WXYF/Ae3N4qTs2pK
agT8vn1DMZyeu3EaMyeqyIJIQxWXEoGB7Q94CpxP9h549VFAwpNMv6R7tcBU7zyO
clerWRDMV0fZp409O1XLuwV5ShYKF39tEvPR/GWwbKEuz1sFOjYA4I+zr83dZklR
02yynX1we7dFJr+5ueiuKQ3H1xDfhktt0VlOxT1PKf9SY38GVHQ4p83wdJoc5ABf
T9cKqcLH/TfGs6SFfoMZ0qDjiwdNuHr2KBkwiXy3X4DLUUEqRUZk7d5CdQo=
-----END CERTIFICATE-----