Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/488ca056-b28c-4f3f-8885-14a4498c474a.roa
File:                     488ca056-b28c-4f3f-8885-14a4498c474a.roa (raw, json)
Hash identifier:          ISw138Upo+oUASA118Qs4faSPFOn5K/28d+Evyh9orE=
Subject key identifier:   64:5D:DE:EE:08:EC:71:B8:D9:A9:68:CB:32:B4:FC:7F:42:C6:C2:13
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2A0F0C12F449A34934DBAA5B329EE834D7065673
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/488ca056-b28c-4f3f-8885-14a4498c474a.roa
Signing time:             Wed 15 Oct 2025 15:51:18 +0000
ROA not before:           Wed 15 Oct 2025 15:51:18 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.86.224.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:0f:0c:12:f4:49:a3:49:34:db:aa:5b:32:9e:e8:34:d7:06:56:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 15 15:51:18 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=455a0b7b72794d139cfe494103fbb9645c20f55785c067f30a2f9c6cf9cadab9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:94:32:9c:64:82:0f:2a:4d:8c:33:5c:9f:8e:
                    c8:ac:f5:29:7a:26:5e:89:c2:ad:b9:3b:f2:9f:52:
                    0b:64:33:78:d3:40:77:b5:53:88:74:56:7b:d4:53:
                    c6:01:b3:17:02:04:4a:ba:07:d5:25:a0:f9:06:5a:
                    95:7a:76:fe:74:63:9e:af:b4:18:e7:45:dc:2b:ce:
                    be:9b:15:41:9e:94:ee:eb:15:c2:c0:eb:d2:a2:13:
                    49:c3:07:0a:a2:1a:59:1f:b6:6c:f4:a6:cc:d8:ff:
                    2d:22:6e:f8:09:96:28:45:fd:c8:d2:23:92:5c:6e:
                    53:d4:11:bd:1e:47:ab:9d:1e:59:c1:af:1a:a3:72:
                    5d:0e:85:88:59:ac:51:89:c5:55:0c:c4:9a:b1:9f:
                    22:4d:3c:d4:81:4a:91:75:de:a3:b9:b6:f3:57:ae:
                    fd:71:29:34:91:6c:6a:f6:86:a9:46:45:e4:6a:7e:
                    66:12:ca:02:42:1f:82:d3:22:ef:4c:d7:0f:c1:e8:
                    ec:7d:80:14:ca:02:f8:6d:69:e2:28:3c:ea:31:b5:
                    8c:5a:dc:b0:d9:92:3f:6f:64:14:65:e4:54:0c:54:
                    c1:9d:24:fe:3a:88:e6:8c:75:e4:da:78:91:d0:dc:
                    e5:31:9c:7c:b3:2a:2b:f9:a5:38:29:3a:0f:44:db:
                    85:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:5D:DE:EE:08:EC:71:B8:D9:A9:68:CB:32:B4:FC:7F:42:C6:C2:13
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/488ca056-b28c-4f3f-8885-14a4498c474a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.86.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:0e:d0:d3:e2:29:32:c8:73:00:4f:76:4e:bb:83:41:db:e3:
         5c:16:dc:79:1f:2d:b5:bd:f9:aa:3d:25:87:05:f8:ef:6d:f2:
         55:e6:58:1a:58:d3:1a:cd:89:7a:c2:6c:28:ca:5b:af:fb:41:
         de:73:e7:9f:87:b1:2e:0b:4d:72:42:80:38:3e:af:7d:22:0b:
         39:31:0c:c9:12:61:1b:17:3b:05:d1:cd:fa:07:dc:76:22:e5:
         22:fa:b2:a2:92:59:02:cf:b6:3e:b1:a1:7e:86:d6:da:f0:70:
         bc:51:a9:ef:69:ec:1c:d7:6d:24:4d:a2:36:f7:10:cb:fd:c6:
         16:ac:55:48:66:52:e8:c3:a7:61:14:a4:a7:cb:18:8a:0b:b4:
         ea:1d:79:40:c3:9c:90:9d:4a:b2:20:24:8e:22:d7:29:5a:ea:
         93:96:d1:f1:68:78:2b:06:6d:f3:bd:dc:32:a4:e8:6e:57:9e:
         77:96:aa:83:01:ee:51:eb:3a:e7:41:bf:8c:2d:9f:f0:14:0d:
         95:33:9f:6e:79:3b:9b:95:77:5c:8f:95:f2:4f:8e:f9:61:a9:
         66:b1:60:bc:d5:3f:5b:39:46:2f:b1:76:fd:bd:ef:21:7f:38:
         05:15:b1:f8:b7:00:44:e6:aa:70:88:b3:9f:f1:ba:77:6e:60:
         3a:27:43:b7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKg8MEvRJo0k026pbMp7oNNcGVnMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE1MTU1MTE4WhcNMjUxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NTVhMGI3YjcyNzk0ZDEzOWNmZTQ5NDEwM2ZiYjk2NDVj
MjBmNTU3ODVjMDY3ZjMwYTJmOWM2Y2Y5Y2FkYWI5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTlDKcZIIPKk2MM1yfjsis9Sl6Jl6Jwq25O/KfUgtkM3jT
QHe1U4h0VnvUU8YBsxcCBEq6B9UloPkGWpV6dv50Y56vtBjnRdwrzr6bFUGelO7r
FcLA69KiE0nDBwqiGlkftmz0pszY/y0ibvgJlihF/cjSI5JcblPUEb0eR6udHlnB
rxqjcl0OhYhZrFGJxVUMxJqxnyJNPNSBSpF13qO5tvNXrv1xKTSRbGr2hqlGReRq
fmYSygJCH4LTIu9M1w/B6Ox9gBTKAvhtaeIoPOoxtYxa3LDZkj9vZBRl5FQMVMGd
JP46iOaMdeTaeJHQ3OUxnHyzKiv5pTgpOg9E24XZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZF3e7gjscbjZqWjLMrT8f0LGwhMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ4OGNhMDU2LWIyOGMtNGYzZi04ODg1LTE0YTQ0OThjNDc0YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjVuAwDQYJKoZIhvcNAQELBQADggEBAB8O0NPiKTLIcwBPdk67g0Hb41wW
3HkfLbW9+ao9JYcF+O9t8lXmWBpY0xrNiXrCbCjKW6/7Qd5z55+HsS4LTXJCgDg+
r30iCzkxDMkSYRsXOwXRzfoH3HYi5SL6sqKSWQLPtj6xoX6G1trwcLxRqe9p7BzX
bSRNojb3EMv9xhasVUhmUujDp2EUpKfLGIoLtOodeUDDnJCdSrIgJI4i1yla6pOW
0fFoeCsGbfO93DKk6G5XnneWqoMB7lHrOudBv4wtn/AUDZUzn255O5uVd1yPlfJP
jvlhqWaxYLzVP1s5Ri+xdv297yF/OAUVsfi3AETmqnCIs5/xunduYDonQ7c=
-----END CERTIFICATE-----