Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/632351fc-f8bc-449d-8eb1-60576b8fde35.roa
File:                     632351fc-f8bc-449d-8eb1-60576b8fde35.roa (raw, json)
Hash identifier:          WgmiIkRnY/xuE11p9/KloD9iREeQzRKNPgy6Y72J/8E=
Subject key identifier:   82:CE:AD:A0:CE:FB:F9:71:0D:86:E4:FC:9E:8F:33:73:36:8C:B7:0F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0AA8267DF0B929A53647EE28DA4FC6ED62594037
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/632351fc-f8bc-449d-8eb1-60576b8fde35.roa
Signing time:             Wed 15 Oct 2025 16:38:51 +0000
ROA not before:           Wed 15 Oct 2025 16:38:51 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.86.71.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:a8:26:7d:f0:b9:29:a5:36:47:ee:28:da:4f:c6:ed:62:59:40:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 15 16:38:51 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=c627bb84c9bc7fbf8236e285b19f7054f8c1f5e5b93cbd88961d4a854c2af485, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:73:12:f2:7b:f4:7e:3e:93:d4:1a:60:29:4c:
                    af:7e:14:5d:ef:7c:46:45:0d:f3:51:25:08:c1:ca:
                    2b:36:69:dc:d3:ca:8f:71:e4:24:4c:d6:55:57:f7:
                    ef:24:a8:86:6d:1f:ec:08:a6:ea:56:9a:37:d0:db:
                    16:93:0f:bc:27:37:5e:85:5c:3f:de:3c:69:3c:79:
                    68:ed:32:86:58:3d:e9:d8:67:ed:24:39:b1:5f:d7:
                    d9:2f:98:0b:bc:7a:49:74:6b:c8:9b:31:c8:ca:65:
                    70:ff:7d:d1:7a:c9:cb:10:01:24:85:03:b3:4b:e2:
                    c8:0a:6c:17:25:8f:ac:21:7b:96:f4:e3:74:95:e5:
                    a0:7f:51:86:f1:22:f8:2c:2c:7f:fb:1e:14:8c:74:
                    7b:6e:55:50:b9:32:c6:c7:d8:bb:e0:90:bd:6d:df:
                    b4:ff:49:f6:dc:53:3c:89:37:10:40:65:c1:85:b2:
                    48:e8:e8:15:2c:44:25:30:5f:79:5b:1e:13:42:ff:
                    a1:18:5c:e8:72:12:cd:5f:d0:cc:7f:5e:b5:07:99:
                    ee:0a:3f:a5:e9:ba:b9:81:8d:c1:66:25:3f:9e:3c:
                    8b:dc:82:52:bd:2b:b5:3c:09:1f:8a:52:f0:c4:90:
                    92:83:b9:ce:c7:a7:a5:b6:4c:b7:ae:b0:f1:83:8d:
                    5a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:CE:AD:A0:CE:FB:F9:71:0D:86:E4:FC:9E:8F:33:73:36:8C:B7:0F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/632351fc-f8bc-449d-8eb1-60576b8fde35.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.86.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:bc:b7:43:f0:21:37:09:8a:0a:5d:56:38:07:68:65:e5:04:
         72:0c:db:2b:58:95:03:ec:72:e5:12:93:88:a4:a3:f2:60:ed:
         05:73:7b:20:9b:1c:04:b4:10:63:77:e9:35:4f:f8:3f:fc:b1:
         cf:72:78:e4:a9:3c:d0:07:cf:08:1e:53:9f:ea:91:b2:ac:86:
         d6:83:09:a4:af:40:f8:38:13:dd:a2:be:b9:01:49:14:9b:66:
         72:cf:e1:ff:48:2a:a4:d5:12:cc:c7:76:34:ef:b7:04:aa:f6:
         08:39:48:48:6f:cc:10:66:07:13:31:86:79:7b:6e:94:18:c5:
         26:41:46:d3:61:92:88:da:33:ad:94:53:3e:81:2a:c2:ab:83:
         f5:ff:c5:55:20:99:c8:b1:da:11:15:58:11:35:46:27:63:43:
         04:ed:54:b6:ff:fe:ec:54:1a:ae:0e:d7:d9:74:dc:c5:32:d3:
         82:6b:b4:71:c7:08:3c:86:9b:9c:2b:2e:e9:49:53:e0:6b:9f:
         68:72:68:51:3e:5a:99:17:a9:0e:c6:1e:f7:8b:29:c5:29:4b:
         1b:0f:7f:78:5b:23:ff:52:70:4a:ec:ae:db:e3:47:1a:1f:92:
         b3:3f:0e:0a:6a:7c:5c:d1:52:f6:f7:05:20:60:9b:de:c5:ef:
         57:82:00:25
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCqgmffC5KaU2R+4o2k/G7WJZQDcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE1MTYzODUxWhcNMjUxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BjNjI3YmI4NGM5YmM3ZmJmODIzNmUyODViMTlmNzA1NGY4
YzFmNWU1YjkzY2JkODg5NjFkNGE4NTRjMmFmNDg1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtcxLye/R+PpPUGmApTK9+FF3vfEZFDfNRJQjByis2adzT
yo9x5CRM1lVX9+8kqIZtH+wIpupWmjfQ2xaTD7wnN16FXD/ePGk8eWjtMoZYPenY
Z+0kObFf19kvmAu8ekl0a8ibMcjKZXD/fdF6ycsQASSFA7NL4sgKbBclj6whe5b0
43SV5aB/UYbxIvgsLH/7HhSMdHtuVVC5MsbH2LvgkL1t37T/SfbcUzyJNxBAZcGF
skjo6BUsRCUwX3lbHhNC/6EYXOhyEs1f0Mx/XrUHme4KP6XpurmBjcFmJT+ePIvc
glK9K7U8CR+KUvDEkJKDuc7Hp6W2TLeusPGDjVrLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgs6toM77+XENhuT8no8zczaMtw8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYzMjM1MWZjLWY4YmMtNDQ5ZC04ZWIxLTYwNTc2YjhmZGUzNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjVkcwDQYJKoZIhvcNAQELBQADggEBAH+8t0PwITcJigpdVjgHaGXlBHIM
2ytYlQPscuUSk4iko/Jg7QVzeyCbHAS0EGN36TVP+D/8sc9yeOSpPNAHzwgeU5/q
kbKshtaDCaSvQPg4E92ivrkBSRSbZnLP4f9IKqTVEszHdjTvtwSq9gg5SEhvzBBm
BxMxhnl7bpQYxSZBRtNhkojaM62UUz6BKsKrg/X/xVUgmcix2hEVWBE1RidjQwTt
VLb//uxUGq4O19l03MUy04JrtHHHCDyGm5wrLulJU+Brn2hyaFE+WpkXqQ7GHveL
KcUpSxsPf3hbI/9ScErsrtvjRxofkrM/DgpqfFzRUvb3BSBgm97F71eCACU=
-----END CERTIFICATE-----