Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/653e586a-7b64-4609-9a19-529112bb8763.roa
File:                     653e586a-7b64-4609-9a19-529112bb8763.roa (raw, json)
Hash identifier:          pPQTISsbNPFd+ftsKlk8GGjDG/ElpNtGJc+zI63w6zM=
Subject key identifier:   03:6D:4F:36:E2:07:7A:5D:9E:23:42:1F:D4:66:A6:AA:6C:8C:15:7B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       432CAC2A8F94A9F80E5EA84FF6516DAED870EBDD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/653e586a-7b64-4609-9a19-529112bb8763.roa
Signing time:             Wed 15 Oct 2025 18:21:14 +0000
ROA not before:           Wed 15 Oct 2025 18:21:14 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.86.204.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:2c:ac:2a:8f:94:a9:f8:0e:5e:a8:4f:f6:51:6d:ae:d8:70:eb:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 15 18:21:14 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=64240eab4b0f2b7ce131efcc7d4163f476f531d85a8157464304bd50ba4318c5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:30:8d:e1:43:72:f5:0b:5e:43:04:f9:d0:e5:
                    0b:0d:50:e5:c7:a2:94:be:1d:26:47:c3:24:7b:07:
                    e4:95:89:d5:9a:90:ca:26:c0:a0:5d:c0:46:bf:05:
                    17:6f:ce:62:4d:c9:db:1f:b3:91:83:1c:30:28:e0:
                    4f:6d:99:b5:31:63:09:33:ec:f6:05:a1:78:de:ba:
                    a5:54:5d:f9:88:ea:9f:e9:48:e1:cd:c9:0d:5f:4d:
                    6b:3e:be:64:04:fd:d6:97:7b:fa:27:75:c2:ad:d2:
                    6d:12:28:7f:ec:18:a0:2c:26:cd:89:8f:f9:c3:70:
                    a6:05:e7:2c:7b:88:1c:b3:82:a1:c0:bf:b2:24:d8:
                    f1:e9:83:d5:06:58:66:71:17:6a:04:dc:95:43:98:
                    2a:94:43:a2:ec:96:b5:39:fe:6a:d8:77:be:76:49:
                    df:e4:c4:81:46:2a:b0:f3:01:73:9c:98:38:16:99:
                    9d:82:f9:b6:22:88:60:c5:08:e7:15:06:40:1d:7b:
                    2e:46:d6:03:a7:6b:7f:ff:da:b6:a4:17:c2:2c:60:
                    de:75:77:8a:6b:d2:0b:63:f2:ec:10:e0:4e:14:27:
                    3d:b4:80:60:21:97:7a:74:b1:a0:ef:7c:7c:fb:d3:
                    d9:4c:fa:8f:7b:76:94:e2:23:c7:59:8f:e3:ea:19:
                    53:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:6D:4F:36:E2:07:7A:5D:9E:23:42:1F:D4:66:A6:AA:6C:8C:15:7B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/653e586a-7b64-4609-9a19-529112bb8763.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.86.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:e9:0b:4f:28:ee:45:f0:ef:7b:2a:64:86:e2:20:bd:f3:e5:
         02:5b:2f:12:aa:2a:76:32:fd:01:8a:b9:df:98:7d:92:fc:3d:
         22:85:d2:d3:b9:8e:00:79:0d:c2:9c:26:e0:3f:28:21:39:5d:
         82:c8:55:85:88:e8:fc:d8:1e:d9:52:c5:e0:c3:a5:e0:8e:54:
         7b:f8:9d:86:de:9d:3f:4b:5e:a6:d8:e0:8e:b2:c1:2b:dc:1c:
         34:8a:22:8a:f4:17:c2:26:d7:67:0a:e6:d7:da:1b:80:e1:07:
         b5:58:b9:46:9a:43:be:8f:dc:0a:8e:98:9b:3d:fd:69:74:7a:
         23:bf:16:1e:b6:43:04:6a:13:d3:e7:90:3c:7c:ec:39:f9:97:
         2b:89:f0:3d:0c:c0:e4:db:35:c5:45:73:e0:71:41:b1:e7:b6:
         87:45:22:1b:f9:ee:d1:ab:58:3d:62:e1:6f:4e:5e:21:c6:09:
         01:f6:aa:eb:c2:c4:65:38:0b:36:ab:4d:b7:a1:74:ca:26:ba:
         ba:ff:31:a2:68:d1:fc:21:a3:ac:2c:c0:be:2e:b4:02:89:18:
         4a:aa:36:45:a3:ea:64:c7:df:06:bc:49:20:20:4e:2b:47:9d:
         da:f6:3f:b0:0a:9a:bf:5e:ac:6c:ab:39:ff:4b:88:5b:45:bd:
         56:62:a8:36
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQyysKo+UqfgOXqhP9lFtrthw690wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE1MTgyMTE0WhcNMjUxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NDI0MGVhYjRiMGYyYjdjZTEzMWVmY2M3ZDQxNjNmNDc2
ZjUzMWQ4NWE4MTU3NDY0MzA0YmQ1MGJhNDMxOGM1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCMI3hQ3L1C15DBPnQ5QsNUOXHopS+HSZHwyR7B+SVidWa
kMomwKBdwEa/BRdvzmJNydsfs5GDHDAo4E9tmbUxYwkz7PYFoXjeuqVUXfmI6p/p
SOHNyQ1fTWs+vmQE/daXe/ondcKt0m0SKH/sGKAsJs2Jj/nDcKYF5yx7iByzgqHA
v7Ik2PHpg9UGWGZxF2oE3JVDmCqUQ6LslrU5/mrYd752Sd/kxIFGKrDzAXOcmDgW
mZ2C+bYiiGDFCOcVBkAdey5G1gOna3//2rakF8IsYN51d4pr0gtj8uwQ4E4UJz20
gGAhl3p0saDvfHz709lM+o97dpTiI8dZj+PqGVOvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUA21PNuIHel2eI0If1GamqmyMFXswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY1M2U1ODZhLTdiNjQtNDYwOS05YTE5LTUyOTExMmJiODc2My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJjVswwDQYJKoZIhvcNAQELBQADggEBAGHpC08o7kXw73sqZIbiIL3z5QJb
LxKqKnYy/QGKud+YfZL8PSKF0tO5jgB5DcKcJuA/KCE5XYLIVYWI6PzYHtlSxeDD
peCOVHv4nYbenT9LXqbY4I6ywSvcHDSKIor0F8Im12cK5tfaG4DhB7VYuUaaQ76P
3AqOmJs9/Wl0eiO/Fh62QwRqE9PnkDx87Dn5lyuJ8D0MwOTbNcVFc+BxQbHntodF
Ihv57tGrWD1i4W9OXiHGCQH2quvCxGU4CzarTbehdMomurr/MaJo0fwho6wswL4u
tAKJGEqqNkWj6mTH3wa8SSAgTitHndr2P7AKmr9erGyrOf9LiFtFvVZiqDY=
-----END CERTIFICATE-----