Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7561a700-0da6-4f4d-9e3e-96a010c7cb91.roa
File:                     7561a700-0da6-4f4d-9e3e-96a010c7cb91.roa (raw, json)
Hash identifier:          GeHXVM95GpjqcJK7OQFPt1WL++Lf34hK4dT9JxBnvNU=
Subject key identifier:   29:C2:F0:15:91:FB:CB:1F:78:63:EF:DE:7D:1A:C4:60:BD:6A:61:C2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       34AE52ACFD121D265B334C68D027F2101D908B4E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7561a700-0da6-4f4d-9e3e-96a010c7cb91.roa
Signing time:             Wed 08 Oct 2025 00:21:17 +0000
ROA not before:           Wed 08 Oct 2025 00:21:17 +0000
ROA not after:            Wed 12 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.150.18.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:ae:52:ac:fd:12:1d:26:5b:33:4c:68:d0:27:f2:10:1d:90:8b:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  8 00:21:17 2025 GMT
            Not After : Nov 12 23:59:59 2025 GMT
        Subject: serialNumber=1d5694e6d154ae914e643f36bb2a1d65548f6d47520cee09372c97f6871eb067, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:11:ef:07:dc:8c:5c:4c:bd:4a:bc:d2:94:cd:
                    4d:ab:91:0d:c4:df:44:86:e3:67:1d:09:cf:fb:33:
                    9e:e5:53:51:69:27:c6:55:52:da:81:2a:db:9d:1a:
                    57:0f:d9:f5:5b:06:7e:60:30:0c:90:67:3f:7c:df:
                    60:1a:ae:90:77:02:9d:d2:c6:2d:43:45:4d:f6:7a:
                    96:fd:62:be:b8:e8:84:ff:87:91:22:79:b1:04:98:
                    c7:37:1c:53:86:f9:33:ef:23:c6:8d:87:ca:91:b1:
                    2e:de:8d:68:c4:84:4f:99:a2:a9:ed:02:3a:bf:72:
                    62:a2:95:50:3a:78:75:b8:c3:7a:74:68:0d:05:8f:
                    dd:a1:4a:11:52:89:3f:49:d5:15:a1:b8:47:bf:4c:
                    fb:f7:2a:04:41:5c:76:42:11:e5:54:fb:a7:ae:64:
                    08:2a:11:21:23:77:53:95:61:1e:4c:70:b9:87:c0:
                    59:49:23:e9:c2:c9:c2:c5:c9:f7:2f:c1:13:e8:b6:
                    2d:6d:c4:19:e1:bb:75:4b:1e:c8:ad:3e:2f:9b:30:
                    46:65:b1:c9:c9:b2:f6:37:52:21:49:20:f6:5b:ce:
                    60:e6:ab:a3:48:ef:c7:50:e7:bf:49:94:cc:49:f7:
                    85:fb:8e:12:b4:85:9c:b0:e0:3c:c8:2f:e4:35:47:
                    3c:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:C2:F0:15:91:FB:CB:1F:78:63:EF:DE:7D:1A:C4:60:BD:6A:61:C2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7561a700-0da6-4f4d-9e3e-96a010c7cb91.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.150.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:cf:bf:02:8f:ff:d1:ba:a5:b1:0b:73:ad:c0:23:08:00:f8:
         8f:61:5b:d2:4b:06:2a:dd:bc:73:96:9e:00:24:14:a1:9d:2a:
         02:cf:05:f4:ef:70:14:70:99:d3:7e:c6:a6:f8:d0:1d:59:c6:
         a6:2b:88:26:31:4c:91:69:e3:ec:9a:cc:f0:21:2a:95:4d:b3:
         e7:8b:f4:30:21:d3:30:b4:72:f7:b4:ec:6e:14:e8:86:a6:75:
         05:da:26:42:b5:b4:58:d3:69:17:3d:c3:2d:16:86:c8:ed:38:
         51:b5:fb:9e:d1:e5:fb:39:5a:cf:84:fc:03:a8:9e:1c:c4:ec:
         4a:f5:d7:be:86:21:48:14:6d:9d:5d:a3:78:6a:3a:7b:35:c3:
         59:de:3c:c2:13:97:55:fc:25:ef:ba:b9:01:c6:84:f3:17:48:
         3d:c7:46:26:28:f0:6f:d5:40:be:6e:c7:c3:2b:0f:c4:cd:ec:
         d6:48:8a:c0:1b:c0:bd:b1:39:6f:2a:58:d3:d8:94:f0:49:ac:
         cb:41:dc:f7:74:55:08:45:69:30:2b:30:63:c0:83:28:3d:51:
         86:4b:e8:d7:f5:98:89:18:71:e0:ec:06:25:f5:56:5b:60:70:
         7a:dc:6c:3c:d3:ec:3a:21:70:94:21:76:b6:0f:be:5e:f4:b2:
         8f:59:7f:10
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNK5SrP0SHSZbM0xo0CfyEB2Qi04wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA4MDAyMTE3WhcNMjUxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AxZDU2OTRlNmQxNTRhZTkxNGU2NDNmMzZiYjJhMWQ2NTU0
OGY2ZDQ3NTIwY2VlMDkzNzJjOTdmNjg3MWViMDY3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAEe8H3IxcTL1KvNKUzU2rkQ3E30SG42cdCc/7M57lU1Fp
J8ZVUtqBKtudGlcP2fVbBn5gMAyQZz9832AarpB3Ap3Sxi1DRU32epb9Yr646IT/
h5EiebEEmMc3HFOG+TPvI8aNh8qRsS7ejWjEhE+ZoqntAjq/cmKilVA6eHW4w3p0
aA0Fj92hShFSiT9J1RWhuEe/TPv3KgRBXHZCEeVU+6euZAgqESEjd1OVYR5McLmH
wFlJI+nCycLFyfcvwRPoti1txBnhu3VLHsitPi+bMEZlscnJsvY3UiFJIPZbzmDm
q6NI78dQ579JlMxJ94X7jhK0hZyw4DzIL+Q1RzxhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKcLwFZH7yx94Y+/efRrEYL1qYcIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc1NjFhNzAwLTBkYTYtNGY0ZC05ZTNlLTk2YTAxMGM3Y2I5MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjlhIwDQYJKoZIhvcNAQELBQADggEBAGPPvwKP/9G6pbELc63AIwgA+I9h
W9JLBirdvHOWngAkFKGdKgLPBfTvcBRwmdN+xqb40B1ZxqYriCYxTJFp4+yazPAh
KpVNs+eL9DAh0zC0cve07G4U6IamdQXaJkK1tFjTaRc9wy0WhsjtOFG1+57R5fs5
Ws+E/AOonhzE7Er1176GIUgUbZ1do3hqOns1w1nePMITl1X8Je+6uQHGhPMXSD3H
RiYo8G/VQL5ux8MrD8TN7NZIisAbwL2xOW8qWNPYlPBJrMtB3Pd0VQhFaTArMGPA
gyg9UYZL6Nf1mIkYceDsBiX1VltgcHrcbDzT7DohcJQhdrYPvl70so9ZfxA=
-----END CERTIFICATE-----