Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/796dd7f9-c54a-477e-a2d5-3dd44566d245.roa
File:                     796dd7f9-c54a-477e-a2d5-3dd44566d245.roa (raw, json)
Hash identifier:          dnHV868dWK83mGDAa15MSLq3ood4Lq4y1xbGuA3EVQk=
Subject key identifier:   83:E8:04:9A:38:05:F6:CB:E4:6E:08:75:09:12:A0:2F:01:B2:51:6F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3049C161523675D4FB09DF75FC5AC74D0E7B19
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/796dd7f9-c54a-477e-a2d5-3dd44566d245.roa
Signing time:             Tue 14 Oct 2025 22:39:07 +0000
ROA not before:           Tue 14 Oct 2025 22:39:07 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.84.192.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:49:c1:61:52:36:75:d4:fb:09:df:75:fc:5a:c7:4d:0e:7b:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 22:39:07 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=7246955273bf8dfb811bb22de2b33dc43e38455a7bf9102530efdde943dce836, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:47:0e:5a:e6:29:6e:18:8a:3d:db:7a:31:db:
                    f8:7d:ad:35:ef:ec:38:4c:de:66:55:e8:23:24:e5:
                    75:e2:bd:de:30:91:c7:32:b6:21:53:d3:05:c9:69:
                    b6:63:5e:4f:07:68:d2:c4:3d:ab:e7:15:d4:02:25:
                    0f:8b:2b:23:a5:91:e9:b9:fb:a0:9d:48:3e:51:2f:
                    ff:b5:c8:63:82:05:ec:6b:ca:b1:cc:ad:93:90:2d:
                    39:b6:ec:f8:ce:2d:1c:cc:49:0d:24:71:eb:65:ea:
                    c7:fd:1d:e3:00:6f:ee:8d:eb:08:a4:e7:5e:80:9f:
                    e0:54:10:76:7a:a7:3a:b4:c0:f7:30:2a:dd:71:f7:
                    a3:35:0b:9c:9f:e6:b8:45:9b:b3:42:de:de:b9:70:
                    ac:fe:fc:c1:69:89:6f:00:af:0d:82:d8:d2:ed:58:
                    26:9e:2f:6e:d9:52:3d:ce:34:c1:b5:42:f0:47:f8:
                    66:f2:fe:3c:82:3a:e8:a0:0b:96:80:49:c1:45:66:
                    93:b0:17:90:da:ac:23:06:c2:2c:85:f0:c4:de:09:
                    fc:12:02:0c:84:23:76:f3:7c:ef:d1:e4:98:01:1a:
                    e3:65:4d:a3:1b:4c:72:5e:64:1d:34:ed:75:c0:bb:
                    21:77:04:de:e1:48:20:10:23:d2:bd:de:b8:ad:92:
                    13:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:E8:04:9A:38:05:F6:CB:E4:6E:08:75:09:12:A0:2F:01:B2:51:6F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/796dd7f9-c54a-477e-a2d5-3dd44566d245.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.84.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         50:49:0f:7f:e5:7e:ba:a2:df:41:73:e5:ab:78:30:a4:c5:8f:
         5c:99:85:66:f6:df:cf:d8:e9:75:9e:e6:89:41:a8:e5:69:dc:
         5e:14:34:90:60:7b:aa:ac:14:b6:c1:c6:20:5c:00:0e:b2:f8:
         2b:84:ba:32:da:80:8e:0d:fb:4a:d5:f7:8b:a0:6b:b1:f0:98:
         d9:8d:f9:99:c7:34:b9:6b:98:c6:6c:78:03:fb:99:45:5f:f3:
         88:b8:5e:66:2d:df:c1:f9:44:a3:cc:54:25:10:b8:17:e1:86:
         7b:a4:14:b6:85:83:f5:04:eb:a3:59:32:12:96:4d:25:13:35:
         69:35:a7:31:27:30:30:af:06:4b:6e:26:a2:e8:03:05:5d:08:
         27:95:78:63:fd:80:f2:8f:55:eb:d3:96:c7:93:25:87:73:b1:
         74:4e:cd:bf:1d:e2:97:b3:52:46:e1:39:1f:5b:9b:27:80:dc:
         69:5c:fb:d7:55:c0:12:19:a5:2e:d0:4d:85:83:cb:3b:23:ef:
         17:bf:d3:20:9c:b0:a5:1f:08:a9:a0:85:c4:10:eb:ab:80:a0:
         af:3a:a9:ea:ae:80:2f:92:27:43:a3:06:28:05:a1:b8:b9:e8:
         5b:e4:45:c1:33:59:f5:6e:1a:9b:06:dd:9a:a7:71:1d:87:ea:
         b1:78:d9:5b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITMEnBYVI2ddT7Cd91/FrHTQ57GTANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzI2ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAxOGQ0MmJlMzU4ZWIz
NzEwN2RiZThjYjcxZDBhNzAeFw0yNTEwMTQyMjM5MDdaFw0yNTExMTgyMzU5NTla
MHoxSTBHBgNVBAUTQDcyNDY5NTUyNzNiZjhkZmI4MTFiYjIyZGUyYjMzZGM0M2Uz
ODQ1NWE3YmY5MTAyNTMwZWZkZGU5NDNkY2U4MzYxLTArBgNVBAMTJGIyNWM5NzBm
LWQ4MTMtNDQ1Yy1iZmUyLTYyNjY4NTE4Yzg3ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANJHDlrmKW4Yij3bejHb+H2tNe/sOEzeZlXoIyTldeK93jCR
xzK2IVPTBclptmNeTwdo0sQ9q+cV1AIlD4srI6WR6bn7oJ1IPlEv/7XIY4IF7GvK
scytk5AtObbs+M4tHMxJDSRx62Xqx/0d4wBv7o3rCKTnXoCf4FQQdnqnOrTA9zAq
3XH3ozULnJ/muEWbs0Le3rlwrP78wWmJbwCvDYLY0u1YJp4vbtlSPc40wbVC8Ef4
ZvL+PII66KALloBJwUVmk7AXkNqsIwbCLIXwxN4J/BICDIQjdvN879HkmAEa42VN
oxtMcl5kHTTtdcC7IXcE3uFIIBAj0r3euK2SE+0CAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBSD6ASaOAX2y+RuCHUJEqAvAbJRbzAfBgNVHSMEGDAWgBQQXdeNVXhAq0Nd
vRUhII8p+kk/rjAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzFiYTMwMmI4LThk
YWItNDkxZC1iOWVkLWQ3YzkyZDAzMGQ4Mi82ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAx
OGQ0MmJlMzU4ZWIzNzEwN2RiZThjYjcxZDBhNy5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8yMGFhMzI5Yi1mYzUyLTRjNjEtYmY1My0wOTcy
NWMwNDI5NDIvNzk2ZGQ3ZjktYzU0YS00NzdlLWEyZDUtM2RkNDQ1NjZkMjQ1LnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMt
MDk3MjVjMDQyOTQyL19xeDNSSjhCalVLLU5ZNnpjUWZiNk10eDBLYy5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEBGNUwDANBgkqhkiG9w0BAQsFAAOCAQEAUEkPf+V+uqLfQXPlq3gwpMWPXJmF
Zvbfz9jpdZ7miUGo5WncXhQ0kGB7qqwUtsHGIFwADrL4K4S6MtqAjg37StX3i6Br
sfCY2Y35mcc0uWuYxmx4A/uZRV/ziLheZi3fwflEo8xUJRC4F+GGe6QUtoWD9QTr
o1kyEpZNJRM1aTWnMScwMK8GS24mougDBV0IJ5V4Y/2A8o9V69OWx5Mlh3OxdE7N
vx3il7NSRuE5H1ubJ4DcaVz711XAEhmlLtBNhYPLOyPvF7/TIJywpR8IqaCFxBDr
q4Cgrzqp6q6AL5InQ6MGKAWhuLnoW+RFwTNZ9W4amwbdmqdxHYfqsXjZWw==
-----END CERTIFICATE-----