Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7dd2d960-d24c-43fe-b097-eed3b0589eaf.roa
File:                     7dd2d960-d24c-43fe-b097-eed3b0589eaf.roa (raw, json)
Hash identifier:          RS7AOGaWNPJN9BZq6ymz1z7CU/t+1KoYaKDtRyk2XFA=
Subject key identifier:   6B:31:B2:E8:B3:12:E8:0F:5C:0B:5D:73:03:61:AF:A4:F6:EA:DA:07
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2A20448BFBDE524CEF2E1E97C8AA626B857ADDBD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7dd2d960-d24c-43fe-b097-eed3b0589eaf.roa
Signing time:             Wed 08 Oct 2025 00:40:53 +0000
ROA not before:           Wed 08 Oct 2025 00:40:53 +0000
ROA not after:            Wed 12 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.150.0.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:20:44:8b:fb:de:52:4c:ef:2e:1e:97:c8:aa:62:6b:85:7a:dd:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  8 00:40:53 2025 GMT
            Not After : Nov 12 23:59:59 2025 GMT
        Subject: serialNumber=5f610e3c6db7ca8f0163998ed0bb3aeda0c89586e1373e5ca56804cf30417652, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:3c:03:18:0c:72:eb:5b:14:af:f2:87:80:ce:
                    11:f4:b4:8a:99:a5:bb:d5:b8:e7:82:2a:f9:e3:01:
                    61:f2:98:5d:8e:97:34:a2:1c:2d:3c:5a:f8:b7:b5:
                    29:5d:6f:0a:eb:71:bd:23:a9:63:0d:e3:70:2d:72:
                    d3:4f:5e:04:95:99:e3:3f:54:c4:bf:af:16:2c:76:
                    42:c5:cf:ac:64:4f:31:e6:5a:a3:b1:b3:fe:d2:21:
                    9e:6c:ac:7b:c3:2d:dc:a1:bc:e9:3c:d1:ec:94:77:
                    57:09:c4:21:9c:fe:37:eb:54:b9:63:e0:54:c7:b1:
                    e9:90:82:e1:6a:10:56:1b:7d:f7:a5:b0:8f:a2:f2:
                    b1:f0:e3:3a:51:d5:75:69:7a:33:7f:19:57:fb:ba:
                    1f:40:8f:bd:0c:3f:b9:cc:0f:1b:0e:2d:13:6e:3c:
                    e6:b4:58:c1:56:ec:89:d9:3a:41:f8:19:bd:92:b0:
                    0a:10:1a:d4:ff:9b:ae:9e:4a:8f:b8:28:92:dd:b4:
                    6a:32:40:37:9e:30:ab:34:83:bd:a7:bc:76:aa:dc:
                    d0:d3:5a:00:35:88:a0:c8:31:b3:92:79:0c:26:81:
                    63:5a:6f:1e:6d:ac:c3:48:34:a1:a9:f4:e3:4d:70:
                    ce:77:5b:45:62:e9:60:92:63:d2:33:6c:24:5e:ac:
                    a6:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:31:B2:E8:B3:12:E8:0F:5C:0B:5D:73:03:61:AF:A4:F6:EA:DA:07
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7dd2d960-d24c-43fe-b097-eed3b0589eaf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.150.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         62:42:5c:b3:50:91:51:b1:80:fa:fa:b7:4d:73:4b:51:4c:4f:
         46:fb:c7:91:9f:b8:ec:95:d3:07:93:f7:9b:ec:8d:d7:16:8e:
         7d:00:20:e5:5b:10:4a:37:03:e0:54:16:19:9e:0d:99:e1:01:
         04:84:90:10:f4:c8:15:db:b2:b6:43:bf:89:95:71:f8:17:8a:
         ec:f0:90:ac:f4:5b:2e:f9:aa:5e:32:72:61:5b:bd:d7:48:ad:
         70:f4:2c:34:7a:2b:ab:d0:8d:cc:57:30:11:c5:97:e6:b8:4e:
         0a:39:48:5c:cb:a7:56:1e:4e:5a:dc:bf:1a:5b:7b:47:12:14:
         99:92:fb:ae:3c:c7:c3:2e:04:d2:74:64:a2:f4:b8:11:f8:37:
         58:a6:eb:d2:a7:cb:63:1f:4a:47:11:12:01:f0:7c:bc:e9:1d:
         62:ba:be:2a:47:e8:65:0a:29:3a:ea:90:95:ee:fd:3b:c4:7b:
         9e:11:91:f0:e7:d2:f9:30:74:5d:ae:2f:45:bf:71:50:99:98:
         45:da:cc:8b:f8:98:b5:b7:67:e0:ce:26:22:b8:64:00:35:09:
         aa:54:55:ec:5f:b8:6b:87:7a:c8:d5:8a:e5:49:e8:77:5e:53:
         d9:56:83:57:76:7f:fb:a8:7b:c7:4d:82:fc:8c:c6:39:de:e3:
         91:1e:f1:9c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKiBEi/veUkzvLh6XyKpia4V63b0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA4MDA0MDUzWhcNMjUxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZjYxMGUzYzZkYjdjYThmMDE2Mzk5OGVkMGJiM2FlZGEw
Yzg5NTg2ZTEzNzNlNWNhNTY4MDRjZjMwNDE3NjUyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDpPAMYDHLrWxSv8oeAzhH0tIqZpbvVuOeCKvnjAWHymF2O
lzSiHC08Wvi3tSldbwrrcb0jqWMN43AtctNPXgSVmeM/VMS/rxYsdkLFz6xkTzHm
WqOxs/7SIZ5srHvDLdyhvOk80eyUd1cJxCGc/jfrVLlj4FTHsemQguFqEFYbffel
sI+i8rHw4zpR1XVpejN/GVf7uh9Aj70MP7nMDxsOLRNuPOa0WMFW7InZOkH4Gb2S
sAoQGtT/m66eSo+4KJLdtGoyQDeeMKs0g72nvHaq3NDTWgA1iKDIMbOSeQwmgWNa
bx5trMNINKGp9ONNcM53W0Vi6WCSY9IzbCRerKaVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUazGy6LMS6A9cC11zA2GvpPbq2gcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdkZDJkOTYwLWQyNGMtNDNmZS1iMDk3LWVlZDNiMDU4OWVhZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjlgAwDQYJKoZIhvcNAQELBQADggEBAGJCXLNQkVGxgPr6t01zS1FMT0b7
x5GfuOyV0weT95vsjdcWjn0AIOVbEEo3A+BUFhmeDZnhAQSEkBD0yBXbsrZDv4mV
cfgXiuzwkKz0Wy75ql4ycmFbvddIrXD0LDR6K6vQjcxXMBHFl+a4Tgo5SFzLp1Ye
Tlrcvxpbe0cSFJmS+648x8MuBNJ0ZKL0uBH4N1im69Kny2MfSkcREgHwfLzpHWK6
vipH6GUKKTrqkJXu/TvEe54RkfDn0vkwdF2uL0W/cVCZmEXazIv4mLW3Z+DOJiK4
ZAA1CapUVexfuGuHesjViuVJ6HdeU9lWg1d2f/uoe8dNgvyMxjne45Ee8Zw=
-----END CERTIFICATE-----