Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/89e7c1c3-c62e-45f7-8446-bc444ecdf46f.roa
File:                     89e7c1c3-c62e-45f7-8446-bc444ecdf46f.roa (raw, json)
Hash identifier:          +BALZoOkPLMHEV4RFOvC1eUPTdCxuPQs+8NXR2snglk=
Subject key identifier:   69:8B:DA:69:77:95:D5:08:44:AD:D8:DE:23:1C:45:B0:49:FE:8B:2E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       25C021E419FB9FF0867CDB751A0B91749A290C46
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/89e7c1c3-c62e-45f7-8446-bc444ecdf46f.roa
Signing time:             Tue 14 Oct 2025 22:02:54 +0000
ROA not before:           Tue 14 Oct 2025 22:02:54 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.84.40.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:c0:21:e4:19:fb:9f:f0:86:7c:db:75:1a:0b:91:74:9a:29:0c:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 22:02:54 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=5a22708e763e5fb123a61acfa50f7f2a35704e4765085c46af499bb479b9a301, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:33:13:96:60:de:76:65:b4:5e:59:bf:1f:03:
                    c4:67:af:23:f9:05:31:23:43:f9:66:d8:e8:56:cb:
                    ce:50:f8:3d:9b:42:a1:28:20:96:f6:22:8e:38:81:
                    a9:5e:50:ea:5c:07:19:e8:0f:d8:ef:c8:ce:8e:83:
                    be:a4:3c:d7:50:83:aa:0b:bf:e2:f3:66:19:7e:91:
                    db:1e:3f:67:57:4c:33:d0:c2:3d:ef:00:35:6c:ab:
                    90:7c:51:fc:52:7f:00:d3:a4:9d:09:c1:20:79:15:
                    71:1b:6a:a2:b5:31:31:40:07:c6:a5:3f:76:e2:a0:
                    ab:9c:89:cd:8e:72:53:2e:be:e1:e5:51:f9:1d:85:
                    50:67:61:5c:e0:ee:af:7c:f0:ac:68:cc:51:ae:7d:
                    cd:9a:54:99:64:12:4f:43:9f:08:68:4f:df:2e:e7:
                    7e:30:a4:08:62:49:d8:dd:da:c9:60:20:c3:1d:e4:
                    cd:3d:e5:3c:8b:6d:8f:1c:f8:97:63:19:5d:ae:3d:
                    35:cd:14:4e:67:f1:35:64:fc:43:7c:d1:46:3d:e7:
                    84:7f:ff:26:2e:bf:36:9a:c5:5d:13:58:78:cd:f6:
                    30:3c:e3:28:fc:c2:5d:94:7e:71:7b:69:06:40:58:
                    5f:0b:27:80:82:4b:cc:dd:96:34:a5:9a:83:35:a1:
                    bf:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:8B:DA:69:77:95:D5:08:44:AD:D8:DE:23:1C:45:B0:49:FE:8B:2E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/89e7c1c3-c62e-45f7-8446-bc444ecdf46f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.84.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0b:da:4b:4a:fd:bd:45:eb:cd:83:02:dc:1d:4f:2c:5f:49:77:
         d0:38:4a:c4:4f:4b:bf:a9:c7:a3:d7:fb:26:5d:3b:d0:1c:60:
         98:70:8e:db:55:79:e1:3c:fd:e9:f1:eb:4d:30:51:75:19:23:
         f3:1c:10:0b:a4:35:79:aa:f0:a3:6b:c8:e0:4a:51:99:b7:6b:
         55:63:02:84:f9:66:e1:db:34:21:0b:98:01:2a:b7:42:73:f8:
         d4:0e:75:90:73:54:56:b9:fe:6b:40:3b:56:e9:95:0e:6b:12:
         49:10:f9:23:0e:de:87:d6:f7:95:41:ab:13:c9:db:89:2c:1e:
         fa:d9:9e:02:17:ed:a7:aa:c7:69:7a:85:2d:5c:c4:49:87:e8:
         85:92:c4:80:ec:37:23:9c:43:fd:5f:bf:1d:cd:65:b8:18:76:
         f8:f3:da:3b:e5:03:34:a3:45:02:e5:de:10:c9:4e:e8:72:9f:
         eb:5f:4a:f9:92:ec:ab:59:f7:c3:10:c7:e4:a0:d8:89:05:b7:
         51:05:67:be:af:89:52:54:8a:06:d4:66:1a:0b:0e:c9:22:de:
         83:83:fb:cf:92:c9:f9:67:b6:0b:57:38:52:7a:cd:1b:b3:ce:
         08:14:75:ee:b6:9c:be:92:b0:cd:75:72:7e:c6:ad:f8:dd:63:
         0b:e0:2b:f7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJcAh5Bn7n/CGfNt1GguRdJopDEYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MjIwMjU0WhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YTIyNzA4ZTc2M2U1ZmIxMjNhNjFhY2ZhNTBmN2YyYTM1
NzA0ZTQ3NjUwODVjNDZhZjQ5OWJiNDc5YjlhMzAxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuMxOWYN52ZbReWb8fA8RnryP5BTEjQ/lm2OhWy85Q+D2b
QqEoIJb2Io44galeUOpcBxnoD9jvyM6Og76kPNdQg6oLv+LzZhl+kdseP2dXTDPQ
wj3vADVsq5B8UfxSfwDTpJ0JwSB5FXEbaqK1MTFAB8alP3bioKucic2OclMuvuHl
UfkdhVBnYVzg7q988KxozFGufc2aVJlkEk9DnwhoT98u534wpAhiSdjd2slgIMMd
5M095TyLbY8c+JdjGV2uPTXNFE5n8TVk/EN80UY954R//yYuvzaaxV0TWHjN9jA8
4yj8wl2UfnF7aQZAWF8LJ4CCS8zdljSlmoM1ob9BAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUaYvaaXeV1QhErdjeIxxFsEn+iy4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg5ZTdjMWMzLWM2MmUtNDVmNy04NDQ2LWJjNDQ0ZWNkZjQ2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjVCgwDQYJKoZIhvcNAQELBQADggEBAAvaS0r9vUXrzYMC3B1PLF9Jd9A4
SsRPS7+px6PX+yZdO9AcYJhwjttVeeE8/enx600wUXUZI/McEAukNXmq8KNryOBK
UZm3a1VjAoT5ZuHbNCELmAEqt0Jz+NQOdZBzVFa5/mtAO1bplQ5rEkkQ+SMO3ofW
95VBqxPJ24ksHvrZngIX7aeqx2l6hS1cxEmH6IWSxIDsNyOcQ/1fvx3NZbgYdvjz
2jvlAzSjRQLl3hDJTuhyn+tfSvmS7KtZ98MQx+Sg2IkFt1EFZ76viVJUigbUZhoL
Dski3oOD+8+SyflntgtXOFJ6zRuzzggUde62nL6SsM11cn7GrfjdYwvgK/c=
-----END CERTIFICATE-----