Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8f289340-82bf-42dd-8b4e-a118719df322.roa
File:                     8f289340-82bf-42dd-8b4e-a118719df322.roa (raw, json)
Hash identifier:          IwAAWiiI3Ypfu8qKltrID8q1ljSbgbTmp7W+utNSXzc=
Subject key identifier:   3D:DB:CE:5A:D9:70:BE:8D:19:0C:A1:69:0D:28:28:61:FD:2F:F7:B8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4D05ED823B3361120E9412AA48FC2C4A3A462958
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8f289340-82bf-42dd-8b4e-a118719df322.roa
Signing time:             Wed 08 Oct 2025 00:51:22 +0000
ROA not before:           Wed 08 Oct 2025 00:51:22 +0000
ROA not after:            Wed 12 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.72.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:05:ed:82:3b:33:61:12:0e:94:12:aa:48:fc:2c:4a:3a:46:29:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  8 00:51:22 2025 GMT
            Not After : Nov 12 23:59:59 2025 GMT
        Subject: serialNumber=6ddce74aba46f69c62ca2a58c9d81edc23e304b18ce13212ce4ccfe09a2ce9df, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:2f:1f:ac:e2:a4:55:25:0a:fb:2a:e4:20:ea:
                    82:75:a5:d0:a6:b9:2d:f4:7a:4b:0c:1e:71:b2:f7:
                    de:71:81:34:bb:6c:45:3c:0e:53:71:5d:24:54:2b:
                    01:af:23:85:ab:a6:57:ee:7f:b6:b4:74:ee:80:aa:
                    9c:e3:da:ce:44:49:89:84:00:b6:b7:ed:4a:24:34:
                    9b:f9:91:16:93:f1:92:5a:13:b5:91:92:bf:5c:fa:
                    c4:1e:46:37:cc:92:de:81:69:4d:5e:0d:ae:43:4d:
                    90:29:4a:37:f7:9a:61:0a:54:26:a8:54:0b:5a:40:
                    89:81:0e:a8:fa:a0:d5:7a:bb:89:b5:d7:1d:26:34:
                    27:5f:76:06:32:33:1e:5c:95:ed:eb:14:ad:37:ac:
                    42:db:4e:bf:d8:27:49:02:2b:93:b3:09:31:b6:13:
                    9f:ee:cf:88:00:b7:19:af:94:f5:98:0c:1a:c5:0e:
                    2d:51:14:63:dd:50:c3:c4:0b:74:9c:c4:3d:29:67:
                    7f:f0:7c:90:86:6b:fc:c9:94:fa:6f:e3:ef:0e:2f:
                    e6:6c:83:d5:fd:89:8b:23:82:57:2f:c7:2f:e0:45:
                    d4:59:f4:33:8f:52:92:f3:89:b0:0b:7d:57:75:37:
                    b5:b0:1a:0a:99:e5:f5:1a:a8:32:75:b3:b5:33:f0:
                    89:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:DB:CE:5A:D9:70:BE:8D:19:0C:A1:69:0D:28:28:61:FD:2F:F7:B8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8f289340-82bf-42dd-8b4e-a118719df322.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         01:eb:e1:85:bd:5b:f7:29:0a:57:7b:df:18:c1:e8:a5:77:70:
         6a:f1:0c:2f:11:b2:23:71:eb:5c:b2:2e:78:1c:c2:17:18:05:
         38:1f:f2:c3:3f:a5:02:a8:7d:4a:3f:63:9b:09:51:28:f4:a8:
         b9:4e:d1:2b:8a:7c:4f:81:23:ef:d6:b7:ac:15:04:0c:07:c1:
         7c:1d:df:1c:5e:c2:a6:80:0b:32:32:72:c1:ae:76:2e:20:37:
         d6:81:fe:e2:f3:3f:22:b5:75:a2:41:53:24:62:59:c6:51:3f:
         f2:8c:b6:a7:72:aa:1e:c9:66:94:1b:f5:78:2e:84:0e:8d:66:
         aa:52:c9:e2:42:7b:74:a8:19:28:dc:d7:ad:27:4e:5b:8c:5d:
         81:e8:ee:20:41:ad:1d:6c:5b:3b:ec:1b:aa:c2:3d:33:d6:f1:
         05:46:f5:e7:a9:88:1c:f4:b3:f5:17:c2:c1:a0:ea:ce:04:b2:
         82:11:73:11:e1:fc:d9:d9:31:4a:bf:92:cb:fc:96:9d:14:ed:
         f4:c7:3e:47:02:1e:80:48:3f:69:c1:23:64:bd:1b:3b:39:09:
         54:28:55:78:52:2f:82:7b:bf:22:e8:55:7c:6e:ca:24:0b:73:
         17:da:22:0f:b8:68:0e:58:99:7d:e2:46:e5:54:4b:fd:21:15:
         e5:98:ad:c6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTQXtgjszYRIOlBKqSPwsSjpGKVgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA4MDA1MTIyWhcNMjUxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZGRjZTc0YWJhNDZmNjljNjJjYTJhNThjOWQ4MWVkYzIz
ZTMwNGIxOGNlMTMyMTJjZTRjY2ZlMDlhMmNlOWRmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRLx+s4qRVJQr7KuQg6oJ1pdCmuS30eksMHnGy995xgTS7
bEU8DlNxXSRUKwGvI4Wrplfuf7a0dO6Aqpzj2s5ESYmEALa37UokNJv5kRaT8ZJa
E7WRkr9c+sQeRjfMkt6BaU1eDa5DTZApSjf3mmEKVCaoVAtaQImBDqj6oNV6u4m1
1x0mNCdfdgYyMx5cle3rFK03rELbTr/YJ0kCK5OzCTG2E5/uz4gAtxmvlPWYDBrF
Di1RFGPdUMPEC3ScxD0pZ3/wfJCGa/zJlPpv4+8OL+Zsg9X9iYsjglcvxy/gRdRZ
9DOPUpLzibALfVd1N7WwGgqZ5fUaqDJ1s7Uz8IlxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPdvOWtlwvo0ZDKFpDSgoYf0v97gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhmMjg5MzQwLTgyYmYtNDJkZC04YjRlLWExMTg3MTlkZjMyMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjl0gwDQYJKoZIhvcNAQELBQADggEBAAHr4YW9W/cpCld73xjB6KV3cGrx
DC8RsiNx61yyLngcwhcYBTgf8sM/pQKofUo/Y5sJUSj0qLlO0SuKfE+BI+/Wt6wV
BAwHwXwd3xxewqaACzIycsGudi4gN9aB/uLzPyK1daJBUyRiWcZRP/KMtqdyqh7J
ZpQb9XguhA6NZqpSyeJCe3SoGSjc160nTluMXYHo7iBBrR1sWzvsG6rCPTPW8QVG
9eepiBz0s/UXwsGg6s4EsoIRcxHh/NnZMUq/ksv8lp0U7fTHPkcCHoBIP2nBI2S9
Gzs5CVQoVXhSL4J7vyLoVXxuyiQLcxfaIg+4aA5YmX3iRuVUS/0hFeWYrcY=
-----END CERTIFICATE-----