Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/99e76bed-4876-4074-b094-a8f190cd7137.roa
File:                     99e76bed-4876-4074-b094-a8f190cd7137.roa (raw, json)
Hash identifier:          h73FSgxzsZXtdSBu6N6prB+s3iCm5EGiWJEeOyiEgi4=
Subject key identifier:   7D:CE:64:24:0C:41:88:71:76:C2:A2:F6:7C:14:AF:F4:A9:DE:93:BC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       20E680BE7715FF427788E057B300FC973ADDA809
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/99e76bed-4876-4074-b094-a8f190cd7137.roa
Signing time:             Tue 14 Oct 2025 21:22:02 +0000
ROA not before:           Tue 14 Oct 2025 21:22:02 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.84.78.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:e6:80:be:77:15:ff:42:77:88:e0:57:b3:00:fc:97:3a:dd:a8:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 21:22:02 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=1ed9719fa8d8254c9cc76b8f70556878dae336ba9762d49d0fb1b56751f21697, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ae:ab:2d:d3:0d:56:a0:1a:44:d7:ee:b0:a6:
                    da:11:ef:38:9a:5a:90:8b:a8:83:f7:8c:a8:59:25:
                    e5:4b:f4:c8:d7:a9:57:fa:fa:74:ef:93:a1:3f:1e:
                    d7:2a:bb:14:c9:36:85:33:9c:f2:e6:b7:f1:3b:9f:
                    a5:d0:e0:49:dd:ca:5f:b3:c3:82:23:a1:be:8a:92:
                    7a:8c:18:bd:fc:2e:3e:14:3e:d7:20:7d:c0:a1:81:
                    e0:a4:73:b5:75:26:1a:f4:15:30:a5:45:92:bc:04:
                    6c:14:25:e3:41:13:67:a0:cd:8d:a6:cf:c2:7c:0b:
                    e3:23:d7:99:3d:b7:a9:1a:d1:8a:10:8a:90:9b:1b:
                    43:1a:b4:dd:42:37:87:ae:ed:42:80:ba:fa:53:bc:
                    d0:47:46:6e:71:f6:59:49:46:28:ce:24:e4:c8:39:
                    0f:e0:db:f1:64:6a:44:b7:b6:5d:77:e9:37:73:1c:
                    7f:c9:d0:10:f0:90:2c:23:fa:ad:44:f9:ba:00:a3:
                    59:de:9a:49:7f:26:76:77:80:2d:df:be:05:14:28:
                    ef:38:e1:47:e8:31:91:64:3d:6b:23:14:76:85:c8:
                    80:2d:7f:d4:c6:79:e0:2d:49:75:b6:74:40:68:cf:
                    0a:66:de:bb:36:12:6b:54:5a:ec:cb:07:49:8e:37:
                    2a:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:CE:64:24:0C:41:88:71:76:C2:A2:F6:7C:14:AF:F4:A9:DE:93:BC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/99e76bed-4876-4074-b094-a8f190cd7137.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.84.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a2:28:b2:91:e1:fd:b9:73:04:b3:cd:18:86:24:ea:23:d4:70:
         5b:43:1a:3b:d1:56:df:24:e2:73:9a:5c:24:57:d3:f8:e3:37:
         53:d4:4d:eb:c4:00:08:ba:2a:34:e4:0e:75:76:5f:b0:3a:d2:
         46:43:8f:09:1d:36:f9:a5:92:db:2f:5c:50:68:c5:02:76:42:
         b4:b2:e2:93:04:c5:e7:ba:7e:1b:ef:42:ed:fb:c5:14:2b:6a:
         90:ac:11:39:54:c8:57:c7:99:93:dc:aa:07:79:fc:4b:b1:07:
         b4:2a:d8:94:28:f5:97:bb:79:ed:4d:d8:20:02:f6:70:11:d7:
         2f:ba:6f:96:eb:8e:00:c3:93:9f:a4:47:24:df:35:3e:c9:1f:
         9d:01:55:b3:ed:7b:66:f0:94:4a:d3:99:c0:fb:19:4b:19:d5:
         ef:7e:1d:d8:42:38:5e:13:bc:0e:19:bc:fd:df:9b:64:ae:f4:
         99:7b:1e:c1:12:ab:47:96:2c:44:ef:17:33:59:8e:e1:e9:81:
         8a:49:04:43:5b:0a:9f:6f:4a:13:29:4d:48:79:8e:d2:7c:d9:
         07:1f:3a:42:0c:b2:3c:f0:2a:3a:71:e1:79:0d:0b:10:de:1e:
         c8:33:5c:41:ed:20:94:a0:b8:c2:5d:fa:22:f5:5b:8b:01:b4:
         87:01:17:a4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIOaAvncV/0J3iOBXswD8lzrdqAkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MjEyMjAyWhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZWQ5NzE5ZmE4ZDgyNTRjOWNjNzZiOGY3MDU1Njg3OGRh
ZTMzNmJhOTc2MmQ0OWQwZmIxYjU2NzUxZjIxNjk3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUrqst0w1WoBpE1+6wptoR7ziaWpCLqIP3jKhZJeVL9MjX
qVf6+nTvk6E/HtcquxTJNoUznPLmt/E7n6XQ4Endyl+zw4Ijob6KknqMGL38Lj4U
PtcgfcChgeCkc7V1Jhr0FTClRZK8BGwUJeNBE2egzY2mz8J8C+Mj15k9t6ka0YoQ
ipCbG0MatN1CN4eu7UKAuvpTvNBHRm5x9llJRijOJOTIOQ/g2/FkakS3tl136Tdz
HH/J0BDwkCwj+q1E+boAo1nemkl/JnZ3gC3fvgUUKO844UfoMZFkPWsjFHaFyIAt
f9TGeeAtSXW2dEBozwpm3rs2EmtUWuzLB0mONyohAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfc5kJAxBiHF2wqL2fBSv9Knek7wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk5ZTc2YmVkLTQ4NzYtNDA3NC1iMDk0LWE4ZjE5MGNkNzEzNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFjVE4wDQYJKoZIhvcNAQELBQADggEBAKIospHh/blzBLPNGIYk6iPUcFtD
GjvRVt8k4nOaXCRX0/jjN1PUTevEAAi6KjTkDnV2X7A60kZDjwkdNvmlktsvXFBo
xQJ2QrSy4pMExee6fhvvQu37xRQrapCsETlUyFfHmZPcqgd5/EuxB7Qq2JQo9Ze7
ee1N2CAC9nAR1y+6b5brjgDDk5+kRyTfNT7JH50BVbPte2bwlErTmcD7GUsZ1e9+
HdhCOF4TvA4ZvP3fm2Su9Jl7HsESq0eWLETvFzNZjuHpgYpJBENbCp9vShMpTUh5
jtJ82QcfOkIMsjzwKjpx4XkNCxDeHsgzXEHtIJSguMJd+iL1W4sBtIcBF6Q=
-----END CERTIFICATE-----