Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9d63cd7b-5f9f-40bd-a7d4-e2a1d5ca5822.roa
File:                     9d63cd7b-5f9f-40bd-a7d4-e2a1d5ca5822.roa (raw, json)
Hash identifier:          zeTMdwKdsD+04jYw2Oyt9PFovG90vwx6OQ+ac/u0f8Q=
Subject key identifier:   41:78:8F:22:38:D9:F8:82:24:29:A7:EA:0A:51:7D:ED:EE:20:0F:23
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5807B0BE062602BB82F06F15E53AF9DA31A481EF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9d63cd7b-5f9f-40bd-a7d4-e2a1d5ca5822.roa
Signing time:             Wed 08 Oct 2025 00:42:53 +0000
ROA not before:           Wed 08 Oct 2025 00:42:53 +0000
ROA not after:            Wed 12 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.128.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:07:b0:be:06:26:02:bb:82:f0:6f:15:e5:3a:f9:da:31:a4:81:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  8 00:42:53 2025 GMT
            Not After : Nov 12 23:59:59 2025 GMT
        Subject: serialNumber=6838acd2d1e372f1f04564c8b731b7417a32a01d3e03db5b2342a1969b50b753, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:78:c1:02:23:20:ba:cc:f0:36:da:00:d5:4d:
                    a1:c0:92:a6:72:49:b5:c9:99:f7:92:a4:a8:9c:bb:
                    23:b7:c7:ab:39:2b:c4:0e:cf:ca:73:d6:60:87:90:
                    1a:50:0d:0b:61:bf:00:b8:5f:af:12:ae:10:e2:0f:
                    7d:14:7e:90:0c:b2:aa:7e:99:53:46:0d:d1:96:18:
                    1e:07:a9:2e:c2:98:9c:60:eb:a2:90:63:c2:c7:34:
                    0d:5c:b5:c3:11:45:bf:1d:56:fa:9a:e9:a7:50:1e:
                    14:23:4c:99:35:53:b2:32:f3:a3:9a:19:f0:60:6c:
                    10:e7:2f:c8:ff:fc:9b:48:3b:52:07:93:62:c5:2a:
                    bf:22:d2:fc:02:94:82:a9:b2:4f:75:6d:55:85:fd:
                    45:47:b6:c1:1f:4a:2c:43:bc:61:a4:49:b1:59:6d:
                    2d:44:1d:89:02:76:4a:53:c8:90:ce:25:66:ec:f7:
                    f6:25:5d:42:27:b9:98:2b:9c:61:2e:33:eb:97:9b:
                    31:60:f7:38:dc:e0:77:91:34:35:05:36:81:c8:45:
                    52:b6:c5:3e:7a:97:6a:b8:93:f2:77:2c:f3:a0:d6:
                    f8:99:59:56:6f:7b:05:45:76:47:9e:8e:1d:3f:f0:
                    d3:e2:3c:72:e9:5e:76:5e:0b:ca:b4:c9:c2:1d:f4:
                    f5:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:78:8F:22:38:D9:F8:82:24:29:A7:EA:0A:51:7D:ED:EE:20:0F:23
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9d63cd7b-5f9f-40bd-a7d4-e2a1d5ca5822.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.128.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3c:4e:4a:b7:48:76:a2:4f:06:1e:13:39:48:ef:4b:97:ff:c1:
         ea:3e:ca:60:fd:77:4b:6d:33:23:00:12:4e:5e:2d:7c:9c:85:
         65:41:81:5f:e5:da:c7:52:c2:b1:ed:93:05:06:f3:e6:13:2e:
         ec:65:77:60:5b:ed:66:07:51:15:88:cf:66:9e:61:14:63:b7:
         3f:2d:1f:6e:ca:18:b5:82:40:8c:2d:0a:a1:64:46:45:27:c8:
         6e:0e:54:db:2b:f7:64:ef:34:be:ab:97:36:49:6c:3e:d7:f6:
         95:64:dd:e1:34:72:83:aa:11:df:5e:da:a0:d3:5a:fc:96:32:
         0d:a1:28:d5:aa:55:46:a2:89:bd:2f:f3:65:7a:7e:14:55:8a:
         8e:5f:6f:ca:23:b5:d8:f3:96:1d:c3:c9:9c:cb:d1:f4:2e:28:
         1b:1b:6d:3d:75:1c:f5:1d:e5:79:ce:01:75:0b:09:53:a5:3b:
         9d:45:f3:d6:71:62:75:ac:e3:1a:8f:14:96:3e:c8:2d:f0:75:
         26:79:50:2b:6c:bd:45:9d:d9:3b:c3:7f:c9:4a:cb:a2:76:5d:
         20:88:9f:27:78:05:61:d0:44:52:0e:07:d2:a3:c2:d5:9a:13:
         15:8e:7c:3f:ca:00:a1:f0:9e:e6:f1:75:f1:66:41:e2:4b:ff:
         65:39:94:f4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWAewvgYmAruC8G8V5Tr52jGkge8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA4MDA0MjUzWhcNMjUxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2ODM4YWNkMmQxZTM3MmYxZjA0NTY0YzhiNzMxYjc0MTdh
MzJhMDFkM2UwM2RiNWIyMzQyYTE5NjliNTBiNzUzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYeMECIyC6zPA22gDVTaHAkqZySbXJmfeSpKicuyO3x6s5
K8QOz8pz1mCHkBpQDQthvwC4X68SrhDiD30UfpAMsqp+mVNGDdGWGB4HqS7CmJxg
66KQY8LHNA1ctcMRRb8dVvqa6adQHhQjTJk1U7Iy86OaGfBgbBDnL8j//JtIO1IH
k2LFKr8i0vwClIKpsk91bVWF/UVHtsEfSixDvGGkSbFZbS1EHYkCdkpTyJDOJWbs
9/YlXUInuZgrnGEuM+uXmzFg9zjc4HeRNDUFNoHIRVK2xT56l2q4k/J3LPOg1viZ
WVZvewVFdkeejh0/8NPiPHLpXnZeC8q0ycId9PX7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQXiPIjjZ+IIkKafqClF97e4gDyMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlkNjNjZDdiLTVmOWYtNDBiZC1hN2Q0LWUyYTFkNWNhNTgyMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjl4AwDQYJKoZIhvcNAQELBQADggEBADxOSrdIdqJPBh4TOUjvS5f/weo+
ymD9d0ttMyMAEk5eLXychWVBgV/l2sdSwrHtkwUG8+YTLuxld2Bb7WYHURWIz2ae
YRRjtz8tH27KGLWCQIwtCqFkRkUnyG4OVNsr92TvNL6rlzZJbD7X9pVk3eE0coOq
Ed9e2qDTWvyWMg2hKNWqVUaiib0v82V6fhRVio5fb8ojtdjzlh3DyZzL0fQuKBsb
bT11HPUd5XnOAXULCVOlO51F89ZxYnWs4xqPFJY+yC3wdSZ5UCtsvUWd2TvDf8lK
y6J2XSCInyd4BWHQRFIOB9KjwtWaExWOfD/KAKHwnubxdfFmQeJL/2U5lPQ=
-----END CERTIFICATE-----