Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9f7726d8-ccb6-4f34-b961-8b864e5561aa.roa
File:                     9f7726d8-ccb6-4f34-b961-8b864e5561aa.roa (raw, json)
Hash identifier:          tmn6hQb8k6TRdyQ2iEYwjdBbQHmclyxwR4pXCwthBsc=
Subject key identifier:   15:A7:C2:95:D1:AE:B8:27:30:93:C9:F8:82:FE:0B:D7:33:A9:26:65
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       714137469B6BF82040C4CABDB932410F98B8516F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9f7726d8-ccb6-4f34-b961-8b864e5561aa.roa
Signing time:             Wed 08 Oct 2025 00:41:40 +0000
ROA not before:           Wed 08 Oct 2025 00:41:40 +0000
ROA not after:            Wed 12 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.144.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:41:37:46:9b:6b:f8:20:40:c4:ca:bd:b9:32:41:0f:98:b8:51:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  8 00:41:40 2025 GMT
            Not After : Nov 12 23:59:59 2025 GMT
        Subject: serialNumber=c7b2ab926584f3495ea3eb7e040638508103d92018bd375f105513b1b5737141, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d0:8d:09:74:aa:c2:03:f3:45:52:f9:51:49:
                    45:cf:87:c7:a1:f9:e1:0e:2c:7f:cd:95:d6:38:0c:
                    fd:28:ac:9e:da:21:53:4e:a2:ff:7c:89:8d:cc:3f:
                    e6:1c:28:50:47:e1:27:12:d1:b9:aa:51:6d:7a:f9:
                    24:70:de:06:e0:05:c2:90:f6:16:df:2c:5e:59:f2:
                    62:a2:9d:e2:0d:53:3e:f6:1e:55:53:36:6e:38:4e:
                    24:18:29:ab:49:9b:d6:6e:32:f0:ff:ca:ff:77:81:
                    5e:94:a9:0b:d1:5a:46:dc:c1:ab:f5:9f:55:e9:2c:
                    c0:d8:23:b8:d8:ab:9a:6c:6a:2b:b5:8d:fd:f0:07:
                    e9:37:96:a6:24:e2:80:55:98:e3:99:d8:cb:2c:e2:
                    5b:35:01:32:fb:26:40:d2:76:a9:e7:df:95:25:eb:
                    d2:57:3f:d0:a7:6b:d8:54:db:2d:fe:2e:99:ec:da:
                    fc:8b:ab:4b:db:cc:37:34:e8:03:85:69:20:82:c8:
                    fa:2c:de:66:ca:b5:3d:8f:37:41:5e:2d:a0:11:e0:
                    37:07:c0:68:7b:1b:39:3f:c0:c5:13:91:53:a1:2e:
                    f6:59:ec:d8:4f:66:71:c2:66:1f:5d:66:80:59:95:
                    55:1a:c9:f4:b4:a7:20:7f:df:22:80:d9:d8:0f:2c:
                    6e:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:A7:C2:95:D1:AE:B8:27:30:93:C9:F8:82:FE:0B:D7:33:A9:26:65
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9f7726d8-ccb6-4f34-b961-8b864e5561aa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.144.0/23

    Signature Algorithm: sha256WithRSAEncryption
         91:05:6c:1f:32:46:b0:5a:f2:0a:57:14:82:11:a1:e5:c6:8b:
         6f:c5:ba:9f:29:88:21:0c:5b:25:19:df:ec:ff:03:98:14:f8:
         3d:97:5c:c8:bb:62:55:f5:c3:17:e2:7b:cc:60:67:6f:6c:62:
         3d:c1:84:52:c8:2f:0e:56:39:01:7b:86:41:6d:fd:ec:81:5d:
         4f:ba:d5:be:52:c9:3c:84:c0:22:32:1b:1f:e4:55:3b:cf:f4:
         85:46:87:5f:db:62:06:e6:40:ea:e4:40:f1:11:bd:f1:ac:4d:
         ff:1c:b2:01:d7:c5:62:8f:0c:d0:d4:d0:7b:14:6f:9c:c2:25:
         df:a1:ae:0a:4c:3e:c1:69:ca:7b:f8:3b:bb:ae:8a:29:6f:08:
         84:d2:4d:5b:82:8e:28:81:a5:d2:01:da:7c:b0:43:75:fb:33:
         a8:67:6c:97:2c:59:de:d6:e3:08:95:38:47:55:cf:8a:52:96:
         06:78:d8:e3:f8:36:cb:11:f0:b2:bb:32:44:13:ae:25:cf:0e:
         4d:5e:91:fa:07:62:dc:03:15:b2:d7:1c:96:d7:2e:66:9c:a8:
         c7:cd:4b:66:19:cb:0b:b3:75:6d:d8:70:03:92:72:09:0a:55:
         cf:c8:3b:1f:ab:91:bb:1d:6b:24:d6:6a:67:4f:fd:8d:4a:9a:
         46:c1:51:a1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcUE3Rptr+CBAxMq9uTJBD5i4UW8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA4MDA0MTQwWhcNMjUxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BjN2IyYWI5MjY1ODRmMzQ5NWVhM2ViN2UwNDA2Mzg1MDgx
MDNkOTIwMThiZDM3NWYxMDU1MTNiMWI1NzM3MTQxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC80I0JdKrCA/NFUvlRSUXPh8eh+eEOLH/NldY4DP0orJ7a
IVNOov98iY3MP+YcKFBH4ScS0bmqUW16+SRw3gbgBcKQ9hbfLF5Z8mKineINUz72
HlVTNm44TiQYKatJm9ZuMvD/yv93gV6UqQvRWkbcwav1n1XpLMDYI7jYq5psaiu1
jf3wB+k3lqYk4oBVmOOZ2Mss4ls1ATL7JkDSdqnn35Ul69JXP9Cna9hU2y3+Lpns
2vyLq0vbzDc06AOFaSCCyPos3mbKtT2PN0FeLaAR4DcHwGh7Gzk/wMUTkVOhLvZZ
7NhPZnHCZh9dZoBZlVUayfS0pyB/3yKA2dgPLG7rAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFafCldGuuCcwk8n4gv4L1zOpJmUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlmNzcyNmQ4LWNjYjYtNGYzNC1iOTYxLThiODY0ZTU1NjFhYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFjl5AwDQYJKoZIhvcNAQELBQADggEBAJEFbB8yRrBa8gpXFIIRoeXGi2/F
up8piCEMWyUZ3+z/A5gU+D2XXMi7YlX1wxfie8xgZ29sYj3BhFLILw5WOQF7hkFt
/eyBXU+61b5SyTyEwCIyGx/kVTvP9IVGh1/bYgbmQOrkQPERvfGsTf8csgHXxWKP
DNDU0HsUb5zCJd+hrgpMPsFpynv4O7uuiilvCITSTVuCjiiBpdIB2nywQ3X7M6hn
bJcsWd7W4wiVOEdVz4pSlgZ42OP4NssR8LK7MkQTriXPDk1ekfoHYtwDFbLXHJbX
LmacqMfNS2YZywuzdW3YcAOScgkKVc/IOx+rkbsdayTWamdP/Y1KmkbBUaE=
-----END CERTIFICATE-----