Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7b7179f-6a8b-4412-abd7-2b97144eb1bb.roa
File:                     a7b7179f-6a8b-4412-abd7-2b97144eb1bb.roa (raw, json)
Hash identifier:          q2gtCh/zJrivTvCX3Tlah0UZm+tQtmiPyipFHC2C3GM=
Subject key identifier:   82:50:F0:AE:38:30:C6:A8:17:40:FC:1E:D0:35:DA:4E:DD:64:F1:58
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1A265C8FF77CA32C83ACF421E8FA5A7FF08F481C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7b7179f-6a8b-4412-abd7-2b97144eb1bb.roa
Signing time:             Wed 08 Oct 2025 00:42:55 +0000
ROA not before:           Wed 08 Oct 2025 00:42:55 +0000
ROA not after:            Wed 12 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.144.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:26:5c:8f:f7:7c:a3:2c:83:ac:f4:21:e8:fa:5a:7f:f0:8f:48:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  8 00:42:55 2025 GMT
            Not After : Nov 12 23:59:59 2025 GMT
        Subject: serialNumber=c07122bf39fe9fd693c2c6f48f6639506ebd3aeee9eace620cad6e52b5e590b4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d7:b8:2c:bc:c9:cf:43:82:d0:ee:80:45:80:
                    94:ae:6c:ef:24:09:6f:4f:39:a7:88:79:4a:b4:37:
                    34:b6:26:cf:2f:fe:c8:09:78:d6:5a:0e:bd:a9:a0:
                    a3:4b:3d:21:52:bd:86:70:57:2d:e6:2e:c1:f6:84:
                    8c:c4:99:ec:fe:53:14:42:f3:62:8a:7e:8b:5e:a1:
                    b6:d5:51:17:98:df:7c:5d:f6:c4:aa:51:51:2a:12:
                    29:8d:ac:40:b2:c1:f8:89:8f:2b:68:16:cf:8b:1c:
                    54:c0:71:27:10:b9:5a:0f:a8:82:20:9b:a8:45:38:
                    5d:a1:fc:98:1d:6f:fb:5a:96:64:4e:4e:c6:4d:c6:
                    ae:93:13:32:f1:3a:69:86:8d:8b:19:23:17:96:26:
                    ae:84:ca:8f:9c:f6:47:7e:fa:46:cc:8b:76:6c:ff:
                    10:cb:5f:b1:b2:48:dc:d6:23:b8:df:ba:1c:95:d8:
                    37:93:a6:c1:67:dc:77:e6:73:b2:d8:b5:13:18:05:
                    24:e2:36:1f:e9:95:5f:3f:6c:d4:57:b5:5d:a7:27:
                    f2:1f:46:72:08:38:92:f7:96:1d:af:c2:14:82:4f:
                    11:e8:02:97:4a:04:10:45:88:ef:e3:7d:15:a0:f1:
                    fa:69:bc:f9:96:cb:f2:f1:5c:60:c8:1c:39:47:a7:
                    63:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:50:F0:AE:38:30:C6:A8:17:40:FC:1E:D0:35:DA:4E:DD:64:F1:58
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7b7179f-6a8b-4412-abd7-2b97144eb1bb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b3:fe:fe:30:0b:b9:a7:76:96:6e:84:7e:43:35:f1:21:ff:95:
         50:87:cb:85:0d:a6:6b:2b:2a:53:d6:0c:c2:ce:6c:f6:91:e9:
         5f:f7:04:7c:ce:ae:8d:8e:de:16:19:2d:9b:a0:69:6e:0e:90:
         66:c7:2b:f6:57:62:e5:0e:07:d1:2d:e4:6f:78:4a:78:6a:cc:
         be:0d:95:28:51:a5:18:2b:75:e5:69:c4:0d:6b:f4:41:54:42:
         b8:f8:cd:9b:52:05:1d:b7:86:ce:d7:23:cf:66:5c:8d:0b:7d:
         9b:7b:3e:8e:8f:cb:79:4d:71:c5:cb:d9:82:f2:b0:2f:8e:12:
         71:f4:2c:58:97:58:d4:be:12:86:9a:28:d8:94:6d:65:a8:d0:
         2e:f5:45:8e:b0:3e:c2:14:a8:3e:c6:9b:be:5c:f3:ba:06:e6:
         c6:9f:4c:50:5b:ef:60:3e:89:20:ca:59:c8:e8:bc:43:50:3b:
         fd:cf:e0:c2:33:99:47:59:05:e5:5a:4e:55:43:b4:be:ad:35:
         92:af:92:6e:7b:72:10:4d:13:37:ca:3b:ce:25:56:69:61:d7:
         80:c5:17:22:2a:dd:38:c2:12:2f:a8:0c:54:e4:da:51:8a:0d:
         f3:da:81:22:54:6d:58:6f:06:c3:9f:9c:6e:fc:18:ce:8c:9b:
         a7:de:f7:46
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGiZcj/d8oyyDrPQh6Ppaf/CPSBwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA4MDA0MjU1WhcNMjUxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BjMDcxMjJiZjM5ZmU5ZmQ2OTNjMmM2ZjQ4ZjY2Mzk1MDZl
YmQzYWVlZTllYWNlNjIwY2FkNmU1MmI1ZTU5MGI0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDb17gsvMnPQ4LQ7oBFgJSubO8kCW9POaeIeUq0NzS2Js8v
/sgJeNZaDr2poKNLPSFSvYZwVy3mLsH2hIzEmez+UxRC82KKfoteobbVUReY33xd
9sSqUVEqEimNrECywfiJjytoFs+LHFTAcScQuVoPqIIgm6hFOF2h/Jgdb/talmRO
TsZNxq6TEzLxOmmGjYsZIxeWJq6Eyo+c9kd++kbMi3Zs/xDLX7GySNzWI7jfuhyV
2DeTpsFn3Hfmc7LYtRMYBSTiNh/plV8/bNRXtV2nJ/IfRnIIOJL3lh2vwhSCTxHo
ApdKBBBFiO/jfRWg8fppvPmWy/LxXGDIHDlHp2PDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUglDwrjgwxqgXQPwe0DXaTt1k8VgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E3YjcxNzlmLTZhOGItNDQxMi1hYmQ3LTJiOTcxNDRlYjFiYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjl5AwDQYJKoZIhvcNAQELBQADggEBALP+/jALuad2lm6EfkM18SH/lVCH
y4UNpmsrKlPWDMLObPaR6V/3BHzOro2O3hYZLZugaW4OkGbHK/ZXYuUOB9Et5G94
SnhqzL4NlShRpRgrdeVpxA1r9EFUQrj4zZtSBR23hs7XI89mXI0LfZt7Po6Py3lN
ccXL2YLysC+OEnH0LFiXWNS+EoaaKNiUbWWo0C71RY6wPsIUqD7Gm75c87oG5saf
TFBb72A+iSDKWcjovENQO/3P4MIzmUdZBeVaTlVDtL6tNZKvkm57chBNEzfKO84l
Vmlh14DFFyIq3TjCEi+oDFTk2lGKDfPagSJUbVhvBsOfnG78GM6Mm6fe90Y=
-----END CERTIFICATE-----