Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b7c71012-d960-4636-a360-21f96c37df21.roa
File:                     b7c71012-d960-4636-a360-21f96c37df21.roa (raw, json)
Hash identifier:          +T+0Ds1R7jMC2mwCla6QMEA+5IWDF7TtPccGl1Mu+P4=
Subject key identifier:   01:A9:81:27:40:AA:07:5C:E3:1E:73:98:BF:66:F5:DB:66:E0:66:C1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       19D0B9576174AA95BF47B9CA00607096F45EE1DB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b7c71012-d960-4636-a360-21f96c37df21.roa
Signing time:             Wed 15 Oct 2025 16:52:04 +0000
ROA not before:           Wed 15 Oct 2025 16:52:04 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.86.44.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:d0:b9:57:61:74:aa:95:bf:47:b9:ca:00:60:70:96:f4:5e:e1:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 15 16:52:04 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=741d59671e556777e62f828fa13b317468b21a5a7b2ac4f9568abe74d1d438d0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:19:bd:cb:e6:ac:14:3a:4b:ef:4d:6e:36:38:
                    63:fa:c9:4f:32:63:89:ca:32:b0:76:a2:26:7a:3d:
                    bd:ed:af:8a:f3:b7:01:98:97:ff:fe:d3:ce:c6:ee:
                    79:a7:0d:8e:55:26:93:75:36:9a:96:83:3d:a3:78:
                    37:3a:20:7b:fb:53:26:16:3d:15:7d:47:90:0f:3f:
                    21:1c:45:1c:09:3f:d8:45:67:12:01:9c:1c:61:de:
                    4a:68:86:45:79:4a:ec:6d:bb:69:77:75:40:8f:17:
                    a6:e2:92:c9:fe:a8:97:95:95:2c:b1:41:99:96:d4:
                    6d:70:37:76:d2:88:d7:24:f9:f7:1b:0a:a0:ff:a9:
                    0d:62:20:63:55:c3:33:f6:87:01:a9:1f:04:51:b1:
                    2f:38:6c:e1:4e:81:dd:96:0e:07:bd:26:de:91:b8:
                    c6:e1:61:b1:bd:82:4b:d8:7a:55:92:29:db:06:c5:
                    cd:4f:50:60:f5:5d:d7:85:29:2a:9b:3d:5c:41:93:
                    45:b8:cb:0e:d9:38:2e:9e:d0:41:7f:0a:77:35:3f:
                    19:1e:6e:2a:54:46:ad:74:02:22:b5:fa:94:38:e9:
                    cf:96:c4:1e:03:0b:74:de:52:9a:56:71:49:17:6b:
                    b7:eb:ce:14:d5:3e:e5:b0:78:7e:9b:e4:c4:97:16:
                    1e:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:A9:81:27:40:AA:07:5C:E3:1E:73:98:BF:66:F5:DB:66:E0:66:C1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b7c71012-d960-4636-a360-21f96c37df21.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.86.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:45:c7:81:ed:0a:61:b2:b4:b3:c4:0f:35:d4:db:56:42:1e:
         2e:19:8f:f9:05:6f:1b:a7:a0:2a:23:55:eb:7a:20:00:0d:59:
         a4:30:c9:1c:fb:79:ed:45:4b:13:bd:f4:68:93:3b:04:d2:b1:
         20:d2:84:92:13:63:25:e2:aa:d8:4b:fe:59:66:28:5e:df:a5:
         e7:3d:aa:12:86:5d:0e:8d:f9:71:f2:69:a7:d1:03:2a:9d:56:
         f8:0b:ad:61:4c:3e:4a:d8:58:c0:26:15:cf:29:52:d0:31:17:
         55:87:91:76:46:c8:f7:d3:a5:38:41:5b:36:5d:da:b1:8c:9d:
         ae:e5:89:18:4d:6e:83:08:6b:c9:d4:1d:87:ee:87:f6:36:6f:
         89:7f:ed:56:39:0f:38:f3:2c:3c:13:61:b4:b8:a2:bc:6e:4f:
         4e:22:8c:7a:54:7f:d7:eb:0e:60:71:2f:04:7c:95:7c:10:3c:
         36:54:eb:dd:44:6b:0a:ae:23:e5:5e:b5:13:46:20:b9:a4:74:
         ef:89:25:89:31:e5:70:86:ed:e8:97:54:8f:89:a4:6a:85:35:
         87:8b:f4:41:b7:6d:de:82:22:d8:4d:e4:84:3b:3e:72:c5:c6:
         47:10:7a:4e:b6:f6:1d:f2:7e:f8:03:2e:fe:ab:72:74:f3:50:
         a0:23:ac:95
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGdC5V2F0qpW/R7nKAGBwlvRe4dswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE1MTY1MjA0WhcNMjUxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NDFkNTk2NzFlNTU2Nzc3ZTYyZjgyOGZhMTNiMzE3NDY4
YjIxYTVhN2IyYWM0Zjk1NjhhYmU3NGQxZDQzOGQwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVGb3L5qwUOkvvTW42OGP6yU8yY4nKMrB2oiZ6Pb3tr4rz
twGYl//+087G7nmnDY5VJpN1NpqWgz2jeDc6IHv7UyYWPRV9R5APPyEcRRwJP9hF
ZxIBnBxh3kpohkV5Suxtu2l3dUCPF6biksn+qJeVlSyxQZmW1G1wN3bSiNck+fcb
CqD/qQ1iIGNVwzP2hwGpHwRRsS84bOFOgd2WDge9Jt6RuMbhYbG9gkvYelWSKdsG
xc1PUGD1XdeFKSqbPVxBk0W4yw7ZOC6e0EF/Cnc1PxkebipURq10AiK1+pQ46c+W
xB4DC3TeUppWcUkXa7frzhTVPuWweH6b5MSXFh55AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAamBJ0CqB1zjHnOYv2b122bgZsEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I3YzcxMDEyLWQ5NjAtNDYzNi1hMzYwLTIxZjk2YzM3ZGYyMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJjViwwDQYJKoZIhvcNAQELBQADggEBADpFx4HtCmGytLPEDzXU21ZCHi4Z
j/kFbxunoCojVet6IAANWaQwyRz7ee1FSxO99GiTOwTSsSDShJITYyXiqthL/llm
KF7fpec9qhKGXQ6N+XHyaafRAyqdVvgLrWFMPkrYWMAmFc8pUtAxF1WHkXZGyPfT
pThBWzZd2rGMna7liRhNboMIa8nUHYfuh/Y2b4l/7VY5DzjzLDwTYbS4orxuT04i
jHpUf9frDmBxLwR8lXwQPDZU691EawquI+VetRNGILmkdO+JJYkx5XCG7eiXVI+J
pGqFNYeL9EG3bd6CIthN5IQ7PnLFxkcQek629h3yfvgDLv6rcnTzUKAjrJU=
-----END CERTIFICATE-----