Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b8997655-16da-44c4-b39e-dcdc8d70704f.roa
File:                     b8997655-16da-44c4-b39e-dcdc8d70704f.roa (raw, json)
Hash identifier:          pYINksBCO62iWA+06ULW2MIsX4sTfIMnazM2sjO9MDU=
Subject key identifier:   9F:9C:69:A2:C0:1F:E0:29:3E:C6:05:13:31:65:DC:9B:60:86:9D:84
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       04F44DB2B474ED5AEEEC7B17304C25F8B28A592C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b8997655-16da-44c4-b39e-dcdc8d70704f.roa
Signing time:             Tue 07 Oct 2025 00:40:26 +0000
ROA not before:           Tue 07 Oct 2025 00:40:26 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        199.83.88.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:f4:4d:b2:b4:74:ed:5a:ee:ec:7b:17:30:4c:25:f8:b2:8a:59:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  7 00:40:26 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=4d63e6fe4488c7b4f2d6d088c99ac91ec76e015b7f915e9236f0c003565f4f1f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:76:f7:15:f5:c4:73:7d:09:05:d7:6e:c7:7f:
                    1f:64:57:ae:b0:ef:89:df:68:0a:ec:7e:16:ce:83:
                    06:e5:75:a1:14:ce:a5:7c:ae:ec:3e:18:be:a7:63:
                    66:62:f4:3d:a8:a1:5b:3e:77:a0:f9:3b:6b:f1:4d:
                    e5:44:9e:a1:77:f8:a1:1a:12:a3:0f:17:aa:8d:0b:
                    81:a0:d1:52:e8:35:d0:4b:34:ea:a0:ea:8a:2b:b7:
                    e7:f4:5c:5b:fe:ba:a4:bb:e9:d5:67:af:af:ed:80:
                    e8:55:1e:34:66:9c:52:74:59:e2:2a:d8:14:f3:b8:
                    a3:06:3e:b3:2f:33:ea:0f:62:08:4e:02:f3:53:fb:
                    93:73:e3:a9:6a:a3:77:f2:7c:a3:7d:f5:a8:f6:49:
                    68:0a:1d:2c:0c:56:bb:4e:5e:24:09:a2:d6:e9:18:
                    03:da:1b:7f:7c:3d:99:b6:39:22:b5:ca:2b:e9:b8:
                    22:ae:e4:c9:d8:2d:54:15:d4:51:d3:72:8f:db:1d:
                    d2:8e:2b:1c:08:84:73:02:a2:e5:49:35:57:03:70:
                    23:a6:12:e7:17:a1:95:6a:77:69:cf:9f:ea:a0:dd:
                    0c:bf:f8:72:77:ad:72:07:bd:45:b3:d6:ab:e4:73:
                    8f:35:d7:93:9a:b0:e0:b7:1c:91:a4:63:20:cf:83:
                    0d:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:9C:69:A2:C0:1F:E0:29:3E:C6:05:13:31:65:DC:9B:60:86:9D:84
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b8997655-16da-44c4-b39e-dcdc8d70704f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.83.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         73:a2:3c:83:fd:91:1f:51:c7:a6:35:00:cd:3c:0a:45:21:be:
         62:5b:31:97:36:9b:4f:b1:d8:d8:63:51:a0:9a:16:ac:b0:2f:
         54:1d:8d:ca:98:68:1b:ae:6e:e7:39:9c:e5:11:bd:81:8d:a1:
         e1:42:32:2f:fe:4d:69:24:be:73:6d:5a:5b:ad:92:c1:8d:09:
         32:7e:76:ee:dc:6e:cf:21:07:b3:7f:a5:f3:8b:eb:c3:63:f5:
         a2:85:54:34:77:95:6d:c4:a5:04:44:96:4f:00:45:79:04:b0:
         13:a0:1f:ad:06:e8:80:e0:f5:0f:41:93:e5:f8:3c:cd:ee:2a:
         0f:63:00:e0:b2:b6:9b:38:91:50:18:25:8c:5a:8b:67:a3:13:
         60:28:f0:f0:ca:b3:33:de:96:62:27:3a:3c:83:bc:9f:ed:16:
         a1:23:aa:aa:53:cb:bf:38:77:a4:d7:d4:8f:d2:e4:c9:fd:12:
         93:9b:40:bd:d1:92:cc:5f:73:4a:4e:8f:d3:0c:35:3d:f9:89:
         03:3f:65:d5:5c:a7:b6:4d:ea:61:37:fc:cb:7a:eb:1f:f3:c5:
         82:9e:d2:ea:b7:2b:f7:e5:69:3b:c9:97:69:6e:9d:25:f1:f4:
         da:33:95:2e:52:14:9e:4f:f2:ab:d6:d5:e1:10:d9:a7:a4:df:
         2e:1f:9a:2a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBPRNsrR07Vru7HsXMEwl+LKKWSwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA3MDA0MDI2WhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZDYzZTZmZTQ0ODhjN2I0ZjJkNmQwODhjOTlhYzkxZWM3
NmUwMTViN2Y5MTVlOTIzNmYwYzAwMzU2NWY0ZjFmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLdvcV9cRzfQkF127Hfx9kV66w74nfaArsfhbOgwbldaEU
zqV8ruw+GL6nY2Zi9D2ooVs+d6D5O2vxTeVEnqF3+KEaEqMPF6qNC4Gg0VLoNdBL
NOqg6oort+f0XFv+uqS76dVnr6/tgOhVHjRmnFJ0WeIq2BTzuKMGPrMvM+oPYghO
AvNT+5Nz46lqo3fyfKN99aj2SWgKHSwMVrtOXiQJotbpGAPaG398PZm2OSK1yivp
uCKu5MnYLVQV1FHTco/bHdKOKxwIhHMCouVJNVcDcCOmEucXoZVqd2nPn+qg3Qy/
+HJ3rXIHvUWz1qvkc48115OasOC3HJGkYyDPgw3FAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUn5xposAf4Ck+xgUTMWXcm2CGnYQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I4OTk3NjU1LTE2ZGEtNDRjNC1iMzllLWRjZGM4ZDcwNzA0Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPHU1gwDQYJKoZIhvcNAQELBQADggEBAHOiPIP9kR9Rx6Y1AM08CkUhvmJb
MZc2m0+x2NhjUaCaFqywL1QdjcqYaBuubuc5nOURvYGNoeFCMi/+TWkkvnNtWlut
ksGNCTJ+du7cbs8hB7N/pfOL68Nj9aKFVDR3lW3EpQRElk8ARXkEsBOgH60G6IDg
9Q9Bk+X4PM3uKg9jAOCytps4kVAYJYxai2ejE2Ao8PDKszPelmInOjyDvJ/tFqEj
qqpTy784d6TX1I/S5Mn9EpObQL3Rksxfc0pOj9MMNT35iQM/ZdVcp7ZN6mE3/Mt6
6x/zxYKe0uq3K/flaTvJl2lunSXx9NozlS5SFJ5P8qvW1eEQ2aek3y4fmio=
-----END CERTIFICATE-----