Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bc305d81-a368-44b5-bb11-e53a91ab7e5e.roa
File:                     bc305d81-a368-44b5-bb11-e53a91ab7e5e.roa (raw, json)
Hash identifier:          drgpcNbBemAIISeR3uKcBlVOoPkQtFGgisO5mm6EFnQ=
Subject key identifier:   07:D4:B3:74:7B:5F:C7:6E:D8:8D:3A:03:03:60:09:EF:64:5E:27:F8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1DAABB2C2974307DB5253B2FD8EA35385880F386
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bc305d81-a368-44b5-bb11-e53a91ab7e5e.roa
Signing time:             Wed 08 Oct 2025 00:41:36 +0000
ROA not before:           Wed 08 Oct 2025 00:41:36 +0000
ROA not after:            Wed 12 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.128.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:aa:bb:2c:29:74:30:7d:b5:25:3b:2f:d8:ea:35:38:58:80:f3:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  8 00:41:36 2025 GMT
            Not After : Nov 12 23:59:59 2025 GMT
        Subject: serialNumber=61b7a0b1fd20089818dc3618651caf594c736713578306a299725ef7b2f5e8ca, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:3a:4d:c1:f5:7e:f2:2d:5e:f6:d5:63:4e:c8:
                    f8:59:c1:3e:6f:72:93:53:db:b2:2c:bd:7b:f4:81:
                    d6:fd:65:3c:71:45:51:d7:b9:af:ba:67:03:59:cc:
                    74:67:54:ae:c9:f0:0f:ba:95:11:31:e3:fd:16:1c:
                    8f:77:16:00:db:15:84:45:f1:c1:3e:12:7a:e2:f6:
                    c8:5f:80:ad:04:52:00:fb:82:0a:37:ed:04:da:1b:
                    81:02:b3:1f:23:1f:a3:88:2e:a3:e5:66:d1:d9:ba:
                    73:77:6f:53:b2:6d:c1:b5:eb:e2:97:32:22:8a:c4:
                    18:88:3e:b5:a0:59:48:2f:7f:6e:c5:87:c7:4b:ae:
                    6d:a4:ec:1f:a3:30:ee:72:04:f6:b1:25:b5:41:0b:
                    8a:2e:1c:d4:91:ca:00:cc:02:c9:89:e1:9b:73:76:
                    78:c4:3d:67:07:8c:f3:24:6b:5b:75:32:ff:83:d2:
                    77:01:36:fb:a7:07:b0:e5:d3:52:d9:07:b5:1e:1f:
                    c5:58:27:30:73:85:72:05:cc:c8:28:d4:a9:46:49:
                    f7:27:c0:27:22:ab:de:32:33:c9:5d:6b:27:e0:10:
                    f3:ab:f1:7f:c9:01:37:a5:66:13:85:dc:81:f5:3c:
                    9e:79:12:fe:17:a4:f9:bb:ed:50:88:70:61:20:3d:
                    49:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:D4:B3:74:7B:5F:C7:6E:D8:8D:3A:03:03:60:09:EF:64:5E:27:F8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bc305d81-a368-44b5-bb11-e53a91ab7e5e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:36:fc:35:dd:c1:f0:31:b3:1f:5f:c8:90:f5:76:35:1c:74:
         dd:95:f6:6a:3b:25:ed:f0:11:26:5f:4f:42:a9:da:52:73:f1:
         a8:f2:ff:0f:13:76:27:dd:ee:33:ea:ab:d2:2d:ac:90:aa:e3:
         e7:bb:5c:8f:3a:42:c2:61:31:7e:0d:4d:2e:2d:99:b6:83:bf:
         56:2d:7d:6d:49:d4:c6:52:46:ad:a2:9c:64:44:82:e6:b1:8e:
         d0:7e:e2:d0:d7:15:6e:e7:b7:f0:53:0e:4c:3d:79:58:a2:c0:
         2d:c5:84:20:88:bf:bb:f1:c8:55:4d:68:d3:8f:0c:13:87:c9:
         f1:f3:98:39:60:6f:4b:b8:28:3b:9d:7d:5c:91:d3:d0:0e:41:
         07:54:fa:43:11:43:33:1e:57:2d:ef:61:93:86:87:14:d7:68:
         7a:05:cd:4c:58:de:31:5b:e6:c3:ad:ad:42:da:a8:57:4b:5a:
         0a:5e:35:4e:a7:0a:d4:06:a0:76:02:4f:0d:2a:5b:58:52:78:
         a0:1a:72:81:0f:a2:e8:da:8d:74:38:6e:15:12:e9:8c:2c:15:
         16:54:99:ab:a7:3e:a3:b4:05:49:90:9e:dc:96:20:c2:5d:c3:
         7a:91:76:4a:e7:73:ce:4f:ec:ba:87:2f:98:5d:68:b7:8d:a6:
         a7:bf:9c:29
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHaq7LCl0MH21JTsv2Oo1OFiA84YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA4MDA0MTM2WhcNMjUxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MWI3YTBiMWZkMjAwODk4MThkYzM2MTg2NTFjYWY1OTRj
NzM2NzEzNTc4MzA2YTI5OTcyNWVmN2IyZjVlOGNhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChOk3B9X7yLV721WNOyPhZwT5vcpNT27IsvXv0gdb9ZTxx
RVHXua+6ZwNZzHRnVK7J8A+6lREx4/0WHI93FgDbFYRF8cE+Enri9shfgK0EUgD7
ggo37QTaG4ECsx8jH6OILqPlZtHZunN3b1OybcG16+KXMiKKxBiIPrWgWUgvf27F
h8dLrm2k7B+jMO5yBPaxJbVBC4ouHNSRygDMAsmJ4ZtzdnjEPWcHjPMka1t1Mv+D
0ncBNvunB7Dl01LZB7UeH8VYJzBzhXIFzMgo1KlGSfcnwCciq94yM8ldayfgEPOr
8X/JATelZhOF3IH1PJ55Ev4XpPm77VCIcGEgPUl1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUB9SzdHtfx27YjToDA2AJ72ReJ/gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JjMzA1ZDgxLWEzNjgtNDRiNS1iYjExLWU1M2E5MWFiN2U1ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFjl4AwDQYJKoZIhvcNAQELBQADggEBAEE2/DXdwfAxsx9fyJD1djUcdN2V
9mo7Je3wESZfT0Kp2lJz8ajy/w8Tdifd7jPqq9ItrJCq4+e7XI86QsJhMX4NTS4t
mbaDv1YtfW1J1MZSRq2inGREguaxjtB+4tDXFW7nt/BTDkw9eViiwC3FhCCIv7vx
yFVNaNOPDBOHyfHzmDlgb0u4KDudfVyR09AOQQdU+kMRQzMeVy3vYZOGhxTXaHoF
zUxY3jFb5sOtrULaqFdLWgpeNU6nCtQGoHYCTw0qW1hSeKAacoEPoujajXQ4bhUS
6YwsFRZUmaunPqO0BUmQntyWIMJdw3qRdkrnc85P7LqHL5hdaLeNpqe/nCk=
-----END CERTIFICATE-----