Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c59f8dc7-041e-43d0-86e8-47f290f42602.roa
File:                     c59f8dc7-041e-43d0-86e8-47f290f42602.roa (raw, json)
Hash identifier:          co3Pg6v+YlM95rcRuQTEkMz7uSdGdr9FBTA65FHgZac=
Subject key identifier:   64:57:72:11:E2:F4:1F:76:8D:E3:62:2F:C7:E6:5B:5F:23:73:9C:05
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       57A2858884828C4B0340ED2E644509C4A92C071D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c59f8dc7-041e-43d0-86e8-47f290f42602.roa
Signing time:             Fri 03 Oct 2025 00:51:17 +0000
ROA not before:           Fri 03 Oct 2025 00:51:17 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.82.0.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:a2:85:88:84:82:8c:4b:03:40:ed:2e:64:45:09:c4:a9:2c:07:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:51:17 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=97c09b0370c393a21cf6b4cde5945d559f3b338544c0e498a35ca3bbdae63ab0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:09:3f:39:f0:a3:a4:ce:17:71:43:89:2c:85:
                    13:fc:78:df:f0:f7:f4:da:a1:9e:5a:c9:2c:d4:fa:
                    50:d6:71:b6:91:bb:64:1c:e6:5b:ae:63:95:f2:32:
                    be:7a:6e:7c:7c:99:f6:35:9a:31:e2:c8:ee:bc:fb:
                    8a:4f:c3:3e:f8:59:dd:36:57:9b:dd:e8:e0:cc:b5:
                    80:be:96:60:54:75:b2:fe:2f:03:75:3d:5a:3a:18:
                    32:61:ea:88:19:66:0a:c0:b4:a1:dd:53:45:de:14:
                    8c:d2:4e:e8:20:74:a0:1b:86:c6:3f:26:90:bb:07:
                    9e:f4:27:83:3d:67:56:1b:1a:87:b8:14:31:4d:99:
                    c9:3b:1a:29:4d:79:17:71:af:5e:c9:79:44:20:93:
                    3d:47:3a:4f:a2:8b:85:77:83:62:a3:f6:69:d5:b2:
                    32:7d:c5:e8:e2:ee:22:45:d5:fa:33:e4:ff:8a:44:
                    9a:04:a9:f8:c5:97:8f:c2:2c:7d:3c:0c:bb:f9:4a:
                    a9:61:44:e6:2f:64:da:9e:76:32:28:5b:6c:f2:df:
                    f4:20:72:b5:37:85:f6:e6:5e:5c:f0:69:92:38:01:
                    84:2f:95:78:99:69:6a:07:66:8e:e7:6d:80:11:5c:
                    5f:a2:20:fd:11:0c:a2:cf:ba:9c:c7:23:e7:d3:bf:
                    b0:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:57:72:11:E2:F4:1F:76:8D:E3:62:2F:C7:E6:5B:5F:23:73:9C:05
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c59f8dc7-041e-43d0-86e8-47f290f42602.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.82.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         7c:36:88:34:53:7e:6f:e7:77:50:60:1a:09:1f:d2:f9:86:45:
         9d:ed:57:bc:d3:08:3e:37:62:f4:e9:26:e9:54:1b:9b:f3:de:
         37:9e:25:16:db:50:e8:de:57:fe:fb:f9:f5:5d:a9:ab:2b:a9:
         5c:70:a2:5d:eb:a4:7c:23:0e:84:14:7f:59:61:56:36:f8:f8:
         6d:1b:41:78:29:a3:06:49:3d:25:5d:1d:65:fa:2d:51:54:db:
         3d:21:dd:a9:48:ed:71:d1:23:f6:62:bc:a7:50:4b:64:61:f2:
         2e:83:3c:0e:ef:ab:a2:41:23:ea:c6:11:ee:1d:6e:c3:32:fd:
         ec:03:f8:ba:d4:bc:4b:77:05:7f:b7:4b:66:f5:09:29:95:31:
         72:c5:e2:03:b3:8e:03:ac:25:2f:ec:7b:98:f3:54:1a:d1:46:
         fe:42:d5:de:cc:55:60:20:66:a5:b6:aa:69:d0:7f:cd:b7:df:
         9f:23:ba:48:8f:d4:3f:32:16:ad:ec:c0:4f:84:25:41:6c:ad:
         bf:08:2a:66:b2:90:75:f3:5d:b1:02:a9:7d:34:31:0f:5e:b9:
         c5:4c:28:52:3b:d2:55:cc:6d:99:43:4c:31:95:3b:91:d5:9c:
         5b:75:23:47:46:a2:c9:3a:1b:9f:9f:2d:2f:f9:a0:e1:bb:3c:
         4a:fd:18:26
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUV6KFiISCjEsDQO0uZEUJxKksBx0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDA1MTE3WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5N2MwOWIwMzcwYzM5M2EyMWNmNmI0Y2RlNTk0NWQ1NTlm
M2IzMzg1NDRjMGU0OThhMzVjYTNiYmRhZTYzYWIwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7CT858KOkzhdxQ4kshRP8eN/w9/TaoZ5aySzU+lDWcbaR
u2Qc5luuY5XyMr56bnx8mfY1mjHiyO68+4pPwz74Wd02V5vd6ODMtYC+lmBUdbL+
LwN1PVo6GDJh6ogZZgrAtKHdU0XeFIzSTuggdKAbhsY/JpC7B570J4M9Z1YbGoe4
FDFNmck7GilNeRdxr17JeUQgkz1HOk+ii4V3g2Kj9mnVsjJ9xeji7iJF1foz5P+K
RJoEqfjFl4/CLH08DLv5SqlhROYvZNqedjIoW2zy3/QgcrU3hfbmXlzwaZI4AYQv
lXiZaWoHZo7nbYARXF+iIP0RDKLPupzHI+fTv7BRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZFdyEeL0H3aN42Ivx+ZbXyNznAUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M1OWY4ZGM3LTA0MWUtNDNkMC04NmU4LTQ3ZjI5MGY0MjYwMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdjUgAwDQYJKoZIhvcNAQELBQADggEBAHw2iDRTfm/nd1BgGgkf0vmGRZ3t
V7zTCD43YvTpJulUG5vz3jeeJRbbUOjeV/77+fVdqasrqVxwol3rpHwjDoQUf1lh
Vjb4+G0bQXgpowZJPSVdHWX6LVFU2z0h3alI7XHRI/ZivKdQS2Rh8i6DPA7vq6JB
I+rGEe4dbsMy/ewD+LrUvEt3BX+3S2b1CSmVMXLF4gOzjgOsJS/se5jzVBrRRv5C
1d7MVWAgZqW2qmnQf823358jukiP1D8yFq3swE+EJUFsrb8IKmaykHXzXbECqX00
MQ9eucVMKFI70lXMbZlDTDGVO5HVnFt1I0dGosk6G5+fLS/5oOG7PEr9GCY=
-----END CERTIFICATE-----