Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c66eec88-d0f5-4bf2-ae98-403dddce823d.roa
File:                     c66eec88-d0f5-4bf2-ae98-403dddce823d.roa (raw, json)
Hash identifier:          1pMJpXVP2SpWLiQ4JKCWPtrdmloXz5a2zs+YwKunQG8=
Subject key identifier:   7E:1A:D6:4E:2D:F4:91:6E:7D:66:F3:3A:4B:4F:C9:79:D2:F0:80:47
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7A81D45811E49EAD5DD2B91FDB72C901922A69FF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c66eec88-d0f5-4bf2-ae98-403dddce823d.roa
Signing time:             Wed 15 Oct 2025 16:11:13 +0000
ROA not before:           Wed 15 Oct 2025 16:11:13 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.86.242.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:81:d4:58:11:e4:9e:ad:5d:d2:b9:1f:db:72:c9:01:92:2a:69:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 15 16:11:13 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=857e4bcb10a5b365636a327075c2bc1e139afd499c9cad47c16f017ca3786ad3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:89:11:12:5f:46:4c:a1:85:28:ba:7a:51:f3:
                    88:d2:ee:fe:4c:4f:56:f7:e9:12:49:04:e5:aa:31:
                    fe:04:54:64:8e:e5:9f:39:09:0d:f6:bf:b8:dc:32:
                    c9:29:c6:4b:9f:30:d4:9a:b1:e4:c1:84:02:77:97:
                    4a:15:94:99:18:92:89:fb:94:8a:34:1b:76:cd:03:
                    05:74:ae:33:60:e9:7c:88:ab:16:bf:27:73:93:af:
                    87:6b:6d:f0:52:2d:75:86:d9:ca:98:26:4d:e9:1a:
                    5d:2a:a7:d4:7f:7d:d4:27:61:56:01:12:5e:aa:f6:
                    bd:9f:95:d1:c4:af:9a:9e:6e:2e:71:84:3a:54:26:
                    3e:a0:aa:b9:f0:09:b7:7c:af:42:ed:e7:14:b0:46:
                    c6:00:8f:60:99:fb:26:13:6d:26:a5:c3:ff:62:84:
                    59:2e:2f:e9:85:ae:84:1b:a8:43:37:97:18:7b:a2:
                    10:28:5c:11:dc:92:a7:30:37:2c:75:00:e2:a2:44:
                    d6:79:11:63:bc:23:63:c4:dc:45:19:ec:77:c8:eb:
                    8c:cd:d4:ab:21:81:2e:36:66:19:32:95:e5:1c:b8:
                    96:2c:07:03:39:3f:fa:55:6c:4f:55:2b:37:8a:55:
                    49:c2:6b:ea:38:d2:9e:f4:87:14:5a:e9:8b:c0:29:
                    9e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:1A:D6:4E:2D:F4:91:6E:7D:66:F3:3A:4B:4F:C9:79:D2:F0:80:47
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c66eec88-d0f5-4bf2-ae98-403dddce823d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.86.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:d2:97:9e:30:ec:44:1b:e2:dd:23:01:fe:4e:35:fb:2b:02:
         34:f0:c6:74:0a:f8:f3:d1:e4:83:e2:3a:c1:91:c9:4f:19:e8:
         32:f0:66:00:9d:74:a1:cc:1a:9b:a8:1d:c1:2e:0e:ec:a3:71:
         1e:c6:2e:71:e7:e8:13:51:60:28:bb:24:62:6e:34:6f:64:11:
         cf:c5:d7:d6:bb:f2:46:d2:df:1a:6a:0b:7c:02:5f:01:26:a4:
         f0:e2:25:43:78:2c:27:ff:0b:25:4e:48:b8:89:51:5c:23:ba:
         88:ff:2f:b8:4d:eb:bd:66:be:48:9e:75:71:f9:08:c6:83:6c:
         b2:ef:a1:ba:ee:9a:7b:99:8c:85:4e:2d:c6:e1:09:0a:96:18:
         02:b7:e7:ae:ae:a0:94:bb:2e:cd:31:af:e8:5b:71:52:4f:bc:
         44:b7:40:4b:dc:2a:c7:14:04:35:0c:45:c9:00:12:b7:43:f2:
         05:3b:e4:43:48:ef:c9:2e:1d:9f:c1:be:d5:65:5f:0f:48:e4:
         ef:6b:ac:6c:a3:b5:15:09:0c:ed:03:ce:09:3f:11:01:a4:c0:
         ec:38:7d:2f:48:56:d4:9f:06:9a:37:fd:fd:04:68:9d:53:3e:
         be:ee:f5:45:5e:85:9d:44:c9:01:3b:2c:fd:4a:9c:9d:e1:7f:
         d5:f6:dd:19
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeoHUWBHknq1d0rkf23LJAZIqaf8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE1MTYxMTEzWhcNMjUxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NTdlNGJjYjEwYTViMzY1NjM2YTMyNzA3NWMyYmMxZTEz
OWFmZDQ5OWM5Y2FkNDdjMTZmMDE3Y2EzNzg2YWQzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoiRESX0ZMoYUounpR84jS7v5MT1b36RJJBOWqMf4EVGSO
5Z85CQ32v7jcMskpxkufMNSaseTBhAJ3l0oVlJkYkon7lIo0G3bNAwV0rjNg6XyI
qxa/J3OTr4drbfBSLXWG2cqYJk3pGl0qp9R/fdQnYVYBEl6q9r2fldHEr5qebi5x
hDpUJj6gqrnwCbd8r0Lt5xSwRsYAj2CZ+yYTbSalw/9ihFkuL+mFroQbqEM3lxh7
ohAoXBHckqcwNyx1AOKiRNZ5EWO8I2PE3EUZ7HfI64zN1KshgS42ZhkyleUcuJYs
BwM5P/pVbE9VKzeKVUnCa+o40p70hxRa6YvAKZ69AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfhrWTi30kW59ZvM6S0/JedLwgEcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M2NmVlYzg4LWQwZjUtNGJmMi1hZTk4LTQwM2RkZGNlODIzZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFjVvIwDQYJKoZIhvcNAQELBQADggEBACrSl54w7EQb4t0jAf5ONfsrAjTw
xnQK+PPR5IPiOsGRyU8Z6DLwZgCddKHMGpuoHcEuDuyjcR7GLnHn6BNRYCi7JGJu
NG9kEc/F19a78kbS3xpqC3wCXwEmpPDiJUN4LCf/CyVOSLiJUVwjuoj/L7hN671m
vkiedXH5CMaDbLLvobrumnuZjIVOLcbhCQqWGAK3566uoJS7Ls0xr+hbcVJPvES3
QEvcKscUBDUMRckAErdD8gU75ENI78kuHZ/BvtVlXw9I5O9rrGyjtRUJDO0Dzgk/
EQGkwOw4fS9IVtSfBpo3/f0EaJ1TPr7u9UVehZ1EyQE7LP1KnJ3hf9X23Rk=
-----END CERTIFICATE-----