Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cd148089-693d-43b9-b8b9-506454930deb.roa
File:                     cd148089-693d-43b9-b8b9-506454930deb.roa (raw, json)
Hash identifier:          GsZkfYxES4y7sm1+uFAce1mMYJDfB9NbewVHfWMS8Oc=
Subject key identifier:   A0:27:D2:9D:92:A9:8C:41:2C:88:6B:6E:72:D7:C1:39:E5:CA:E8:E9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       26734F1FF351170C007F4BD9C805A69CA10E3E9C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cd148089-693d-43b9-b8b9-506454930deb.roa
Signing time:             Tue 14 Oct 2025 21:02:13 +0000
ROA not before:           Tue 14 Oct 2025 21:02:13 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.84.161.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:73:4f:1f:f3:51:17:0c:00:7f:4b:d9:c8:05:a6:9c:a1:0e:3e:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 21:02:13 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=e94343c6f5e4e34c274baa0241a5d9b6f781071a5baeb460564f19edf3f4c6df, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:39:a6:71:ca:cf:d3:0d:db:5a:a8:55:4f:58:
                    00:05:48:72:5f:c0:a6:aa:9b:ad:50:ed:6b:75:40:
                    e6:01:b3:30:59:3d:6c:69:e6:a9:44:ad:92:12:08:
                    73:cd:4a:68:aa:17:8b:40:12:17:ef:04:91:0f:de:
                    3f:23:37:87:b3:55:90:56:6d:d9:9a:f0:0e:2d:35:
                    70:ed:83:f3:93:aa:98:5a:5b:ca:7a:e0:7e:36:5d:
                    fd:30:5b:67:9c:99:e6:72:c9:9d:74:5a:e7:f1:d7:
                    7b:66:d3:74:8b:86:df:6e:d6:88:04:6e:49:7e:0b:
                    73:ff:52:99:98:b4:79:28:1f:a1:54:e1:d0:fd:4f:
                    b8:7f:d5:c9:92:8e:03:9f:1d:1d:7b:0a:1a:f2:9b:
                    f0:aa:73:a9:24:7e:6b:a6:e1:8a:2c:54:38:99:4e:
                    5a:24:93:81:be:31:d9:a7:66:35:07:17:bb:55:ab:
                    6e:54:e7:90:6b:bf:40:63:71:f0:3c:e7:a4:5e:a2:
                    8a:56:5d:69:1e:7f:9d:bc:85:06:f3:e6:d9:18:a4:
                    ee:39:43:30:16:d9:ff:31:8b:da:82:54:e4:ca:ea:
                    32:f8:bf:d7:4c:d2:cc:af:73:4f:04:e9:c2:49:cf:
                    71:6a:c9:3c:d8:dd:b7:3f:bc:01:fc:76:45:20:5f:
                    00:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:27:D2:9D:92:A9:8C:41:2C:88:6B:6E:72:D7:C1:39:E5:CA:E8:E9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cd148089-693d-43b9-b8b9-506454930deb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.84.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:0f:02:de:77:28:20:52:40:ba:c7:eb:63:7f:29:fa:93:4e:
         0c:5d:1e:c4:f5:b3:36:72:f1:f5:e4:bc:1d:4a:85:dc:81:a8:
         16:5a:f2:3d:08:85:87:c4:0f:ce:a6:17:76:23:e9:5f:7e:7b:
         4e:ee:8f:5d:35:a3:f0:2c:39:cf:39:0b:c2:93:22:c5:ab:41:
         3b:b8:66:03:f1:1b:99:96:ff:37:cb:80:23:c3:2e:66:4a:10:
         ab:d6:b5:e1:66:33:2a:cd:2f:63:f9:1d:5f:4d:4a:29:e1:63:
         39:56:a9:62:1f:d5:39:09:8d:33:d5:94:71:fb:1b:3d:65:d3:
         32:16:11:8c:b2:16:1a:1f:4d:0a:cf:fd:5f:86:d9:86:f0:0b:
         34:5e:4f:e2:05:7b:90:eb:28:bb:5d:dc:bd:1d:a1:f1:0a:14:
         6e:53:95:e2:67:52:a0:97:a9:51:88:1e:52:f4:5f:02:ca:ee:
         a4:4b:09:95:7d:cf:d8:19:90:5e:38:37:73:8b:a9:51:29:3e:
         98:71:86:1a:f7:37:1f:37:62:be:8e:25:ca:df:ba:99:c5:07:
         21:8e:00:65:58:ae:2e:d2:34:15:a2:11:5b:c5:51:95:6f:75:
         b5:09:02:c2:d8:4c:0b:93:9e:cd:be:9a:40:07:30:26:cb:82:
         09:a4:c6:54
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJnNPH/NRFwwAf0vZyAWmnKEOPpwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MjEwMjEzWhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlOTQzNDNjNmY1ZTRlMzRjMjc0YmFhMDI0MWE1ZDliNmY3
ODEwNzFhNWJhZWI0NjA1NjRmMTllZGYzZjRjNmRmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbOaZxys/TDdtaqFVPWAAFSHJfwKaqm61Q7Wt1QOYBszBZ
PWxp5qlErZISCHPNSmiqF4tAEhfvBJEP3j8jN4ezVZBWbdma8A4tNXDtg/OTqpha
W8p64H42Xf0wW2ecmeZyyZ10Wufx13tm03SLht9u1ogEbkl+C3P/UpmYtHkoH6FU
4dD9T7h/1cmSjgOfHR17Chrym/Cqc6kkfmum4YosVDiZTlokk4G+MdmnZjUHF7tV
q25U55Brv0BjcfA856ReoopWXWkef528hQbz5tkYpO45QzAW2f8xi9qCVOTK6jL4
v9dM0syvc08E6cJJz3FqyTzY3bc/vAH8dkUgXwArAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoCfSnZKpjEEsiGtuctfBOeXK6OkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NkMTQ4MDg5LTY5M2QtNDNiOS1iOGI5LTUwNjQ1NDkzMGRlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjVKEwDQYJKoZIhvcNAQELBQADggEBAJ0PAt53KCBSQLrH62N/KfqTTgxd
HsT1szZy8fXkvB1KhdyBqBZa8j0IhYfED86mF3Yj6V9+e07uj101o/AsOc85C8KT
IsWrQTu4ZgPxG5mW/zfLgCPDLmZKEKvWteFmMyrNL2P5HV9NSinhYzlWqWIf1TkJ
jTPVlHH7Gz1l0zIWEYyyFhofTQrP/V+G2YbwCzReT+IFe5DrKLtd3L0dofEKFG5T
leJnUqCXqVGIHlL0XwLK7qRLCZV9z9gZkF44N3OLqVEpPphxhhr3Nx83Yr6OJcrf
upnFByGOAGVYri7SNBWiEVvFUZVvdbUJAsLYTAuTns2+mkAHMCbLggmkxlQ=
-----END CERTIFICATE-----