Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d2b4043e-bd7b-4569-909f-36c617544f6f.roa
File:                     d2b4043e-bd7b-4569-909f-36c617544f6f.roa (raw, json)
Hash identifier:          PMei1SPKxrSon2NLld/Bpshf/xEjMC0skRv/jWN/I/k=
Subject key identifier:   4D:36:D5:C9:52:81:5E:85:FB:9A:46:C7:64:8C:D2:47:B1:AB:29:A1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6F654742C8C0E717C911C79C17D06C6FC0F31329
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d2b4043e-bd7b-4569-909f-36c617544f6f.roa
Signing time:             Fri 03 Oct 2025 00:52:09 +0000
ROA not before:           Fri 03 Oct 2025 00:52:09 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        99.77.129.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:65:47:42:c8:c0:e7:17:c9:11:c7:9c:17:d0:6c:6f:c0:f3:13:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 00:52:09 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=458baabb642125315074a94489aaa047f71cd0ee663b6646bedce233e102766c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:bc:53:38:30:bc:0b:02:bc:43:59:a1:ca:21:
                    33:e0:93:40:b8:c9:76:ec:64:b4:5a:6b:51:2f:46:
                    3d:89:c3:3e:45:66:8b:49:08:eb:15:31:1d:3a:dd:
                    02:bf:57:80:6f:d9:cb:57:6a:72:90:e6:64:e3:e5:
                    77:cd:1f:45:a1:15:22:cd:a4:e6:40:75:a1:76:91:
                    70:49:b8:51:19:f2:ec:b2:ab:98:53:e0:ee:d9:cf:
                    f0:01:7d:93:38:81:72:b6:96:2c:5d:9a:e3:3b:44:
                    95:95:2f:ca:75:45:94:d4:7b:eb:bb:dd:cd:51:42:
                    d5:24:46:c4:ca:f7:d6:7d:30:86:8e:54:bc:dc:14:
                    ee:52:16:7d:ce:82:6e:f7:24:18:ac:d1:3f:a7:05:
                    60:cb:28:5c:8a:df:c6:ff:73:83:4b:8f:11:20:38:
                    cf:28:1d:87:0d:ea:48:b7:25:80:85:ae:33:25:11:
                    94:2b:40:35:c3:af:de:82:39:8c:f7:08:a1:75:b2:
                    f5:09:7a:f6:26:79:86:b7:b2:65:2e:07:70:8e:f4:
                    1c:42:52:b4:ff:9b:91:57:08:7a:26:38:ab:91:42:
                    fd:15:0b:2a:a3:63:3e:0b:c8:01:fb:7b:e2:99:54:
                    e8:fa:3b:b4:b2:cf:1c:24:f2:26:44:c9:4b:b2:cc:
                    48:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:36:D5:C9:52:81:5E:85:FB:9A:46:C7:64:8C:D2:47:B1:AB:29:A1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d2b4043e-bd7b-4569-909f-36c617544f6f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:2d:67:11:2d:f5:9f:c3:64:db:87:f8:46:8a:ce:d5:33:35:
         fe:97:2a:0d:f9:15:cb:d2:27:dc:de:bb:82:87:72:87:b2:0c:
         e1:34:6a:22:67:9d:ec:bd:34:17:f6:f9:99:f9:7c:14:52:8e:
         44:fa:86:06:8b:7c:09:99:57:08:4e:b9:89:f7:0d:95:91:aa:
         f8:bf:26:e9:69:f0:5d:2e:ba:ed:6c:76:df:28:36:34:ef:e6:
         04:4a:bf:9d:78:33:86:c5:ef:3d:5d:f0:c8:30:14:f6:ab:3a:
         08:0b:d4:55:11:21:22:45:8c:e5:80:34:08:18:b4:59:df:78:
         be:c9:17:2f:b2:ea:ca:c8:65:10:33:2b:a3:ac:1c:e3:9d:a3:
         d0:bb:fe:98:2c:0f:64:29:36:02:9b:a3:5c:0a:20:d0:43:c4:
         a3:6b:77:42:e5:42:29:67:46:18:71:d6:f7:26:79:bd:a8:3b:
         5c:68:8a:47:9d:50:69:f0:17:d5:21:9f:26:71:ed:45:24:a7:
         72:80:bc:0f:09:5a:ba:ad:a1:91:a6:33:27:ae:40:78:6d:fc:
         d6:e2:0f:eb:b9:e6:51:82:65:08:c5:2c:6e:4b:70:97:e5:e8:
         c4:0b:d0:40:3e:3f:26:81:ac:95:e3:ae:b4:3e:d4:b9:54:98:
         14:39:cb:f5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUb2VHQsjA5xfJEcecF9Bsb8DzEykwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMDA1MjA5WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NThiYWFiYjY0MjEyNTMxNTA3NGE5NDQ4OWFhYTA0N2Y3
MWNkMGVlNjYzYjY2NDZiZWRjZTIzM2UxMDI3NjZjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUvFM4MLwLArxDWaHKITPgk0C4yXbsZLRaa1EvRj2Jwz5F
ZotJCOsVMR063QK/V4Bv2ctXanKQ5mTj5XfNH0WhFSLNpOZAdaF2kXBJuFEZ8uyy
q5hT4O7Zz/ABfZM4gXK2lixdmuM7RJWVL8p1RZTUe+u73c1RQtUkRsTK99Z9MIaO
VLzcFO5SFn3Ogm73JBis0T+nBWDLKFyK38b/c4NLjxEgOM8oHYcN6ki3JYCFrjMl
EZQrQDXDr96COYz3CKF1svUJevYmeYa3smUuB3CO9BxCUrT/m5FXCHomOKuRQv0V
CyqjYz4LyAH7e+KZVOj6O7Syzxwk8iZEyUuyzEjhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTTbVyVKBXoX7mkbHZIzSR7GrKaEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QyYjQwNDNlLWJkN2ItNDU2OS05MDlmLTM2YzYxNzU0NGY2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTYEwDQYJKoZIhvcNAQELBQADggEBABgtZxEt9Z/DZNuH+EaKztUzNf6X
Kg35FcvSJ9zeu4KHcoeyDOE0aiJnney9NBf2+Zn5fBRSjkT6hgaLfAmZVwhOuYn3
DZWRqvi/Julp8F0uuu1sdt8oNjTv5gRKv514M4bF7z1d8MgwFParOggL1FURISJF
jOWANAgYtFnfeL7JFy+y6srIZRAzK6OsHOOdo9C7/pgsD2QpNgKbo1wKINBDxKNr
d0LlQilnRhhx1vcmeb2oO1xoikedUGnwF9UhnyZx7UUkp3KAvA8JWrqtoZGmMyeu
QHht/NbiD+u55lGCZQjFLG5LcJfl6MQL0EA+PyaBrJXjrrQ+1LlUmBQ5y/U=
-----END CERTIFICATE-----