Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4b140fa-30c0-42b4-b53e-402ed57c9884.roa
File:                     d4b140fa-30c0-42b4-b53e-402ed57c9884.roa (raw, json)
Hash identifier:          ReYf362dLqJUbZtIpmpcb9IlohrEa82ielvsY80etT0=
Subject key identifier:   75:DB:82:18:89:FB:CB:28:1C:38:86:D2:0C:33:0A:07:3A:E1:39:BC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       22CBE7B2929EC4F794FD58F03C9F3B49B4382941
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4b140fa-30c0-42b4-b53e-402ed57c9884.roa
Signing time:             Wed 15 Oct 2025 16:52:39 +0000
ROA not before:           Wed 15 Oct 2025 16:52:39 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.86.192.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:cb:e7:b2:92:9e:c4:f7:94:fd:58:f0:3c:9f:3b:49:b4:38:29:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 15 16:52:39 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=4d264565649ca8fe4cb8711bdef4d9d511a52c18aebe2890c2335eba4efe8e17, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:cb:bc:f8:95:a4:4f:6e:c0:b8:ce:ac:30:2a:
                    a2:b6:68:94:8f:f6:66:44:48:27:5e:f1:a1:e3:74:
                    6b:0d:61:0e:59:7a:6e:e8:2d:41:14:9b:29:b4:f8:
                    00:ac:9d:1d:72:f1:b7:82:67:03:3f:d2:d2:00:4a:
                    89:b0:c2:e5:21:75:46:c0:6b:fa:b0:30:f2:d6:9a:
                    07:08:45:0f:ac:06:dd:4c:bf:1d:8d:a0:67:fd:19:
                    ea:5c:d0:b5:64:29:ce:03:78:7d:f0:0b:87:86:c9:
                    55:07:8e:97:d5:53:67:51:20:5c:9e:6a:f7:85:df:
                    99:14:94:2b:48:9c:2a:f0:b7:58:10:33:64:81:37:
                    bd:b5:1b:a9:bb:19:9f:36:0a:6e:19:58:8d:02:9f:
                    60:fb:29:74:b7:37:b7:1f:ce:62:d9:4c:5b:67:0b:
                    04:82:3e:12:b9:7b:a8:14:4b:38:85:04:41:3e:61:
                    ec:15:6d:64:57:58:47:2f:c8:cf:da:fb:af:50:bb:
                    d8:8e:5b:e9:29:96:6c:c8:b0:fa:58:40:41:5e:d0:
                    1a:98:d3:5a:c8:e2:9c:e7:93:40:33:26:04:45:8f:
                    c4:9b:7f:e7:f9:81:ad:dd:10:8f:b9:9f:41:8c:4e:
                    66:ef:11:42:a4:d0:08:33:47:a6:6a:38:8f:87:3f:
                    fe:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:DB:82:18:89:FB:CB:28:1C:38:86:D2:0C:33:0A:07:3A:E1:39:BC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4b140fa-30c0-42b4-b53e-402ed57c9884.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.86.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:d2:f9:e3:b9:33:33:a1:62:5f:b3:1a:39:28:4c:8a:e2:61:
         36:47:4b:d1:c0:e7:5c:d2:e4:73:6e:03:aa:a6:01:f6:4e:1b:
         13:cd:33:d9:31:cf:98:57:d8:21:9d:b3:b2:95:da:d2:12:a1:
         3c:7b:32:90:b1:65:95:81:6a:d7:dc:c9:1b:0f:13:8d:ba:b1:
         1d:ca:d3:60:68:64:ed:ff:36:29:88:37:13:1f:8b:ac:05:43:
         fa:12:ca:87:b3:5a:10:b5:25:2f:ab:a6:d6:d3:67:8d:9e:ff:
         7f:92:6f:57:46:fe:11:0b:b7:f4:1c:61:f7:12:ed:ad:d0:b2:
         32:20:00:9b:5b:31:f3:a5:38:39:a0:cc:25:f4:bb:b0:4d:ab:
         2d:38:a2:07:4d:4a:ec:1b:0f:e6:f4:92:27:cc:45:e3:49:fb:
         70:de:c3:ec:4b:c2:70:1a:93:90:95:40:11:f8:db:2b:18:be:
         ae:6a:8d:37:5f:c6:f3:5c:dc:ff:8f:ac:09:6a:59:03:c2:3d:
         da:e3:85:61:aa:68:e4:c5:20:7c:75:1e:fe:9b:0e:57:4e:fb:
         e2:42:d8:49:ae:a4:b5:69:1e:5c:13:49:52:af:fe:50:74:17:
         12:b9:1d:0f:0f:d6:fd:4b:ec:1f:1a:9e:1b:d3:c8:79:c7:50:
         7c:6e:1b:4f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIsvnspKexPeU/VjwPJ87SbQ4KUEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE1MTY1MjM5WhcNMjUxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZDI2NDU2NTY0OWNhOGZlNGNiODcxMWJkZWY0ZDlkNTEx
YTUyYzE4YWViZTI4OTBjMjMzNWViYTRlZmU4ZTE3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKy7z4laRPbsC4zqwwKqK2aJSP9mZESCde8aHjdGsNYQ5Z
em7oLUEUmym0+ACsnR1y8beCZwM/0tIASomwwuUhdUbAa/qwMPLWmgcIRQ+sBt1M
vx2NoGf9Gepc0LVkKc4DeH3wC4eGyVUHjpfVU2dRIFyeaveF35kUlCtInCrwt1gQ
M2SBN721G6m7GZ82Cm4ZWI0Cn2D7KXS3N7cfzmLZTFtnCwSCPhK5e6gUSziFBEE+
YewVbWRXWEcvyM/a+69Qu9iOW+kplmzIsPpYQEFe0BqY01rI4pznk0AzJgRFj8Sb
f+f5ga3dEI+5n0GMTmbvEUKk0AgzR6ZqOI+HP/6LAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdduCGIn7yygcOIbSDDMKBzrhObwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q0YjE0MGZhLTMwYzAtNDJiNC1iNTNlLTQwMmVkNTdjOTg4NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJjVsAwDQYJKoZIhvcNAQELBQADggEBAC/S+eO5MzOhYl+zGjkoTIriYTZH
S9HA51zS5HNuA6qmAfZOGxPNM9kxz5hX2CGds7KV2tISoTx7MpCxZZWBatfcyRsP
E426sR3K02BoZO3/NimINxMfi6wFQ/oSyoezWhC1JS+rptbTZ42e/3+Sb1dG/hEL
t/QcYfcS7a3QsjIgAJtbMfOlODmgzCX0u7BNqy04ogdNSuwbD+b0kifMReNJ+3De
w+xLwnAak5CVQBH42ysYvq5qjTdfxvNc3P+PrAlqWQPCPdrjhWGqaOTFIHx1Hv6b
DldO++JC2EmupLVpHlwTSVKv/lB0FxK5HQ8P1v1L7B8anhvTyHnHUHxuG08=
-----END CERTIFICATE-----