Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8a3bbed-796b-4e0a-86a6-becaa61b84af.roa
File:                     d8a3bbed-796b-4e0a-86a6-becaa61b84af.roa (raw, json)
Hash identifier:          YX++tGrc4FE0q/pyV9mJ9tZ5j+GYQ+QSCJqABljOGuI=
Subject key identifier:   70:01:25:81:BF:83:93:8F:47:C7:99:E7:35:EC:29:10:2E:7A:E5:8F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       79DF4654DAEFB072A8D4D08D373B1C25F6C6B121
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8a3bbed-796b-4e0a-86a6-becaa61b84af.roa
Signing time:             Tue 14 Oct 2025 18:01:22 +0000
ROA not before:           Tue 14 Oct 2025 18:01:22 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.186.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:df:46:54:da:ef:b0:72:a8:d4:d0:8d:37:3b:1c:25:f6:c6:b1:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 18:01:22 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=490c986224019c31143577da47949f0a7b89226a3d16beef64bb78b62ed250db, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:d9:b5:eb:f5:6b:35:59:e3:c5:a9:3a:f6:59:
                    de:c2:98:4f:3d:df:8d:a8:bf:a1:cc:83:b7:ae:d7:
                    2a:36:95:a7:7d:18:a2:bd:87:d5:81:0a:9a:3e:04:
                    a8:91:db:2d:ff:f7:1c:8e:e7:d5:b5:71:82:a7:31:
                    42:c4:2c:d6:e9:92:bb:be:01:09:2f:02:5e:c1:db:
                    4a:18:a2:5f:9f:c7:a0:5c:62:3a:d8:33:56:22:27:
                    2c:b8:e2:25:18:3c:fa:50:bd:bc:ba:f4:8d:e5:e4:
                    53:86:ac:60:42:96:78:fb:8d:49:cb:75:62:1f:64:
                    ad:a9:2e:cc:7c:ee:a7:0f:74:8e:e8:4f:0d:72:4b:
                    88:6e:d7:f8:cd:b5:c5:1a:7a:42:64:98:42:55:d8:
                    5c:f1:80:d2:8b:5b:42:df:ea:8f:97:87:50:3f:00:
                    54:6b:9c:92:96:d0:06:07:27:4a:fd:0c:f3:22:01:
                    84:7f:a0:17:2c:09:78:cc:8f:eb:44:3f:ae:12:c9:
                    f5:5b:cc:e1:a6:fe:d3:e0:52:bc:0c:e8:35:d3:92:
                    51:f9:29:45:db:57:26:02:70:49:10:54:0c:a8:4e:
                    08:c0:55:ef:2b:bc:7f:cb:fb:61:0c:ab:a6:e7:53:
                    1e:6d:19:e0:4c:49:f9:9e:77:7d:8c:6d:f4:a3:3e:
                    cc:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:01:25:81:BF:83:93:8F:47:C7:99:E7:35:EC:29:10:2E:7A:E5:8F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8a3bbed-796b-4e0a-86a6-becaa61b84af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         35:8a:a0:88:84:2a:c6:d2:68:ec:8f:25:8b:dc:21:32:0c:1e:
         86:db:e4:5d:54:c3:ba:aa:7c:17:de:92:56:aa:e4:6a:13:5e:
         f8:2a:6c:15:e9:6a:6d:fa:6f:3f:1a:e1:9d:fc:00:95:c9:27:
         15:3e:34:61:d5:44:26:17:73:03:7b:c4:e1:3b:28:79:13:1a:
         23:fe:6d:22:3f:2a:94:00:d6:38:3a:79:0f:ae:07:d3:fd:dd:
         05:bd:d8:2e:53:9e:e6:38:b9:75:22:0d:2b:9c:e4:52:30:5d:
         71:ca:5c:6a:59:03:7e:2c:58:07:24:e0:28:d9:e8:0e:be:82:
         68:31:60:4e:53:22:00:2c:a9:d8:b0:49:57:30:a3:2f:46:4d:
         45:80:36:58:6f:23:ea:88:32:65:18:52:fc:7c:32:7a:cb:e3:
         54:b1:43:e0:0d:e0:c3:d4:2b:98:c1:99:36:02:6b:35:85:a0:
         f7:1d:bf:49:b8:69:b7:bd:c3:d4:12:a7:a0:87:15:82:d7:ab:
         21:67:bc:12:f2:94:f1:c5:c0:99:3f:76:db:6e:37:b2:9b:9f:
         e2:2e:4f:e0:ff:cf:23:f0:9f:af:5a:7e:00:45:6b:27:d8:26:
         44:0a:0f:08:25:d5:f7:e4:df:67:e9:d4:71:32:7b:25:e7:c2:
         e1:83:ae:91
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUed9GVNrvsHKo1NCNNzscJfbGsSEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTgwMTIyWhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0OTBjOTg2MjI0MDE5YzMxMTQzNTc3ZGE0Nzk0OWYwYTdi
ODkyMjZhM2QxNmJlZWY2NGJiNzhiNjJlZDI1MGRiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDc2bXr9Ws1WePFqTr2Wd7CmE89342ov6HMg7eu1yo2lad9
GKK9h9WBCpo+BKiR2y3/9xyO59W1cYKnMULELNbpkru+AQkvAl7B20oYol+fx6Bc
YjrYM1YiJyy44iUYPPpQvby69I3l5FOGrGBClnj7jUnLdWIfZK2pLsx87qcPdI7o
Tw1yS4hu1/jNtcUaekJkmEJV2FzxgNKLW0Lf6o+Xh1A/AFRrnJKW0AYHJ0r9DPMi
AYR/oBcsCXjMj+tEP64SyfVbzOGm/tPgUrwM6DXTklH5KUXbVyYCcEkQVAyoTgjA
Ve8rvH/L+2EMq6bnUx5tGeBMSfmed32MbfSjPsxXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcAElgb+Dk49Hx5nnNewpEC565Y8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q4YTNiYmVkLTc5NmItNGUwYS04NmE2LWJlY2FhNjFiODRhZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFjl7owDQYJKoZIhvcNAQELBQADggEBADWKoIiEKsbSaOyPJYvcITIMHobb
5F1Uw7qqfBfeklaq5GoTXvgqbBXpam36bz8a4Z38AJXJJxU+NGHVRCYXcwN7xOE7
KHkTGiP+bSI/KpQA1jg6eQ+uB9P93QW92C5TnuY4uXUiDSuc5FIwXXHKXGpZA34s
WAck4CjZ6A6+gmgxYE5TIgAsqdiwSVcwoy9GTUWANlhvI+qIMmUYUvx8MnrL41Sx
Q+AN4MPUK5jBmTYCazWFoPcdv0m4abe9w9QSp6CHFYLXqyFnvBLylPHFwJk/dttu
N7Kbn+IuT+D/zyPwn69afgBFayfYJkQKDwgl1ffk32fp1HEyeyXnwuGDrpE=
-----END CERTIFICATE-----