Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dafad788-f823-40c4-a65f-5cf6ecf7c9cb.roa
File:                     dafad788-f823-40c4-a65f-5cf6ecf7c9cb.roa (raw, json)
Hash identifier:          G1fbrULgY2PFaGUnFU1MDDXrxXUJqLK/oN8tK844BJo=
Subject key identifier:   02:45:2B:82:4D:E7:CF:0C:D1:18:10:02:05:88:10:E8:C7:7B:BB:D2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3341CD3A492B8CCB728ED4496A3A1D5A252C9AE3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dafad788-f823-40c4-a65f-5cf6ecf7c9cb.roa
Signing time:             Fri 03 Oct 2025 15:01:07 +0000
ROA not before:           Fri 03 Oct 2025 15:01:07 +0000
ROA not after:            Fri 07 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.83.101.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:41:cd:3a:49:2b:8c:cb:72:8e:d4:49:6a:3a:1d:5a:25:2c:9a:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  3 15:01:07 2025 GMT
            Not After : Nov  7 23:59:59 2025 GMT
        Subject: serialNumber=de57537dc8c95f1bd3208ae2fd6149d78b157f49334f68bb77e708a924a82564, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:14:89:74:f2:23:d6:1b:2a:03:7a:c0:76:da:
                    d0:c4:d7:39:43:39:ff:2c:76:0f:51:d6:48:5a:c1:
                    93:3f:8f:43:0a:32:57:27:bf:b2:fa:c6:2e:e0:34:
                    39:d4:ee:43:e4:1d:11:1c:6d:e0:89:cf:7d:e5:9b:
                    1e:38:4b:bf:b2:18:9d:dd:7d:01:d6:97:a4:4c:df:
                    8a:9e:39:46:29:5f:96:66:41:16:94:20:88:f8:60:
                    2a:89:db:ce:30:f0:75:84:52:b6:27:37:d2:6c:79:
                    8d:df:54:f2:4a:b0:98:48:d9:bf:e2:8c:f6:9f:a7:
                    b8:db:d0:9e:ff:6f:d1:61:31:50:80:4e:59:45:9a:
                    ec:18:ea:4a:d4:a8:32:c5:42:56:2b:f6:ee:76:b9:
                    ae:4f:f2:2a:11:0d:81:23:d1:92:3e:15:c6:99:70:
                    9b:bd:40:c4:27:04:26:95:c9:1b:66:e9:be:da:43:
                    fc:3f:33:52:ee:59:13:f6:96:a9:b2:fc:54:4b:65:
                    fc:61:ac:fb:94:9f:d6:30:3a:4d:d9:53:b0:0b:90:
                    8b:b1:a7:b5:fa:50:7c:5d:d1:f5:3a:06:2c:41:cf:
                    3b:6a:6d:9c:fc:65:1c:17:a0:3e:34:bb:6c:b6:57:
                    4c:a5:f9:86:65:f0:86:cc:02:44:b2:4d:19:40:e4:
                    94:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:45:2B:82:4D:E7:CF:0C:D1:18:10:02:05:88:10:E8:C7:7B:BB:D2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dafad788-f823-40c4-a65f-5cf6ecf7c9cb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.83.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:66:e9:7c:ee:58:95:36:a6:c2:e0:0a:ef:99:cd:29:78:20:
         ab:59:dc:d4:50:54:00:f3:42:5c:49:89:9a:45:ee:e2:fa:d3:
         b3:bb:a2:d0:5f:a5:5b:fa:99:e9:13:59:35:43:75:f4:31:66:
         9f:44:88:78:c5:29:9b:63:ef:be:03:dd:18:7e:b6:b5:df:4a:
         56:40:98:f2:b7:b8:7b:38:82:7b:de:43:82:2d:46:66:a4:ad:
         7d:0a:4f:98:7c:bc:b5:c9:35:19:f7:8f:22:c9:ad:03:31:3d:
         c8:43:c5:97:33:a2:37:25:c9:35:f1:76:4f:c1:ab:a1:92:83:
         0b:89:8e:26:a1:c2:4f:32:7e:55:39:06:c9:38:71:fe:bf:b3:
         6d:f9:2b:be:00:6c:0b:b2:f4:ea:ad:74:80:da:4c:0c:b9:07:
         d5:e8:e5:08:a1:15:27:04:2e:bf:20:47:a7:b7:3d:4b:9d:cf:
         14:61:9a:77:40:1c:d4:44:91:de:00:91:d5:87:cd:fb:a2:36:
         6f:ef:b1:7a:2a:85:f1:66:4d:b6:e0:b2:d3:56:ed:ca:55:a5:
         8f:8a:9b:ac:7b:1a:f4:b1:56:b3:cb:34:e2:08:df:75:86:78:
         31:eb:8b:c9:17:a9:8d:ef:39:97:16:d9:88:76:09:26:b0:9b:
         5e:7b:f1:9e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUM0HNOkkrjMtyjtRJajodWiUsmuMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDAzMTUwMTA3WhcNMjUxMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZTU3NTM3ZGM4Yzk1ZjFiZDMyMDhhZTJmZDYxNDlkNzhi
MTU3ZjQ5MzM0ZjY4YmI3N2U3MDhhOTI0YTgyNTY0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMFIl08iPWGyoDesB22tDE1zlDOf8sdg9R1khawZM/j0MK
Mlcnv7L6xi7gNDnU7kPkHREcbeCJz33lmx44S7+yGJ3dfQHWl6RM34qeOUYpX5Zm
QRaUIIj4YCqJ284w8HWEUrYnN9JseY3fVPJKsJhI2b/ijPafp7jb0J7/b9FhMVCA
TllFmuwY6krUqDLFQlYr9u52ua5P8ioRDYEj0ZI+FcaZcJu9QMQnBCaVyRtm6b7a
Q/w/M1LuWRP2lqmy/FRLZfxhrPuUn9YwOk3ZU7ALkIuxp7X6UHxd0fU6BixBzztq
bZz8ZRwXoD40u2y2V0yl+YZl8IbMAkSyTRlA5JTpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAkUrgk3nzwzRGBACBYgQ6Md7u9IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RhZmFkNzg4LWY4MjMtNDBjNC1hNjVmLTVjZjZlY2Y3YzljYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjU2UwDQYJKoZIhvcNAQELBQADggEBAGRm6XzuWJU2psLgCu+ZzSl4IKtZ
3NRQVADzQlxJiZpF7uL607O7otBfpVv6mekTWTVDdfQxZp9EiHjFKZtj774D3Rh+
trXfSlZAmPK3uHs4gnveQ4ItRmakrX0KT5h8vLXJNRn3jyLJrQMxPchDxZczojcl
yTXxdk/Bq6GSgwuJjiahwk8yflU5Bsk4cf6/s235K74AbAuy9OqtdIDaTAy5B9Xo
5QihFScELr8gR6e3PUudzxRhmndAHNREkd4AkdWHzfuiNm/vsXoqhfFmTbbgstNW
7cpVpY+Km6x7GvSxVrPLNOII33WGeDHri8kXqY3vOZcW2Yh2CSawm1578Z4=
-----END CERTIFICATE-----