Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db2b5425-1c92-4932-adbb-14c43fe3b34f.roa
File:                     db2b5425-1c92-4932-adbb-14c43fe3b34f.roa (raw, json)
Hash identifier:          utuiAy1ui/RhFh1nby/3Qv0qFKHyMT8Qm7dmFkkCLHE=
Subject key identifier:   63:41:93:9E:A0:76:15:D1:C1:AA:96:46:77:34:67:7E:71:2C:07:CD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3734F8821643A7ADEA7CDA45AFB1AEBB05C42538
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db2b5425-1c92-4932-adbb-14c43fe3b34f.roa
Signing time:             Wed 15 Oct 2025 18:02:10 +0000
ROA not before:           Wed 15 Oct 2025 18:02:10 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.86.104.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:34:f8:82:16:43:a7:ad:ea:7c:da:45:af:b1:ae:bb:05:c4:25:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 15 18:02:10 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=5472bde871edf25bd1c5c9cc3254322bc3d90b6ed793075f67cb1cb3ec4457a7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:27:26:85:77:c7:58:c7:10:f5:8a:05:5a:e6:
                    ef:e2:d5:d3:71:fd:6f:57:a8:39:08:87:d9:6c:17:
                    b2:c1:21:24:73:11:a6:11:1d:32:bc:49:7d:87:3c:
                    50:fb:9a:68:17:9b:af:0f:6d:ae:c4:7e:de:bc:a1:
                    cc:3b:39:f1:5f:68:e5:24:3d:c9:0d:68:6d:70:f9:
                    fc:5b:d7:ec:b8:78:ef:fd:66:67:8b:56:89:56:c8:
                    bb:8f:ef:39:60:19:d7:13:63:cf:8a:36:df:65:b2:
                    14:d6:73:00:8d:66:19:81:c0:3d:65:c8:96:02:1e:
                    ef:e8:09:c9:a5:ff:32:91:f2:12:d2:cc:cb:60:7b:
                    5f:16:7e:b4:8d:76:f1:36:5c:f6:2f:0c:e5:41:b0:
                    ac:bd:f2:2d:08:a2:3c:5e:21:99:eb:9f:8e:06:b6:
                    06:1e:32:46:18:d4:c9:78:6f:5b:99:c4:15:d7:2e:
                    93:c6:e9:f3:1e:e5:1c:31:44:cd:dc:d1:e6:43:ab:
                    1d:72:1f:e4:15:ca:97:e2:f9:11:7d:d3:8f:36:a5:
                    08:ac:6d:eb:4d:b3:96:31:ba:6c:05:ee:df:49:ab:
                    b0:d0:6e:f3:a6:52:73:53:cf:0a:59:9d:b1:c5:72:
                    5f:5b:d2:70:3c:f1:b2:06:3b:05:02:3c:dd:9c:51:
                    c9:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:41:93:9E:A0:76:15:D1:C1:AA:96:46:77:34:67:7E:71:2C:07:CD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db2b5425-1c92-4932-adbb-14c43fe3b34f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.86.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:2e:9a:c8:e1:7a:55:69:ee:41:f9:08:fc:cf:a1:c7:99:df:
         2b:61:56:88:26:14:ba:83:fb:a6:4f:f3:71:0f:e1:9c:f8:00:
         e6:37:14:0b:5c:b6:0d:eb:1f:45:2a:95:a8:62:9e:e6:f5:a5:
         d9:d0:68:d2:fb:c2:da:28:44:fa:0d:66:db:ef:6d:8e:74:f8:
         a2:ae:da:bd:70:50:49:a4:a8:91:92:70:fe:db:82:c1:b3:ad:
         af:f2:78:18:92:42:fd:bc:e1:8f:e6:52:46:5a:49:28:9f:00:
         13:24:28:2b:2f:86:74:69:c5:17:e7:2c:df:1a:ce:b9:11:db:
         62:0a:37:ca:69:e4:51:6a:e8:f1:70:09:81:ac:99:1a:75:4d:
         62:19:ad:37:1f:ce:1a:67:62:c6:b9:e9:c1:1b:3d:67:63:dc:
         78:94:f2:2e:2f:a8:e7:70:47:fc:72:58:d6:e6:6b:a4:18:a5:
         7c:10:8b:cd:dd:e8:bc:99:51:94:6a:53:4d:3d:42:1e:d6:6f:
         1d:83:54:1e:c2:6a:41:0b:b7:60:d2:fa:cb:89:0c:07:74:69:
         30:ae:02:b8:f0:b5:c9:5e:03:e1:d6:f6:d3:ee:5c:47:6a:1a:
         c1:3e:83:d8:4b:3d:3e:a3:7a:29:38:72:1e:01:46:de:f8:b3:
         aa:fb:4e:90
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNzT4ghZDp63qfNpFr7GuuwXEJTgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE1MTgwMjEwWhcNMjUxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NDcyYmRlODcxZWRmMjViZDFjNWM5Y2MzMjU0MzIyYmMz
ZDkwYjZlZDc5MzA3NWY2N2NiMWNiM2VjNDQ1N2E3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDaJyaFd8dYxxD1igVa5u/i1dNx/W9XqDkIh9lsF7LBISRz
EaYRHTK8SX2HPFD7mmgXm68Pba7Eft68ocw7OfFfaOUkPckNaG1w+fxb1+y4eO/9
ZmeLVolWyLuP7zlgGdcTY8+KNt9lshTWcwCNZhmBwD1lyJYCHu/oCcml/zKR8hLS
zMtge18WfrSNdvE2XPYvDOVBsKy98i0IojxeIZnrn44GtgYeMkYY1Ml4b1uZxBXX
LpPG6fMe5RwxRM3c0eZDqx1yH+QVypfi+RF90482pQisbetNs5YxumwF7t9Jq7DQ
bvOmUnNTzwpZnbHFcl9b0nA88bIGOwUCPN2cUcnTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUY0GTnqB2FdHBqpZGdzRnfnEsB80wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RiMmI1NDI1LTFjOTItNDkzMi1hZGJiLTE0YzQzZmUzYjM0Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFjVmgwDQYJKoZIhvcNAQELBQADggEBAGwumsjhelVp7kH5CPzPoceZ3yth
VogmFLqD+6ZP83EP4Zz4AOY3FAtctg3rH0Uqlahinub1pdnQaNL7wtooRPoNZtvv
bY50+KKu2r1wUEmkqJGScP7bgsGzra/yeBiSQv284Y/mUkZaSSifABMkKCsvhnRp
xRfnLN8azrkR22IKN8pp5FFq6PFwCYGsmRp1TWIZrTcfzhpnYsa56cEbPWdj3HiU
8i4vqOdwR/xyWNbma6QYpXwQi83d6LyZUZRqU009Qh7Wbx2DVB7CakELt2DS+suJ
DAd0aTCuArjwtcleA+HW9tPuXEdqGsE+g9hLPT6jeik4ch4BRt74s6r7TpA=
-----END CERTIFICATE-----