Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dd6211a8-ed83-4be5-8e76-b3fb1b93976d.roa
File:                     dd6211a8-ed83-4be5-8e76-b3fb1b93976d.roa (raw, json)
Hash identifier:          Xrrk6ieUYkGlgrTN4YPebtMzKTRfQVXJ0UbKx6B7D5k=
Subject key identifier:   4F:C8:58:C9:41:C7:BB:98:9F:7A:7F:2B:A7:BD:F9:5C:70:34:D8:29
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       604E76EAB8BDCA371057AB25B474AD73DDB85016
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dd6211a8-ed83-4be5-8e76-b3fb1b93976d.roa
Signing time:             Wed 15 Oct 2025 16:22:52 +0000
ROA not before:           Wed 15 Oct 2025 16:22:52 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.86.99.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:4e:76:ea:b8:bd:ca:37:10:57:ab:25:b4:74:ad:73:dd:b8:50:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 15 16:22:52 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=257788cdb25e307d1a217109dc006e56ef75fad67d56108d8927b9bcc1120a95, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:c1:bf:a3:78:89:51:9a:97:87:58:35:c3:6b:
                    26:8d:5e:18:8d:65:3d:64:58:36:ec:ca:60:ac:1a:
                    e8:60:b2:c3:e6:c0:a3:7f:68:d1:39:6b:80:5c:85:
                    15:c4:c3:6a:3a:76:b4:c5:d1:6d:a7:2d:4d:74:96:
                    5e:f9:2f:be:07:3a:2f:8f:94:dd:82:95:9f:4c:9f:
                    3b:da:eb:93:e3:65:f3:08:70:b8:4c:10:76:a3:c5:
                    0f:7e:01:48:da:52:0e:7d:71:f6:ab:26:f2:4d:da:
                    b5:9e:49:73:0e:ca:d6:f4:fe:af:c6:47:9a:17:aa:
                    ac:9a:dd:af:af:3c:78:34:9c:2f:7f:84:03:e9:6f:
                    76:6a:a7:9f:dd:d4:d4:b6:bf:a1:97:19:e0:d5:a9:
                    28:32:7a:8e:2d:f9:8a:a7:10:8b:02:97:b8:53:0a:
                    a7:68:d2:0c:f0:85:c2:9b:6e:6f:0e:7f:28:19:2a:
                    04:01:19:5e:bc:43:d2:b5:c8:5a:39:ea:88:0e:06:
                    59:1d:44:19:ab:63:1b:93:bc:1c:e9:0a:10:d2:6d:
                    fa:5b:39:50:fb:8b:ce:90:4a:6a:1d:98:93:14:b1:
                    0a:8a:38:e3:38:70:98:98:15:3b:02:39:70:76:71:
                    e0:89:66:67:a2:4f:36:7e:fd:0f:ed:53:15:8f:d2:
                    8a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:C8:58:C9:41:C7:BB:98:9F:7A:7F:2B:A7:BD:F9:5C:70:34:D8:29
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dd6211a8-ed83-4be5-8e76-b3fb1b93976d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.86.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:e3:4f:03:09:e6:73:01:1e:21:eb:dc:46:84:1c:e4:d3:11:
         db:4f:7f:c4:e7:17:27:b3:29:2f:ec:cf:20:c1:d5:d6:8a:38:
         76:c4:6f:d1:aa:0d:f8:0c:76:5c:4f:b2:43:34:66:54:a9:ee:
         57:29:f3:64:f6:98:d6:23:5b:b7:c7:e7:e5:de:16:58:a9:58:
         d2:db:2f:f0:3f:a0:2d:44:19:9f:d5:60:53:2b:08:cb:e4:65:
         ea:3d:cb:cd:3e:56:03:20:ca:0e:b6:1a:c4:c8:84:be:32:5f:
         7b:5e:68:66:f9:40:33:da:2b:13:6e:4d:f5:af:e5:ea:60:04:
         29:bf:55:ff:de:07:05:fe:32:d1:4e:50:48:bb:20:76:34:80:
         f4:94:17:b7:0b:37:89:d4:c0:65:e7:d1:fb:70:96:f4:e6:11:
         c6:1f:00:17:0f:a4:7d:c6:45:e4:5a:11:3a:10:ca:60:de:46:
         e9:01:f8:6c:5a:c8:92:11:71:76:6d:e9:78:f3:95:09:ca:7d:
         a5:3f:d4:31:18:d7:22:6f:78:2c:90:38:d2:0d:cd:b8:3b:70:
         80:df:48:a1:2d:7f:1f:6d:bc:4e:3b:81:6b:2d:85:79:8f:7c:
         4f:ac:a4:e3:39:67:c6:36:06:c0:43:da:5a:67:e5:44:b6:5d:
         9a:bf:ae:b4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYE526ri9yjcQV6sltHStc924UBYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE1MTYyMjUyWhcNMjUxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNTc3ODhjZGIyNWUzMDdkMWEyMTcxMDlkYzAwNmU1NmVm
NzVmYWQ2N2Q1NjEwOGQ4OTI3YjliY2MxMTIwYTk1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPwb+jeIlRmpeHWDXDayaNXhiNZT1kWDbsymCsGuhgssPm
wKN/aNE5a4BchRXEw2o6drTF0W2nLU10ll75L74HOi+PlN2ClZ9Mnzva65PjZfMI
cLhMEHajxQ9+AUjaUg59cfarJvJN2rWeSXMOytb0/q/GR5oXqqya3a+vPHg0nC9/
hAPpb3Zqp5/d1NS2v6GXGeDVqSgyeo4t+YqnEIsCl7hTCqdo0gzwhcKbbm8OfygZ
KgQBGV68Q9K1yFo56ogOBlkdRBmrYxuTvBzpChDSbfpbOVD7i86QSmodmJMUsQqK
OOM4cJiYFTsCOXB2ceCJZmeiTzZ+/Q/tUxWP0opbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUT8hYyUHHu5ifen8rp735XHA02CkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RkNjIxMWE4LWVkODMtNGJlNS04ZTc2LWIzZmIxYjkzOTc2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjVmMwDQYJKoZIhvcNAQELBQADggEBAF/jTwMJ5nMBHiHr3EaEHOTTEdtP
f8TnFyezKS/szyDB1daKOHbEb9GqDfgMdlxPskM0ZlSp7lcp82T2mNYjW7fH5+Xe
FlipWNLbL/A/oC1EGZ/VYFMrCMvkZeo9y80+VgMgyg62GsTIhL4yX3teaGb5QDPa
KxNuTfWv5epgBCm/Vf/eBwX+MtFOUEi7IHY0gPSUF7cLN4nUwGXn0ftwlvTmEcYf
ABcPpH3GReRaEToQymDeRukB+GxayJIRcXZt6XjzlQnKfaU/1DEY1yJveCyQONIN
zbg7cIDfSKEtfx9tvE47gWsthXmPfE+spOM5Z8Y2BsBD2lpn5US2XZq/rrQ=
-----END CERTIFICATE-----