Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e0c7a140-88ed-46b0-8357-a2421533064b.roa
File:                     e0c7a140-88ed-46b0-8357-a2421533064b.roa (raw, json)
Hash identifier:          nmApq5gb3t/qVT6VgKyrgHXxgKuAmI9pndexFMKvnJ8=
Subject key identifier:   4F:1E:4C:5B:32:F9:89:3B:58:00:FF:90:76:B5:84:4E:E4:AB:9F:4F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       440AAB5DD30092C8C888965A38FBB434189EC8A0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e0c7a140-88ed-46b0-8357-a2421533064b.roa
Signing time:             Tue 14 Oct 2025 22:40:26 +0000
ROA not before:           Tue 14 Oct 2025 22:40:26 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.84.80.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:0a:ab:5d:d3:00:92:c8:c8:88:96:5a:38:fb:b4:34:18:9e:c8:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 22:40:26 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=91dab16eed794b02ca9f95b52622353345a7568bc69da98bbd761d8f2d1d9940, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:b3:f4:3d:36:f2:04:ea:fd:4d:15:ba:74:6f:
                    ad:20:d2:cf:1d:a6:ce:82:c0:28:96:bf:1e:87:23:
                    d6:78:67:30:ca:34:6d:f9:08:f8:2b:71:bf:ec:5f:
                    5c:77:49:bf:38:6e:51:00:03:bf:74:90:d9:1c:2c:
                    46:09:8f:f7:44:89:c0:88:a8:46:dc:7c:4c:f6:8f:
                    19:0a:91:88:f0:d9:29:82:70:56:80:cb:2a:cb:77:
                    ac:77:36:f1:38:83:eb:d2:61:65:d8:99:12:43:ad:
                    ae:27:8c:fb:5d:c0:b3:62:ea:72:c9:b2:cc:af:f3:
                    10:99:ca:c9:9d:a1:88:e4:30:7b:a8:8d:51:9e:66:
                    3a:3a:7e:7b:28:f0:a0:72:64:12:cf:7a:c8:7a:02:
                    ed:1e:bd:c1:82:dd:ad:7c:02:0d:78:e6:e1:e4:01:
                    62:c2:b7:65:48:4b:f6:d1:b7:65:7f:dd:fb:b3:33:
                    2b:07:5d:f8:5e:86:9c:be:e8:fd:90:b4:85:b0:9d:
                    20:89:cd:bc:52:9a:fc:b2:01:2b:7d:51:46:39:09:
                    0a:44:d6:57:d2:13:d3:20:9f:2c:3e:78:e9:51:00:
                    c7:90:16:00:55:b4:a4:0f:94:67:22:61:22:76:7d:
                    5c:ca:39:c6:1e:dd:63:e1:10:7f:e1:59:d1:a2:c5:
                    36:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:1E:4C:5B:32:F9:89:3B:58:00:FF:90:76:B5:84:4E:E4:AB:9F:4F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e0c7a140-88ed-46b0-8357-a2421533064b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.84.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2c:4b:3f:6e:90:d8:96:8c:da:60:cf:1e:d7:98:37:81:ab:9b:
         16:81:ac:27:6f:0f:1e:08:3e:90:d2:af:0b:80:15:a5:44:a0:
         6b:19:8b:65:eb:17:20:cc:f7:bd:27:24:89:03:b4:e0:43:29:
         3e:5c:ae:b2:83:97:28:c3:c0:cd:98:f5:2f:2a:65:e7:2f:38:
         61:dd:21:c3:8e:31:96:93:82:46:e4:f8:5b:a6:ff:bb:fa:25:
         0c:6f:21:7f:d0:58:c2:cd:45:b0:05:49:9c:a3:7b:fa:32:22:
         3e:76:06:3e:12:8b:2a:74:f4:52:93:6a:a7:ee:01:65:f2:c7:
         d0:5b:de:4c:f3:29:e0:67:e5:be:8c:26:c1:be:01:96:d7:ef:
         67:5d:36:f5:b0:54:e0:bd:88:1e:c8:46:1e:03:33:df:fc:35:
         92:68:34:91:84:fd:b9:6f:a6:9f:a7:03:80:5a:61:e6:76:65:
         bb:d0:da:ce:c2:58:6b:95:f3:f2:2a:3f:92:75:3a:48:b0:a8:
         4a:5e:67:04:b6:24:40:b7:9b:82:f0:f2:1b:b8:c5:df:40:05:
         65:77:6f:66:c0:47:af:fb:04:84:ab:08:a5:9e:ec:c5:d6:66:
         40:79:38:03:c8:8c:a5:4d:b0:02:f2:e3:23:43:65:66:20:96:
         68:f5:0a:25
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURAqrXdMAksjIiJZaOPu0NBieyKAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MjI0MDI2WhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MWRhYjE2ZWVkNzk0YjAyY2E5Zjk1YjUyNjIyMzUzMzQ1
YTc1NjhiYzY5ZGE5OGJiZDc2MWQ4ZjJkMWQ5OTQwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNs/Q9NvIE6v1NFbp0b60g0s8dps6CwCiWvx6HI9Z4ZzDK
NG35CPgrcb/sX1x3Sb84blEAA790kNkcLEYJj/dEicCIqEbcfEz2jxkKkYjw2SmC
cFaAyyrLd6x3NvE4g+vSYWXYmRJDra4njPtdwLNi6nLJssyv8xCZysmdoYjkMHuo
jVGeZjo6fnso8KByZBLPesh6Au0evcGC3a18Ag145uHkAWLCt2VIS/bRt2V/3fuz
MysHXfhehpy+6P2QtIWwnSCJzbxSmvyyASt9UUY5CQpE1lfSE9Mgnyw+eOlRAMeQ
FgBVtKQPlGciYSJ2fVzKOcYe3WPhEH/hWdGixTarAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTx5MWzL5iTtYAP+QdrWETuSrn08wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UwYzdhMTQwLTg4ZWQtNDZiMC04MzU3LWEyNDIxNTMzMDY0Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjVFAwDQYJKoZIhvcNAQELBQADggEBACxLP26Q2JaM2mDPHteYN4GrmxaB
rCdvDx4IPpDSrwuAFaVEoGsZi2XrFyDM970nJIkDtOBDKT5crrKDlyjDwM2Y9S8q
ZecvOGHdIcOOMZaTgkbk+Fum/7v6JQxvIX/QWMLNRbAFSZyje/oyIj52Bj4Siyp0
9FKTaqfuAWXyx9Bb3kzzKeBn5b6MJsG+AZbX72ddNvWwVOC9iB7IRh4DM9/8NZJo
NJGE/blvpp+nA4BaYeZ2ZbvQ2s7CWGuV8/IqP5J1OkiwqEpeZwS2JEC3m4Lw8hu4
xd9ABWV3b2bAR6/7BISrCKWe7MXWZkB5OAPIjKVNsALy4yNDZWYglmj1CiU=
-----END CERTIFICATE-----