Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e7b728bf-7c20-4fa9-8666-17e8385f9669.roa
File:                     e7b728bf-7c20-4fa9-8666-17e8385f9669.roa (raw, json)
Hash identifier:          P7kJXQ6VOHzr2Rwy/2yKDp2Kb+k6aSqnndBFrQrOp+I=
Subject key identifier:   36:17:5A:A0:EA:35:13:7D:35:76:46:C7:9C:9D:C2:A7:2D:15:42:AD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2FDE5A52DBDB4F1B3CF42477ED8FE0AAB6A1779D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e7b728bf-7c20-4fa9-8666-17e8385f9669.roa
Signing time:             Tue 14 Oct 2025 18:52:38 +0000
ROA not before:           Tue 14 Oct 2025 18:52:38 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.84.250.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:de:5a:52:db:db:4f:1b:3c:f4:24:77:ed:8f:e0:aa:b6:a1:77:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 18:52:38 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=d4d91aee106bc29a75b707ec5b4968cff231962516ecfc466322164c0c8dc7c5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:48:da:e1:64:37:e0:09:95:0c:a1:6a:ca:19:
                    fb:fc:26:91:76:2b:57:55:a1:1c:55:51:5e:45:d6:
                    60:28:50:46:bc:04:ee:b4:8b:bd:57:22:56:27:f9:
                    16:9c:5d:62:3f:bf:73:22:64:46:aa:32:5e:80:c3:
                    52:74:a2:6e:db:3c:f8:a8:52:72:ce:99:c5:2d:8c:
                    5b:ab:b1:4d:35:91:39:23:e3:da:b5:70:af:ad:1b:
                    50:16:d5:70:22:35:99:92:10:3e:cf:71:62:5e:89:
                    41:89:a7:64:aa:1b:dc:73:5a:1a:d3:9f:75:ec:9e:
                    15:b2:08:f9:74:c3:f5:37:b6:06:31:5b:61:fa:e2:
                    7f:65:00:d8:55:d1:b0:21:84:b5:c6:9e:16:5f:e4:
                    65:3b:52:e9:15:0b:6e:c4:8a:a5:88:2b:06:b5:76:
                    ae:ed:c2:ed:d6:5a:24:5f:a3:c5:51:af:3c:93:03:
                    e0:f3:05:43:a2:fa:90:8d:42:97:18:57:92:c5:a0:
                    e9:62:8c:51:ae:04:38:07:82:30:fd:6c:01:fd:a1:
                    7d:54:0f:57:01:dc:bc:9e:56:cf:a6:12:60:1c:aa:
                    fc:8f:38:99:e9:3a:8b:16:23:2c:0d:8b:76:94:ee:
                    46:2a:3d:0b:0a:8d:ab:21:0a:1a:ec:27:5a:47:99:
                    24:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:17:5A:A0:EA:35:13:7D:35:76:46:C7:9C:9D:C2:A7:2D:15:42:AD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e7b728bf-7c20-4fa9-8666-17e8385f9669.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.84.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:06:fe:74:39:66:0d:c9:76:b0:60:8f:43:82:c0:45:ea:ba:
         d7:3c:12:8e:b8:ee:b5:14:bb:88:0e:d9:22:c4:a7:c5:af:4c:
         de:a0:3d:87:ad:82:a5:f0:2b:1f:f2:cb:9e:16:23:9a:43:7c:
         a9:d1:04:70:ad:f8:83:7f:e4:48:18:63:09:d1:71:21:f1:d9:
         fa:f6:7d:36:13:e9:7a:b6:13:f1:73:9a:ab:a2:24:a0:d4:8c:
         d9:d6:9c:24:9d:4a:ef:2a:14:b0:79:e2:2a:62:57:52:fb:1f:
         19:e5:a6:28:4b:c3:36:46:87:34:84:3f:e5:00:e2:49:08:1e:
         a8:23:c3:1e:91:0c:d4:70:54:37:08:12:cc:d3:ef:f7:52:e3:
         ea:09:55:de:d7:a0:d9:4d:94:62:27:51:9e:b5:b4:99:f2:0e:
         26:db:9c:2c:17:68:ef:bd:2d:a4:05:52:5a:69:99:49:96:d7:
         7c:1c:b0:b2:39:18:12:30:a9:5a:d9:66:da:d6:78:e8:4d:8e:
         5a:8e:ec:c8:9a:06:a4:37:83:77:0e:04:69:3b:35:41:13:e3:
         59:a7:e7:48:16:03:5e:25:85:0f:b1:f0:e5:49:d3:c5:57:9d:
         cc:fd:2a:42:bf:34:ba:6d:10:db:f5:3b:0e:fa:dc:29:e8:88:
         1e:f5:15:58
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL95aUtvbTxs89CR37Y/gqrahd50wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MTg1MjM4WhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNGQ5MWFlZTEwNmJjMjlhNzViNzA3ZWM1YjQ5NjhjZmYy
MzE5NjI1MTZlY2ZjNDY2MzIyMTY0YzBjOGRjN2M1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSSNrhZDfgCZUMoWrKGfv8JpF2K1dVoRxVUV5F1mAoUEa8
BO60i71XIlYn+RacXWI/v3MiZEaqMl6Aw1J0om7bPPioUnLOmcUtjFursU01kTkj
49q1cK+tG1AW1XAiNZmSED7PcWJeiUGJp2SqG9xzWhrTn3XsnhWyCPl0w/U3tgYx
W2H64n9lANhV0bAhhLXGnhZf5GU7UukVC27EiqWIKwa1dq7twu3WWiRfo8VRrzyT
A+DzBUOi+pCNQpcYV5LFoOlijFGuBDgHgjD9bAH9oX1UD1cB3LyeVs+mEmAcqvyP
OJnpOosWIywNi3aU7kYqPQsKjashChrsJ1pHmSTnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNhdaoOo1E301dkbHnJ3Cpy0VQq0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U3YjcyOGJmLTdjMjAtNGZhOS04NjY2LTE3ZTgzODVmOTY2OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjVPowDQYJKoZIhvcNAQELBQADggEBAEYG/nQ5Zg3JdrBgj0OCwEXqutc8
Eo647rUUu4gO2SLEp8WvTN6gPYetgqXwKx/yy54WI5pDfKnRBHCt+IN/5EgYYwnR
cSHx2fr2fTYT6Xq2E/FzmquiJKDUjNnWnCSdSu8qFLB54ipiV1L7HxnlpihLwzZG
hzSEP+UA4kkIHqgjwx6RDNRwVDcIEszT7/dS4+oJVd7XoNlNlGInUZ61tJnyDibb
nCwXaO+9LaQFUlppmUmW13wcsLI5GBIwqVrZZtrWeOhNjlqO7MiaBqQ3g3cOBGk7
NUET41mn50gWA14lhQ+x8OVJ08VXncz9KkK/NLptENv1Ow763CnoiB71FVg=
-----END CERTIFICATE-----