Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/eb8d32ec-5a74-4c73-98b1-05d628ee468a.roa
File:                     eb8d32ec-5a74-4c73-98b1-05d628ee468a.roa (raw, json)
Hash identifier:          2VlxeruhJTNsQLl7DJG+xM/g4dN3cfZqIPb2/kzGPj8=
Subject key identifier:   AA:88:31:52:DC:31:75:AD:36:E2:C6:7F:84:DA:B8:7D:6E:B0:7D:6E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       35DDB7E79E97447340047E35FEF7D0273FEC727D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/eb8d32ec-5a74-4c73-98b1-05d628ee468a.roa
Signing time:             Wed 15 Oct 2025 15:42:09 +0000
ROA not before:           Wed 15 Oct 2025 15:42:09 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.86.198.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:dd:b7:e7:9e:97:44:73:40:04:7e:35:fe:f7:d0:27:3f:ec:72:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 15 15:42:09 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=19d77e682d52354b5b699898be020f27a7f73fc18d074451d405311e4ac5f2a6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:da:78:f3:5e:96:e8:9d:78:67:bc:ec:83:39:
                    51:40:a7:fa:26:15:be:69:21:e5:fc:5c:39:1f:72:
                    c9:de:9e:30:23:2b:c9:e1:1b:e6:b4:5d:fc:58:94:
                    b9:0e:0d:42:c6:f3:38:07:89:5c:3d:8c:04:ac:93:
                    60:4f:72:30:85:31:97:26:ad:9b:b3:86:26:33:aa:
                    d5:fa:da:cc:6e:cc:49:d8:cd:83:e2:8f:3b:c4:e7:
                    84:a3:7f:99:35:3f:34:01:bf:56:0c:1e:42:a9:73:
                    27:bd:35:87:f4:c4:61:b3:f7:92:6a:c6:9c:da:4b:
                    0b:7e:28:21:01:5b:9f:86:31:3f:3c:94:93:8d:eb:
                    1b:0b:bc:70:8d:9f:b9:1f:15:a3:0c:50:0c:12:1c:
                    73:4c:60:a4:04:7c:f0:95:81:98:10:5b:66:69:2b:
                    a7:fa:4b:8d:82:f4:c4:59:25:89:be:c3:77:c5:60:
                    7f:8a:d4:3f:df:86:c6:ba:30:97:6b:d0:b5:95:63:
                    98:4c:90:db:ee:6f:9e:16:7f:0b:e8:8a:f0:97:ca:
                    f5:89:61:90:9b:dd:f3:11:bd:95:30:5a:72:c6:ab:
                    16:af:50:97:ad:39:b9:0c:41:6d:30:f9:22:0f:51:
                    92:71:a2:e4:dd:c3:99:33:fb:6e:2b:25:36:5d:70:
                    83:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:88:31:52:DC:31:75:AD:36:E2:C6:7F:84:DA:B8:7D:6E:B0:7D:6E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/eb8d32ec-5a74-4c73-98b1-05d628ee468a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.86.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:f6:e4:37:40:6d:3a:bf:8c:b5:5e:02:2b:18:ee:51:a5:6a:
         fc:58:23:5e:52:a6:73:4f:07:ec:db:2b:24:0f:bd:ae:1b:fa:
         c1:0a:42:b4:b0:b3:5b:d4:79:22:76:be:8a:16:b0:2c:91:96:
         f0:3f:be:74:37:ee:8c:e0:93:18:eb:c6:8b:dc:25:77:77:2a:
         38:f4:10:6f:7e:ee:15:b0:07:13:06:5b:fd:1c:d4:3b:71:97:
         04:a4:f2:56:e8:98:48:fb:b4:4e:3a:54:95:ea:9a:e8:b4:55:
         4a:91:4c:05:bc:3e:9c:4f:65:6d:af:98:c6:05:92:f6:14:8d:
         af:c6:b8:30:22:4c:e9:84:49:6d:77:2c:df:62:0e:33:74:89:
         0e:94:57:d9:63:d2:3a:ff:c6:8c:cc:26:04:1f:23:43:15:85:
         f7:9a:ae:06:de:bd:f7:64:65:86:23:dc:fc:bf:8c:9c:03:24:
         e5:84:ad:ec:2c:66:77:1b:b7:41:44:da:9c:5e:4e:29:79:b0:
         c2:19:6d:fe:dc:3b:de:28:99:49:3f:cf:0f:5e:28:be:49:65:
         54:09:3f:bf:c5:37:6e:a5:b2:04:0a:98:d0:81:02:35:f4:fc:
         9b:6d:59:8a:c8:c4:4d:66:82:3f:c9:91:16:64:ba:f9:40:1c:
         41:50:43:d9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNd23556XRHNABH41/vfQJz/scn0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE1MTU0MjA5WhcNMjUxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AxOWQ3N2U2ODJkNTIzNTRiNWI2OTk4OThiZTAyMGYyN2E3
ZjczZmMxOGQwNzQ0NTFkNDA1MzExZTRhYzVmMmE2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCw2njzXpbonXhnvOyDOVFAp/omFb5pIeX8XDkfcsnenjAj
K8nhG+a0XfxYlLkODULG8zgHiVw9jASsk2BPcjCFMZcmrZuzhiYzqtX62sxuzEnY
zYPijzvE54Sjf5k1PzQBv1YMHkKpcye9NYf0xGGz95JqxpzaSwt+KCEBW5+GMT88
lJON6xsLvHCNn7kfFaMMUAwSHHNMYKQEfPCVgZgQW2ZpK6f6S42C9MRZJYm+w3fF
YH+K1D/fhsa6MJdr0LWVY5hMkNvub54WfwvoivCXyvWJYZCb3fMRvZUwWnLGqxav
UJetObkMQW0w+SIPUZJxouTdw5kz+24rJTZdcINrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqogxUtwxda024sZ/hNq4fW6wfW4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ViOGQzMmVjLTVhNzQtNGM3My05OGIxLTA1ZDYyOGVlNDY4YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFjVsYwDQYJKoZIhvcNAQELBQADggEBAG325DdAbTq/jLVeAisY7lGlavxY
I15SpnNPB+zbKyQPva4b+sEKQrSws1vUeSJ2vooWsCyRlvA/vnQ37ozgkxjrxovc
JXd3Kjj0EG9+7hWwBxMGW/0c1DtxlwSk8lbomEj7tE46VJXqmui0VUqRTAW8PpxP
ZW2vmMYFkvYUja/GuDAiTOmESW13LN9iDjN0iQ6UV9lj0jr/xozMJgQfI0MVhfea
rgbevfdkZYYj3Py/jJwDJOWErewsZncbt0FE2pxeTil5sMIZbf7cO94omUk/zw9e
KL5JZVQJP7/FN26lsgQKmNCBAjX0/JttWYrIxE1mgj/JkRZkuvlAHEFQQ9k=
-----END CERTIFICATE-----