Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/efe3a0c3-5fea-4005-a4d8-258985560c57.roa
File:                     efe3a0c3-5fea-4005-a4d8-258985560c57.roa (raw, json)
Hash identifier:          GnrIp9+X38DKp0mI2FTmdWMxLm+ZIgqFptw+Ew0Z+Mw=
Subject key identifier:   D2:39:BA:3D:91:A9:67:82:65:F2:17:98:DB:B0:2A:65:0E:3F:A8:41
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       25B07B061B98A65E87F005D9AC23EA1B710A12CA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/efe3a0c3-5fea-4005-a4d8-258985560c57.roa
Signing time:             Tue 14 Oct 2025 22:39:03 +0000
ROA not before:           Tue 14 Oct 2025 22:39:03 +0000
ROA not after:            Tue 18 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.84.32.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:b0:7b:06:1b:98:a6:5e:87:f0:05:d9:ac:23:ea:1b:71:0a:12:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 14 22:39:03 2025 GMT
            Not After : Nov 18 23:59:59 2025 GMT
        Subject: serialNumber=8a5f7514afefb6e647d9d1acc3ac4a7b0abb848be9f68ab7c365a8bc5687d6bf, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:86:8a:1c:1b:51:2d:f4:39:b5:cd:73:84:2a:
                    a9:bf:0a:94:e1:5e:39:95:af:1f:f2:bb:21:de:83:
                    7e:91:38:3f:3c:b6:e9:5d:ca:36:7a:c4:a1:4d:ef:
                    c6:4b:13:e8:65:e2:f5:6d:19:a2:8b:db:16:4d:67:
                    d2:df:ee:ac:fa:0c:b0:8e:bc:e9:cb:de:85:52:93:
                    6a:54:e4:58:c5:37:e5:38:04:d1:6e:cc:aa:f4:d8:
                    31:0a:7f:ec:62:40:fa:3a:37:3c:3c:8f:8a:6c:4b:
                    c9:c0:95:01:57:8e:73:a3:ee:70:67:c3:19:14:93:
                    7a:01:b9:8c:3e:17:d2:6c:bc:08:63:e8:42:bf:d1:
                    f8:a0:c1:dc:1e:a5:30:55:99:70:b9:7f:53:bb:f9:
                    32:1c:e9:ba:74:3a:0e:41:02:25:8c:2d:71:bd:e5:
                    b7:fa:a5:0d:8d:2a:d8:c9:3b:e0:e0:02:48:4f:30:
                    16:59:f8:9c:ea:15:97:79:f8:c8:7f:2d:d0:ad:97:
                    6e:64:63:c8:72:84:87:c6:31:bf:81:6f:e7:e7:4f:
                    ee:8c:88:60:be:cc:25:10:6d:c5:49:92:be:fe:d2:
                    74:42:2a:09:ed:67:56:8a:71:5f:a3:54:f5:11:ba:
                    d6:53:bb:44:99:d4:47:6e:51:89:e8:d0:c2:9e:33:
                    c4:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:39:BA:3D:91:A9:67:82:65:F2:17:98:DB:B0:2A:65:0E:3F:A8:41
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/efe3a0c3-5fea-4005-a4d8-258985560c57.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.84.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         10:19:87:bd:9f:3f:14:52:a1:53:95:59:b6:e1:d2:12:a4:fa:
         05:14:23:77:7a:67:8d:0b:10:59:e2:ce:06:54:ba:68:0d:ed:
         63:c9:fe:53:78:6a:e4:49:e0:6c:56:78:c3:be:2c:f8:d1:ca:
         b0:7a:db:7f:24:dd:87:3c:1f:f0:1c:33:80:1b:16:46:61:62:
         ab:83:40:ec:ec:1b:91:4d:ab:e8:f6:c6:e6:6a:be:00:bd:63:
         f1:ab:41:45:bb:97:15:2a:3d:3e:d9:7c:16:17:1d:6d:1a:99:
         35:10:68:f0:f7:cd:5c:b0:69:3c:52:b4:47:e3:33:29:fd:4e:
         42:05:2b:c7:c1:8d:c8:6f:df:81:fd:39:26:3d:e4:bc:17:ba:
         53:aa:4f:e3:22:27:0f:91:ee:20:b3:09:29:87:0c:ab:ad:3d:
         c8:0f:ac:f6:a7:83:9a:a7:b3:2c:03:ec:81:12:8d:69:97:9d:
         be:60:7b:9d:04:78:e1:cf:e0:53:5c:32:2c:ed:d8:c3:f3:83:
         4e:91:db:de:8e:df:8d:c9:9a:3e:0d:5b:15:9f:91:55:db:43:
         bc:2e:81:d9:e0:4d:2a:19:b9:a0:7e:d2:77:c8:e5:02:95:13:
         bb:c1:27:d8:f9:ac:cb:f6:cd:ed:76:52:1d:cd:e8:fb:6f:90:
         a6:ea:63:56
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJbB7BhuYpl6H8AXZrCPqG3EKEsowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE0MjIzOTAzWhcNMjUxMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YTVmNzUxNGFmZWZiNmU2NDdkOWQxYWNjM2FjNGE3YjBh
YmI4NDhiZTlmNjhhYjdjMzY1YThiYzU2ODdkNmJmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCghoocG1Et9Dm1zXOEKqm/CpThXjmVrx/yuyHeg36ROD88
tuldyjZ6xKFN78ZLE+hl4vVtGaKL2xZNZ9Lf7qz6DLCOvOnL3oVSk2pU5FjFN+U4
BNFuzKr02DEKf+xiQPo6Nzw8j4psS8nAlQFXjnOj7nBnwxkUk3oBuYw+F9JsvAhj
6EK/0figwdwepTBVmXC5f1O7+TIc6bp0Og5BAiWMLXG95bf6pQ2NKtjJO+DgAkhP
MBZZ+JzqFZd5+Mh/LdCtl25kY8hyhIfGMb+Bb+fnT+6MiGC+zCUQbcVJkr7+0nRC
KgntZ1aKcV+jVPURutZTu0SZ1EduUYno0MKeM8QrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0jm6PZGpZ4Jl8heY27AqZQ4/qEEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VmZTNhMGMzLTVmZWEtNDAwNS1hNGQ4LTI1ODk4NTU2MGM1Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARjVCAwDQYJKoZIhvcNAQELBQADggEBABAZh72fPxRSoVOVWbbh0hKk+gUU
I3d6Z40LEFnizgZUumgN7WPJ/lN4auRJ4GxWeMO+LPjRyrB6238k3Yc8H/AcM4Ab
FkZhYquDQOzsG5FNq+j2xuZqvgC9Y/GrQUW7lxUqPT7ZfBYXHW0amTUQaPD3zVyw
aTxStEfjMyn9TkIFK8fBjchv34H9OSY95LwXulOqT+MiJw+R7iCzCSmHDKutPcgP
rPang5qnsywD7IESjWmXnb5ge50EeOHP4FNcMizt2MPzg06R296O343Jmj4NWxWf
kVXbQ7wugdngTSoZuaB+0nfI5QKVE7vBJ9j5rMv2ze12Uh3N6PtvkKbqY1Y=
-----END CERTIFICATE-----