Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fda67a2c-53c1-4336-878b-8fa3db6ada95.roa
File:                     fda67a2c-53c1-4336-878b-8fa3db6ada95.roa (raw, json)
Hash identifier:          6suXvb3g8iFIjs9YfR0kuqfFF7Z3vdA+5vAxvzEHtd4=
Subject key identifier:   8C:72:13:21:CA:63:E4:97:36:59:69:DC:DD:46:E1:D0:3E:C6:47:70
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5F981C28A79F345E3E993F315062A0E679DFCB05
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fda67a2c-53c1-4336-878b-8fa3db6ada95.roa
Signing time:             Wed 15 Oct 2025 15:21:24 +0000
ROA not before:           Wed 15 Oct 2025 15:21:24 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.86.82.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:98:1c:28:a7:9f:34:5e:3e:99:3f:31:50:62:a0:e6:79:df:cb:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 15 15:21:24 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=3fb94b365ea6808311d2d9b1728b6f5c4df77d3e74260e37eda8bb40b2b00107, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:45:a5:60:0c:9a:25:7f:6d:16:9b:03:09:46:
                    50:d1:55:d5:92:69:7d:61:23:fb:38:13:4b:2c:26:
                    d9:ed:b2:93:05:81:94:f7:d9:a4:1d:8f:c2:65:c1:
                    c4:7e:2e:b9:5c:8d:07:e7:4a:94:a1:26:23:6f:f4:
                    21:6f:ed:7c:03:10:e6:a8:f2:ab:46:c3:83:b7:c8:
                    42:6d:60:e0:61:34:f2:c4:a6:da:02:72:29:17:d1:
                    ea:b4:bd:f7:67:f0:71:a3:18:47:e1:54:77:61:3e:
                    43:13:68:8b:c6:6b:79:a5:67:a3:dd:53:55:89:2a:
                    9f:33:b0:9a:86:9a:93:54:a1:a0:75:a1:f1:af:1e:
                    b3:e5:29:4a:c9:e9:27:19:e6:f7:75:40:69:74:96:
                    62:52:0f:0d:43:a4:1b:1c:ce:6a:06:48:ac:99:2f:
                    1a:11:bc:75:15:35:a8:9d:1a:36:db:c2:7e:e8:86:
                    27:aa:54:57:99:98:66:d4:35:f0:9f:60:1d:7c:76:
                    1c:e5:c6:7b:15:84:b7:1d:ee:98:39:4b:42:62:2b:
                    56:ff:c4:5a:b3:d3:9e:54:f1:e7:9b:92:38:24:ad:
                    36:57:f8:65:81:a3:1f:7e:7e:a8:c8:c6:50:f2:58:
                    2e:3c:e9:19:1b:6d:8c:c9:2a:2a:a1:cb:26:46:60:
                    d0:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:72:13:21:CA:63:E4:97:36:59:69:DC:DD:46:E1:D0:3E:C6:47:70
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fda67a2c-53c1-4336-878b-8fa3db6ada95.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.86.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:6f:32:23:16:fa:16:eb:8e:bf:ef:32:a2:2b:12:d0:ba:9e:
         7c:b3:e3:d7:dd:8d:d6:bc:16:e1:fc:d5:24:e3:69:8c:f7:15:
         b3:a0:72:fe:32:8d:77:b2:60:b7:d5:a8:74:e3:8f:96:6b:08:
         d3:5c:44:41:81:6e:72:80:2b:64:86:1d:cd:86:ae:37:dc:eb:
         17:55:7d:05:21:fa:60:b7:8b:d6:c7:94:d6:51:0f:05:0a:85:
         76:26:b7:3b:0a:ba:ca:90:19:c4:c1:c8:74:43:2c:b3:7d:ba:
         f9:88:e9:64:30:9c:0e:69:0c:53:56:cf:06:b0:4f:f5:b8:53:
         e4:3a:01:86:80:6b:d8:90:f2:7f:ea:0f:e5:a4:8c:1e:94:bb:
         37:fa:0f:eb:b3:8a:5d:d1:20:64:93:62:35:24:fb:22:55:38:
         2a:65:62:ad:c4:16:6d:1f:96:20:55:15:36:5d:00:7f:ee:6d:
         f7:e1:e7:c0:ea:16:dd:da:59:a5:71:1b:6d:89:cb:57:c0:45:
         e4:71:e1:4c:c5:9e:18:06:bd:12:5a:a0:8e:08:c0:71:e9:fd:
         c1:2f:ea:5b:85:07:15:0b:17:fc:00:6a:a9:7e:18:b1:81:4e:
         8f:59:42:ec:68:de:3a:d9:4d:06:54:1d:29:90:55:df:32:8a:
         5e:eb:00:e2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUX5gcKKefNF4+mT8xUGKg5nnfywUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE1MTUyMTI0WhcNMjUxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZmI5NGIzNjVlYTY4MDgzMTFkMmQ5YjE3MjhiNmY1YzRk
Zjc3ZDNlNzQyNjBlMzdlZGE4YmI0MGIyYjAwMTA3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvRaVgDJolf20WmwMJRlDRVdWSaX1hI/s4E0ssJtntspMF
gZT32aQdj8JlwcR+LrlcjQfnSpShJiNv9CFv7XwDEOao8qtGw4O3yEJtYOBhNPLE
ptoCcikX0eq0vfdn8HGjGEfhVHdhPkMTaIvGa3mlZ6PdU1WJKp8zsJqGmpNUoaB1
ofGvHrPlKUrJ6ScZ5vd1QGl0lmJSDw1DpBsczmoGSKyZLxoRvHUVNaidGjbbwn7o
hieqVFeZmGbUNfCfYB18dhzlxnsVhLcd7pg5S0JiK1b/xFqz055U8eebkjgkrTZX
+GWBox9+fqjIxlDyWC486RkbbYzJKiqhyyZGYNAVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjHITIcpj5Jc2WWnc3Ubh0D7GR3AwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZkYTY3YTJjLTUzYzEtNDMzNi04NzhiLThmYTNkYjZhZGE5NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFjVlIwDQYJKoZIhvcNAQELBQADggEBAJ5vMiMW+hbrjr/vMqIrEtC6nnyz
49fdjda8FuH81STjaYz3FbOgcv4yjXeyYLfVqHTjj5ZrCNNcREGBbnKAK2SGHc2G
rjfc6xdVfQUh+mC3i9bHlNZRDwUKhXYmtzsKusqQGcTByHRDLLN9uvmI6WQwnA5p
DFNWzwawT/W4U+Q6AYaAa9iQ8n/qD+WkjB6Uuzf6D+uzil3RIGSTYjUk+yJVOCpl
Yq3EFm0fliBVFTZdAH/ubffh58DqFt3aWaVxG22Jy1fAReRx4UzFnhgGvRJaoI4I
wHHp/cEv6luFBxULF/wAaql+GLGBTo9ZQuxo3jrZTQZUHSmQVd8yil7rAOI=
-----END CERTIFICATE-----