Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/00cbf30e-db75-4c8f-938b-1007226dec9b.roa
File:                     00cbf30e-db75-4c8f-938b-1007226dec9b.roa (raw, json)
Hash identifier:          dLxlV6R8J8MeGDOllCVv8TgWp0qmtwXAVWfweO8YyiU=
Subject key identifier:   0A:F2:C7:12:5A:63:39:12:53:F5:7D:1F:DF:3C:E2:B1:AE:76:CD:27
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4ECC3A109FF8AD58F3B29FED50291DEE11CA77F2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/00cbf30e-db75-4c8f-938b-1007226dec9b.roa
Signing time:             Tue 28 Oct 2025 00:51:34 +0000
ROA not before:           Tue 28 Oct 2025 00:51:34 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.128.0/17 maxlen: 17
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:cc:3a:10:9f:f8:ad:58:f3:b2:9f:ed:50:29:1d:ee:11:ca:77:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:51:34 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=ba6ccd2e53037231c6a5977a6c6c6a032e5f4ad8edef9958ee9496948f1c81fc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e1:e3:43:d6:4f:9a:d8:76:88:ff:76:48:fe:
                    35:0f:60:6f:a9:08:17:99:dd:e1:ad:6d:fb:cb:24:
                    fb:db:c2:8e:d1:82:a7:bf:2f:2b:9c:af:11:24:58:
                    65:b6:dc:9f:8f:d9:fd:44:69:80:a7:80:72:56:fa:
                    f1:f6:cd:f7:a1:44:fe:f7:a7:82:07:02:21:38:fd:
                    14:fc:3f:b7:af:08:f1:c2:ff:a9:e6:e3:0f:b8:20:
                    e1:3d:21:22:db:b6:cc:46:23:7c:f9:78:91:3e:c9:
                    51:c1:dd:92:d0:a4:35:2f:cd:d1:6d:0c:41:82:c8:
                    c2:37:80:24:d6:7e:29:e0:cc:05:23:cf:75:7d:85:
                    4d:cc:8d:9b:c1:c7:5a:ab:f0:54:ef:6f:6f:89:cc:
                    bd:09:af:bb:3c:f1:55:9c:24:30:91:0e:66:3d:a2:
                    79:9a:4b:7d:82:eb:88:42:55:ec:54:58:b3:6c:ea:
                    f1:4f:2c:8b:59:88:f5:3f:17:fa:d6:b6:2b:e1:18:
                    3b:70:30:25:11:0c:46:16:2c:06:6d:8f:f5:3f:49:
                    0e:28:cc:ce:9c:d6:4a:ec:da:5e:c3:49:13:27:16:
                    b2:c9:9a:6d:ed:25:c4:56:86:1c:97:62:55:4a:d9:
                    f0:f7:60:77:2a:c4:00:2a:65:2a:3e:0d:ce:e7:c3:
                    47:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:F2:C7:12:5A:63:39:12:53:F5:7D:1F:DF:3C:E2:B1:AE:76:CD:27
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/00cbf30e-db75-4c8f-938b-1007226dec9b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         c2:26:67:7c:28:3a:5a:aa:0f:b8:64:de:1c:9a:d7:44:fa:3c:
         4d:e6:22:01:81:c4:1e:00:f4:66:19:5e:10:e7:c0:9d:f3:f7:
         9c:da:3f:30:c9:2a:26:7d:40:37:d8:32:a3:a1:ff:82:0d:a6:
         0d:f1:29:6b:60:33:32:7c:30:a3:bf:48:d6:d6:a1:00:a2:36:
         57:21:9b:a9:f5:ac:89:be:ba:8c:90:b9:8e:33:75:55:d2:60:
         4d:1c:5d:95:c9:80:97:a4:a3:b8:62:8d:37:0d:46:1a:d6:15:
         d5:53:f2:ae:ed:14:38:51:47:3a:75:6d:70:d7:9f:24:ce:1d:
         d1:4d:ae:ae:aa:12:06:b4:a9:8c:a5:bb:82:a6:7a:8e:95:a9:
         ed:81:e6:e9:67:7b:6e:ea:1f:c8:3a:03:00:d5:b5:09:7b:9c:
         82:d7:01:bd:ca:39:5e:d9:48:59:0c:e6:2d:7f:32:0b:87:1a:
         28:cf:80:ee:69:1b:83:5f:a1:41:ec:bb:f6:2a:07:b7:bc:5a:
         5e:f8:78:57:ae:43:d9:af:06:a6:13:b2:2f:59:d5:50:a2:9c:
         63:d2:f3:46:86:3e:2d:d3:9e:69:fd:e2:1a:58:1d:c2:76:74:
         26:1f:15:e7:ef:eb:b1:3f:f5:4c:35:f7:6d:35:9f:78:b5:a4:
         fa:bc:df:cd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTsw6EJ/4rVjzsp/tUCkd7hHKd/IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDA1MTM0WhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BiYTZjY2QyZTUzMDM3MjMxYzZhNTk3N2E2YzZjNmEwMzJl
NWY0YWQ4ZWRlZjk5NThlZTk0OTY5NDhmMWM4MWZjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCm4eND1k+a2HaI/3ZI/jUPYG+pCBeZ3eGtbfvLJPvbwo7R
gqe/LyucrxEkWGW23J+P2f1EaYCngHJW+vH2zfehRP73p4IHAiE4/RT8P7evCPHC
/6nm4w+4IOE9ISLbtsxGI3z5eJE+yVHB3ZLQpDUvzdFtDEGCyMI3gCTWfingzAUj
z3V9hU3MjZvBx1qr8FTvb2+JzL0Jr7s88VWcJDCRDmY9onmaS32C64hCVexUWLNs
6vFPLItZiPU/F/rWtivhGDtwMCURDEYWLAZtj/U/SQ4ozM6c1krs2l7DSRMnFrLJ
mm3tJcRWhhyXYlVK2fD3YHcqxAAqZSo+Dc7nw0d5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCvLHElpjORJT9X0f3zzisa52zScwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAwY2JmMzBlLWRiNzUtNGM4Zi05MzhiLTEwMDcyMjZkZWM5Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdjTYAwDQYJKoZIhvcNAQELBQADggEBAMImZ3woOlqqD7hk3hya10T6PE3m
IgGBxB4A9GYZXhDnwJ3z95zaPzDJKiZ9QDfYMqOh/4INpg3xKWtgMzJ8MKO/SNbW
oQCiNlchm6n1rIm+uoyQuY4zdVXSYE0cXZXJgJeko7hijTcNRhrWFdVT8q7tFDhR
Rzp1bXDXnyTOHdFNrq6qEga0qYylu4Kmeo6Vqe2B5ulne27qH8g6AwDVtQl7nILX
Ab3KOV7ZSFkM5i1/MguHGijPgO5pG4NfoUHsu/YqB7e8Wl74eFeuQ9mvBqYTsi9Z
1VCinGPS80aGPi3Tnmn94hpYHcJ2dCYfFefv67E/9Uw19201n3i1pPq8380=
-----END CERTIFICATE-----