Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0c30ae5a-50c2-4463-b773-79404fc3c67d.roa
File:                     0c30ae5a-50c2-4463-b773-79404fc3c67d.roa (raw, json)
Hash identifier:          WoprKisqVH7FOLsWaqF2iHzpRyVoCSsztt4uwmYpxFs=
Subject key identifier:   F1:1A:39:8A:D2:8F:7B:8A:A8:83:5A:F2:FF:6C:39:C3:2D:BE:C1:B2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       508D143A4601F80D56D9438D18D9A1EB69807275
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0c30ae5a-50c2-4463-b773-79404fc3c67d.roa
Signing time:             Wed 22 Oct 2025 00:00:14 +0000
ROA not before:           Wed 22 Oct 2025 00:00:14 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.150.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:8d:14:3a:46:01:f8:0d:56:d9:43:8d:18:d9:a1:eb:69:80:72:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:00:14 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=6c36a003b689be8c2dfb4b437aed09fc83ff0461d8a2274327904838653c8fbe, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:55:15:88:46:74:ff:2a:f9:d1:c4:38:84:7d:
                    88:97:a5:7e:7a:94:52:fc:09:8e:85:d2:fb:9b:46:
                    73:f6:c4:d7:f3:e1:ff:a8:8f:d6:3e:22:c1:29:a6:
                    bf:92:33:77:4a:c1:ee:ca:c9:5c:78:6d:31:9e:0f:
                    59:cd:91:db:40:59:d4:db:ff:41:51:8a:1e:90:16:
                    6b:ce:c1:73:82:1c:8d:a8:77:ae:61:1d:7b:49:29:
                    2f:f7:b1:15:a0:e9:87:3b:c1:3b:b5:a6:0d:80:e7:
                    ca:a4:92:4c:9c:54:92:50:41:12:d0:38:dc:14:c5:
                    d1:06:c6:ef:10:2d:8f:4a:3b:16:ef:7c:ab:4a:59:
                    a8:94:92:59:7d:bc:da:db:64:45:8a:1c:99:2d:a4:
                    71:93:9f:8e:8a:db:0c:3e:36:55:4e:e8:28:50:d1:
                    e6:86:24:c5:d0:de:a5:ef:77:94:a1:e4:9f:f5:0b:
                    70:4d:fe:95:95:eb:54:c7:8c:fe:82:2f:b2:ea:e9:
                    46:ab:a9:bc:c2:77:0f:8b:73:fc:ee:b3:aa:13:7c:
                    f5:f6:39:7c:7f:5e:a7:25:68:92:5a:52:ec:95:91:
                    55:6f:5e:be:65:33:44:98:06:f0:30:d0:7c:0c:ea:
                    31:fa:47:ec:88:f5:13:3a:18:ec:6b:71:9f:12:86:
                    4a:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:1A:39:8A:D2:8F:7B:8A:A8:83:5A:F2:FF:6C:39:C3:2D:BE:C1:B2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0c30ae5a-50c2-4463-b773-79404fc3c67d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:2f:6e:86:46:b3:90:c1:89:6a:1b:fd:ae:75:6a:03:62:f3:
         ec:3e:7b:5e:e1:71:a2:e6:2e:ad:df:60:83:c1:87:b7:ae:64:
         8a:94:79:79:0b:70:1e:0b:aa:28:ea:d6:30:0a:af:09:9b:f1:
         0c:bf:17:6b:80:8d:e8:e6:42:99:27:cc:81:ec:76:60:6b:2f:
         7f:3a:52:2c:23:6a:18:31:74:1f:6d:89:4b:68:4f:35:4b:07:
         61:3a:6e:13:7f:c3:64:98:43:a8:58:e1:64:74:22:f2:37:aa:
         f7:38:bb:09:ab:bd:ae:56:f7:5d:08:15:e2:72:b7:0d:ad:d6:
         a5:1c:43:d7:27:6b:d6:bf:5d:ad:9f:fc:c7:bb:8c:0d:f8:55:
         43:89:ba:43:fe:b5:68:d3:c3:1e:62:08:a6:fc:1f:cf:23:e1:
         c5:97:63:6c:45:ea:a5:10:14:8a:95:10:e0:9e:65:91:b3:9f:
         1d:9f:da:84:99:fd:ba:c1:b7:45:c7:ae:46:e6:e5:70:54:a6:
         b4:84:ed:8f:da:7b:92:93:2e:7f:75:dc:61:b6:22:64:2b:26:
         34:87:2c:7f:f1:09:21:84:26:ff:18:a8:8f:35:aa:c2:6a:d9:
         78:2e:f2:72:d0:f1:36:ce:99:e4:98:b7:46:64:20:ab:a7:dc:
         84:15:6a:9b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUI0UOkYB+A1W2UONGNmh62mAcnUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAwMDE0WhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A2YzM2YTAwM2I2ODliZThjMmRmYjRiNDM3YWVkMDlmYzgz
ZmYwNDYxZDhhMjI3NDMyNzkwNDgzODY1M2M4ZmJlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3VRWIRnT/KvnRxDiEfYiXpX56lFL8CY6F0vubRnP2xNfz
4f+oj9Y+IsEppr+SM3dKwe7KyVx4bTGeD1nNkdtAWdTb/0FRih6QFmvOwXOCHI2o
d65hHXtJKS/3sRWg6Yc7wTu1pg2A58qkkkycVJJQQRLQONwUxdEGxu8QLY9KOxbv
fKtKWaiUkll9vNrbZEWKHJktpHGTn46K2ww+NlVO6ChQ0eaGJMXQ3qXvd5Sh5J/1
C3BN/pWV61THjP6CL7Lq6UarqbzCdw+Lc/zus6oTfPX2OXx/XqclaJJaUuyVkVVv
Xr5lM0SYBvAw0HwM6jH6R+yI9RM6GOxrcZ8ShkpXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8Ro5itKPe4qog1ry/2w5wy2+wbIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBjMzBhZTVhLTUwYzItNDQ2My1iNzczLTc5NDA0ZmMzYzY3ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTZYwDQYJKoZIhvcNAQELBQADggEBABUvboZGs5DBiWob/a51agNi8+w+
e17hcaLmLq3fYIPBh7euZIqUeXkLcB4Lqijq1jAKrwmb8Qy/F2uAjejmQpknzIHs
dmBrL386UiwjahgxdB9tiUtoTzVLB2E6bhN/w2SYQ6hY4WR0IvI3qvc4uwmrva5W
910IFeJytw2t1qUcQ9cna9a/Xa2f/Me7jA34VUOJukP+tWjTwx5iCKb8H88j4cWX
Y2xF6qUQFIqVEOCeZZGznx2f2oSZ/brBt0XHrkbm5XBUprSE7Y/ae5KTLn913GG2
ImQrJjSHLH/xCSGEJv8YqI81qsJq2Xgu8nLQ8TbOmeSYt0ZkIKun3IQVaps=
-----END CERTIFICATE-----