Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/11efc78f-00de-42b6-b52c-218adf4f6cc9.roa
File:                     11efc78f-00de-42b6-b52c-218adf4f6cc9.roa (raw, json)
Hash identifier:          VqGLqUol68h4opBIWF7vjj9K5CmBvXdeiL1h74PE7BY=
Subject key identifier:   57:64:A8:06:7D:E5:11:93:1A:3C:E4:01:6C:06:5D:63:89:E7:AF:FA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1A49287445AB4B617E1C6F5B1D6568FCF58036D3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/11efc78f-00de-42b6-b52c-218adf4f6cc9.roa
Signing time:             Sun 02 Nov 2025 00:00:11 +0000
ROA not before:           Sun 02 Nov 2025 00:00:11 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.64.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:49:28:74:45:ab:4b:61:7e:1c:6f:5b:1d:65:68:fc:f5:80:36:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:00:11 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=04fbc7095262317133bb101785cfa586009abcb6bd047eb8eccadc00a664d4fa, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:c3:cc:80:2e:21:63:26:ed:c4:ad:d7:81:cf:
                    3d:dc:7e:aa:0c:74:b9:ec:4f:56:3f:ba:28:1e:51:
                    4a:9c:23:42:9f:82:2a:c6:40:b1:7f:4a:ce:96:e1:
                    81:7c:a9:6c:7d:d9:af:6a:db:60:33:53:23:68:51:
                    3d:35:91:57:f6:a3:7f:e7:02:97:5b:d6:55:4d:ff:
                    a6:f4:ff:29:19:b2:4a:45:b8:1b:bd:20:7d:17:2a:
                    76:f2:a6:a1:a9:54:93:37:f4:4f:d8:23:df:c6:e6:
                    71:1b:32:18:5b:02:dc:b8:23:88:78:f2:cc:71:e9:
                    9f:f0:8d:80:82:d0:e0:db:46:f7:98:59:58:ac:65:
                    a1:5e:71:94:d8:c6:f8:28:38:e6:1c:73:6d:c4:9c:
                    1b:a8:ec:af:b6:91:56:9e:2e:99:95:fa:f5:07:c2:
                    b8:cc:4c:5a:2b:c7:18:31:ea:eb:a0:f3:0b:c0:3d:
                    d2:0e:ef:04:0e:63:92:7d:43:f1:42:f9:a3:ee:c7:
                    6d:b0:b8:79:b5:16:8c:7d:7e:bf:b9:b3:e5:d2:7d:
                    53:4c:97:6d:6b:29:5c:c2:75:af:a4:50:a3:40:41:
                    c1:b2:15:a7:5f:25:ee:3c:0b:22:73:35:1c:71:50:
                    40:c1:cc:f7:aa:ff:50:f9:9f:1b:a9:c0:f9:ad:5b:
                    72:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:64:A8:06:7D:E5:11:93:1A:3C:E4:01:6C:06:5D:63:89:E7:AF:FA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/11efc78f-00de-42b6-b52c-218adf4f6cc9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:b4:a5:a6:df:2f:0a:ba:2f:d6:f2:cf:72:1b:4b:0c:87:63:
         ae:3c:cd:5a:bb:9f:4f:6d:d8:f8:a3:f2:96:92:f0:a4:6b:3c:
         0f:f2:bb:4a:cd:50:dd:b5:72:2c:af:32:7b:be:57:fe:b6:df:
         50:98:58:30:9e:8f:34:84:82:0d:e6:d1:1f:7f:c1:88:6d:fd:
         3d:c9:11:28:36:73:32:f4:95:96:fa:bc:00:71:aa:39:54:22:
         da:3c:0d:0c:45:7f:0d:6b:20:46:f7:cb:88:19:81:31:ac:68:
         99:16:25:17:7b:c1:08:a7:2f:1b:8b:ae:08:0b:39:65:27:f1:
         fd:ac:28:8d:30:bd:4e:df:f3:28:e3:c1:6d:ba:2a:14:3c:95:
         5c:9d:7e:8a:51:a3:52:2c:05:e7:00:3c:a2:a0:fd:4b:f7:10:
         af:ba:12:b6:60:0e:a8:d0:c6:d1:f2:32:4e:6b:e6:f9:32:6d:
         58:ae:5a:64:33:aa:1f:b3:ce:1d:9f:5a:e9:9d:0b:c5:74:16:
         37:8f:84:a8:04:8b:58:fd:58:c7:85:3e:64:3e:dd:4e:f3:87:
         ee:16:9d:61:9f:d7:5e:dc:29:f5:d9:ea:fd:bc:fe:ae:28:8f:
         b3:92:65:e5:dc:56:fb:55:df:1a:5c:af:66:19:c5:c5:fc:47:
         12:ef:f1:91
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGkkodEWrS2F+HG9bHWVo/PWANtMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDAwMDExWhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNGZiYzcwOTUyNjIzMTcxMzNiYjEwMTc4NWNmYTU4NjAw
OWFiY2I2YmQwNDdlYjhlY2NhZGMwMGE2NjRkNGZhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDtw8yALiFjJu3ErdeBzz3cfqoMdLnsT1Y/uigeUUqcI0Kf
girGQLF/Ss6W4YF8qWx92a9q22AzUyNoUT01kVf2o3/nApdb1lVN/6b0/ykZskpF
uBu9IH0XKnbypqGpVJM39E/YI9/G5nEbMhhbAty4I4h48sxx6Z/wjYCC0ODbRveY
WVisZaFecZTYxvgoOOYcc23EnBuo7K+2kVaeLpmV+vUHwrjMTForxxgx6uug8wvA
PdIO7wQOY5J9Q/FC+aPux22wuHm1Fox9fr+5s+XSfVNMl21rKVzCda+kUKNAQcGy
FadfJe48CyJzNRxxUEDBzPeq/1D5nxupwPmtW3IDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUV2SoBn3lEZMaPOQBbAZdY4nnr/owHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzExZWZjNzhmLTAwZGUtNDJiNi1iNTJjLTIxOGFkZjRmNmNjOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFjl0AwDQYJKoZIhvcNAQELBQADggEBAGy0pabfLwq6L9byz3IbSwyHY648
zVq7n09t2Pij8paS8KRrPA/yu0rNUN21ciyvMnu+V/6231CYWDCejzSEgg3m0R9/
wYht/T3JESg2czL0lZb6vABxqjlUIto8DQxFfw1rIEb3y4gZgTGsaJkWJRd7wQin
LxuLrggLOWUn8f2sKI0wvU7f8yjjwW26KhQ8lVydfopRo1IsBecAPKKg/Uv3EK+6
ErZgDqjQxtHyMk5r5vkybViuWmQzqh+zzh2fWumdC8V0FjePhKgEi1j9WMeFPmQ+
3U7zh+4WnWGf117cKfXZ6v28/q4oj7OSZeXcVvtV3xpcr2YZxcX8RxLv8ZE=
-----END CERTIFICATE-----