Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/22ee097c-78c8-4c75-866c-6092e78e76d5.roa
File:                     22ee097c-78c8-4c75-866c-6092e78e76d5.roa (raw, json)
Hash identifier:          mkwck39zF/fCAX7fvBDLhchBFw9ZnyrV4vz9CHyChcI=
Subject key identifier:   F1:34:6F:A2:9B:7E:FF:1E:14:6D:FE:AC:E9:9D:A6:75:36:4A:5A:68
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1A71C607D6D187FE7423A7E29E33D6C12A2329BF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/22ee097c-78c8-4c75-866c-6092e78e76d5.roa
Signing time:             Tue 28 Oct 2025 00:00:14 +0000
ROA not before:           Tue 28 Oct 2025 00:00:14 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.128.0/18 maxlen: 18
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:71:c6:07:d6:d1:87:fe:74:23:a7:e2:9e:33:d6:c1:2a:23:29:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:00:14 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=855c3e7068be328bc004080a067c635de2b1d04c7a96a9809236b082db0329bf, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d9:fd:92:1d:16:69:81:de:9e:02:c9:fa:c0:
                    71:97:30:2c:0e:75:49:0d:e5:8c:60:01:7b:22:95:
                    da:ff:ee:ad:69:75:31:5a:00:f5:cc:55:98:70:6a:
                    ae:c3:fd:cb:62:69:c8:a1:84:e0:21:f4:8d:5d:72:
                    b5:a0:a7:aa:8f:8f:64:23:a8:8f:09:38:40:85:b6:
                    c9:04:bd:e9:f2:09:41:07:99:f8:df:8b:06:aa:b3:
                    76:94:b7:51:56:b5:3a:38:06:57:bd:46:db:a3:0e:
                    7b:ac:8f:aa:e9:42:43:d9:25:d9:03:5f:7a:51:9b:
                    58:63:62:84:14:73:c4:9c:c7:ba:79:fb:65:9e:31:
                    a4:a6:c3:b0:55:eb:78:a5:e8:d5:0f:74:42:ef:8c:
                    08:de:b2:e9:cb:43:93:29:1d:67:13:ce:b1:3b:4c:
                    7d:e3:4b:8a:94:81:9c:8c:57:6b:2b:03:d1:c2:a8:
                    28:a6:a8:19:9d:b9:31:24:75:06:be:fb:07:5d:e9:
                    c5:d0:f0:39:80:9e:22:ae:45:dc:48:0b:3b:80:64:
                    65:45:b3:68:e3:0c:0f:d3:70:a0:5a:61:b7:5d:55:
                    16:50:6c:41:39:07:e0:10:88:44:27:c2:4b:e3:55:
                    cd:63:4f:1b:72:63:99:cb:1b:33:55:9f:ce:58:6c:
                    01:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:34:6F:A2:9B:7E:FF:1E:14:6D:FE:AC:E9:9D:A6:75:36:4A:5A:68
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/22ee097c-78c8-4c75-866c-6092e78e76d5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         b8:5d:28:a1:c7:13:a7:05:88:86:c4:32:66:69:55:4a:e6:9c:
         6f:57:66:e0:fb:35:d3:d2:a6:e2:5a:28:6a:5e:94:d3:30:2f:
         a1:82:ac:59:d9:ba:b5:f3:63:b0:e6:57:70:31:6f:5c:69:00:
         20:05:ab:aa:25:49:dc:69:0e:10:e3:40:f2:0b:42:ca:b7:f9:
         6b:18:92:a5:7b:a5:a6:71:96:53:ca:d7:08:6e:b6:bd:9c:00:
         f2:d0:1b:ae:98:94:c0:1e:75:b9:26:08:62:fa:96:7f:4e:77:
         5b:ad:80:0e:6a:af:01:06:c5:a4:34:1a:1e:cc:59:56:65:22:
         28:6a:d7:2f:17:1c:e6:1a:8f:14:47:4b:69:57:c3:47:29:96:
         00:1e:15:15:2f:28:56:c6:79:42:f7:04:94:e4:ff:60:55:23:
         01:50:36:65:b6:45:0f:34:11:ea:07:4a:7c:48:4e:17:2f:4a:
         52:2a:b1:b7:0b:e2:b0:53:25:a2:8d:36:bb:10:b5:08:2a:ba:
         e1:62:80:8a:6c:fa:f3:f8:05:61:e2:aa:7c:e2:5c:0a:4f:25:
         bb:0f:92:5f:d5:60:74:15:12:86:2f:96:05:ca:c4:e1:01:d2:
         de:8e:f4:7a:a2:6c:31:e1:1b:3b:be:a6:0a:85:8d:dd:c8:9e:
         08:73:0a:df
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGnHGB9bRh/50I6finjPWwSojKb8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDAwMDE0WhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NTVjM2U3MDY4YmUzMjhiYzAwNDA4MGEwNjdjNjM1ZGUy
YjFkMDRjN2E5NmE5ODA5MjM2YjA4MmRiMDMyOWJmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCr2f2SHRZpgd6eAsn6wHGXMCwOdUkN5YxgAXsildr/7q1p
dTFaAPXMVZhwaq7D/ctiacihhOAh9I1dcrWgp6qPj2QjqI8JOECFtskEvenyCUEH
mfjfiwaqs3aUt1FWtTo4Ble9RtujDnusj6rpQkPZJdkDX3pRm1hjYoQUc8Scx7p5
+2WeMaSmw7BV63il6NUPdELvjAjesunLQ5MpHWcTzrE7TH3jS4qUgZyMV2srA9HC
qCimqBmduTEkdQa++wdd6cXQ8DmAniKuRdxICzuAZGVFs2jjDA/TcKBaYbddVRZQ
bEE5B+AQiEQnwkvjVc1jTxtyY5nLGzNVn85YbAE5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8TRvopt+/x4Ubf6s6Z2mdTZKWmgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIyZWUwOTdjLTc4YzgtNGM3NS04NjZjLTYwOTJlNzhlNzZkNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZjTYAwDQYJKoZIhvcNAQELBQADggEBALhdKKHHE6cFiIbEMmZpVUrmnG9X
ZuD7NdPSpuJaKGpelNMwL6GCrFnZurXzY7DmV3Axb1xpACAFq6olSdxpDhDjQPIL
Qsq3+WsYkqV7paZxllPK1whutr2cAPLQG66YlMAedbkmCGL6ln9Od1utgA5qrwEG
xaQ0Gh7MWVZlIihq1y8XHOYajxRHS2lXw0cplgAeFRUvKFbGeUL3BJTk/2BVIwFQ
NmW2RQ80EeoHSnxIThcvSlIqsbcL4rBTJaKNNrsQtQgquuFigIps+vP4BWHiqnzi
XApPJbsPkl/VYHQVEoYvlgXKxOEB0t6O9HqibDHhGzu+pgqFjd3InghzCt8=
-----END CERTIFICATE-----