Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/232545d3-dcc7-4f04-bb6d-1d3d9c17d37d.roa
File:                     232545d3-dcc7-4f04-bb6d-1d3d9c17d37d.roa (raw, json)
Hash identifier:          5MtiU080cZ2la6Ja+7hiZ3VtYoGluXo+BB4RGOiLqzc=
Subject key identifier:   6F:21:E5:2C:DE:B1:C0:F6:D3:F5:39:06:03:FF:48:7A:09:DA:E7:3D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       02AE238DDD98D981DE215A8FD0F1890B18587379
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/232545d3-dcc7-4f04-bb6d-1d3d9c17d37d.roa
Signing time:             Wed 22 Oct 2025 00:01:00 +0000
ROA not before:           Wed 22 Oct 2025 00:01:00 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.148.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:ae:23:8d:dd:98:d9:81:de:21:5a:8f:d0:f1:89:0b:18:58:73:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:01:00 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=ef32a2afb7661e4875116b26293bffed3366cf3046c0ef047746c12878190863, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:38:72:a4:4a:1f:5a:18:ac:16:4f:3d:04:c0:
                    a1:f5:2d:7c:63:06:35:7a:fb:a8:ac:a0:bc:b6:a9:
                    af:74:af:5c:6f:63:49:c7:88:c8:de:fd:54:0c:fb:
                    dc:f0:bf:b2:bb:56:e0:2f:17:a1:a0:8a:27:57:34:
                    30:18:3f:bf:2c:23:1d:88:68:93:02:09:63:2d:9d:
                    7a:85:c9:5f:d5:2c:a8:e5:6e:0c:7d:eb:e2:60:0e:
                    d8:b8:c7:e2:e1:dc:fb:e7:67:84:8a:55:cf:78:47:
                    51:b5:f5:83:32:03:c0:30:21:91:14:2e:b4:10:52:
                    76:39:8b:82:50:19:5e:05:08:b0:f7:c8:8b:fa:4a:
                    66:c8:e9:6b:6c:f7:d3:5f:8d:8f:e3:40:dc:33:da:
                    9f:40:f9:cd:f4:11:99:a1:79:88:ac:bc:69:09:93:
                    84:23:b6:23:3b:1c:e2:eb:8d:d6:4b:e2:ec:90:59:
                    c7:f6:ae:bf:f6:e2:28:5e:95:f6:6a:71:99:f2:f3:
                    1d:60:0e:34:56:db:51:03:0c:52:eb:2c:38:71:47:
                    6d:66:f5:9e:2e:8d:a4:0f:c1:ea:3d:fe:03:38:42:
                    7a:63:b0:9c:f5:9a:88:9c:77:d3:d0:74:b1:0e:86:
                    72:ec:3d:5e:69:f2:5b:a7:4a:f8:3e:00:27:75:fc:
                    d6:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:21:E5:2C:DE:B1:C0:F6:D3:F5:39:06:03:FF:48:7A:09:DA:E7:3D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/232545d3-dcc7-4f04-bb6d-1d3d9c17d37d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:dd:db:e0:83:53:6e:97:85:22:4c:ad:b3:72:87:85:0d:03:
         f6:74:b3:a1:5f:d3:25:40:f1:96:0f:7b:53:84:bb:a7:55:b2:
         12:d2:9d:b7:29:9d:51:cd:1d:ad:31:d4:6a:f8:8e:3d:d8:8a:
         d6:f2:cf:8c:32:72:00:a7:f6:3e:cf:e2:40:d3:37:bd:cd:29:
         d1:8b:eb:df:14:37:c0:28:12:97:36:27:04:a2:4c:04:a9:79:
         6d:e2:1e:ed:a6:7c:56:c8:6d:9b:01:e9:a4:60:3b:ad:76:8b:
         63:53:5d:2b:48:4c:09:93:82:be:61:95:fc:83:ad:d2:9b:9a:
         79:bc:98:a9:07:cf:98:4c:e0:c6:48:b8:48:ff:9d:4f:d9:6f:
         76:58:2f:17:37:63:bd:e0:dc:d7:18:d8:57:0b:52:2f:3b:53:
         25:9c:27:06:20:79:04:16:2a:5b:9d:08:37:bc:0f:e8:0f:dc:
         66:a3:a4:fe:3b:e4:ba:d4:da:e7:b2:32:3f:d3:a1:5c:d3:28:
         34:b5:a6:c7:4d:26:51:a6:f2:41:fc:78:16:d2:40:4a:63:5a:
         c1:32:7a:25:85:61:40:39:d3:04:6c:41:34:0f:1b:62:9a:ef:
         55:95:fc:eb:64:53:ad:ff:b4:2b:6e:48:97:ba:ac:39:f5:1a:
         e8:b4:f7:7e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAq4jjd2Y2YHeIVqP0PGJCxhYc3kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAwMTAwWhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZjMyYTJhZmI3NjYxZTQ4NzUxMTZiMjYyOTNiZmZlZDMz
NjZjZjMwNDZjMGVmMDQ3NzQ2YzEyODc4MTkwODYzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDvOHKkSh9aGKwWTz0EwKH1LXxjBjV6+6isoLy2qa90r1xv
Y0nHiMje/VQM+9zwv7K7VuAvF6GgiidXNDAYP78sIx2IaJMCCWMtnXqFyV/VLKjl
bgx96+JgDti4x+Lh3PvnZ4SKVc94R1G19YMyA8AwIZEULrQQUnY5i4JQGV4FCLD3
yIv6SmbI6Wts99NfjY/jQNwz2p9A+c30EZmheYisvGkJk4QjtiM7HOLrjdZL4uyQ
Wcf2rr/24ihelfZqcZny8x1gDjRW21EDDFLrLDhxR21m9Z4ujaQPweo9/gM4Qnpj
sJz1moicd9PQdLEOhnLsPV5p8lunSvg+ACd1/NbdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbyHlLN6xwPbT9TkGA/9Iegna5z0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIzMjU0NWQzLWRjYzctNGYwNC1iYjZkLTFkM2Q5YzE3ZDM3ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTZQwDQYJKoZIhvcNAQELBQADggEBAMjd2+CDU26XhSJMrbNyh4UNA/Z0
s6Ff0yVA8ZYPe1OEu6dVshLSnbcpnVHNHa0x1Gr4jj3Yitbyz4wycgCn9j7P4kDT
N73NKdGL698UN8AoEpc2JwSiTASpeW3iHu2mfFbIbZsB6aRgO612i2NTXStITAmT
gr5hlfyDrdKbmnm8mKkHz5hM4MZIuEj/nU/Zb3ZYLxc3Y73g3NcY2FcLUi87UyWc
JwYgeQQWKludCDe8D+gP3GajpP475LrU2ueyMj/ToVzTKDS1psdNJlGm8kH8eBbS
QEpjWsEyeiWFYUA50wRsQTQPG2Ka71WV/OtkU63/tCtuSJe6rDn1Gui0934=
-----END CERTIFICATE-----