Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2796caa1-61d5-4482-ab4f-0768d89e60ff.roa
File:                     2796caa1-61d5-4482-ab4f-0768d89e60ff.roa (raw, json)
Hash identifier:          UITG1DyvM2UI/ITxBHSmSbQny79GzQYu4fqyoBrUdT4=
Subject key identifier:   70:75:C4:27:72:69:7B:F0:3A:6A:87:B7:EC:20:16:AF:82:5F:DF:24
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6305153B74E8BFD85A9135997CAB8520B7F284BA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2796caa1-61d5-4482-ab4f-0768d89e60ff.roa
Signing time:             Sun 02 Nov 2025 00:21:20 +0000
ROA not before:           Sun 02 Nov 2025 00:21:20 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.136.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:05:15:3b:74:e8:bf:d8:5a:91:35:99:7c:ab:85:20:b7:f2:84:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:21:20 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=94045ad7cbf48b059b303f4302d97155ffa1484ce129bdf7c387575f7cce9eac, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:5b:ae:25:e8:0a:fe:ac:af:87:16:83:d5:1a:
                    94:4a:64:98:11:b8:5d:0f:b9:e7:d9:dc:e8:de:4e:
                    56:a6:6c:6a:f8:02:79:2a:41:45:ed:70:d6:fb:a9:
                    73:e3:bf:d9:a8:90:44:93:ac:12:a4:63:4c:8e:ff:
                    b8:e8:01:ab:14:41:38:71:80:0e:fe:1a:4d:f1:23:
                    58:0a:17:71:c9:c8:b1:f9:ef:1b:2b:a1:4a:dc:cd:
                    cd:6f:98:f4:c7:f0:4e:5c:61:ed:84:a0:d1:79:3d:
                    46:66:5c:cc:61:cd:eb:41:35:db:71:96:da:af:90:
                    2c:46:18:09:2f:d9:86:86:cc:02:b5:48:a1:7e:45:
                    b9:7c:ce:d8:37:28:ae:74:63:7b:c2:4d:c4:3d:56:
                    50:7d:63:bf:1f:2e:98:7a:a4:9b:73:4f:a3:80:b5:
                    e7:1b:92:31:b8:cf:ed:71:15:4a:1c:c9:71:cf:2f:
                    cf:1d:71:65:af:81:13:29:09:7c:b0:cb:db:62:25:
                    b2:a3:94:e5:81:64:a1:ce:90:9b:1d:8c:4d:5c:82:
                    13:b5:0b:57:11:83:23:9e:7c:a8:a6:ba:29:d6:6f:
                    02:bb:f4:33:cb:25:d9:50:7e:7d:b9:81:14:4f:46:
                    08:c5:02:71:d1:76:dc:cb:71:4f:60:44:e8:3d:95:
                    36:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:75:C4:27:72:69:7B:F0:3A:6A:87:B7:EC:20:16:AF:82:5F:DF:24
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2796caa1-61d5-4482-ab4f-0768d89e60ff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         d1:3c:e1:f1:c5:46:59:14:1f:67:de:54:58:58:c9:31:f2:8a:
         1e:39:7f:94:d6:89:2c:d6:6e:f3:90:db:b3:de:49:73:58:7c:
         38:f6:b2:df:92:ef:2b:57:71:fe:e8:c8:75:e4:6b:00:9f:8e:
         51:0c:8f:52:80:e1:7e:36:5a:a3:e2:e2:f6:cc:4b:aa:88:ac:
         9c:b9:0c:b0:68:b8:d1:d7:f2:0d:3c:ea:0d:af:b6:0a:1f:a6:
         96:a2:2f:ba:0f:14:46:46:74:2b:25:12:3c:2b:ef:02:73:ba:
         56:6d:46:af:4d:4d:79:91:b0:e1:d3:90:e6:d4:e8:e0:aa:6d:
         b3:40:f6:7a:47:93:ee:7d:f6:c3:02:69:03:ed:4b:57:09:07:
         35:ca:78:58:b8:44:62:b7:7b:bf:7e:3a:9a:a4:c6:c8:d4:3c:
         71:5f:f3:55:2d:b5:13:b2:e0:09:a3:48:38:b6:db:30:cc:f0:
         5f:93:7c:f6:95:d1:ed:8b:39:4c:c0:6e:66:b2:bd:4f:67:6c:
         4a:ef:57:65:3c:9c:17:d7:ba:e3:76:d8:86:43:c8:af:22:ef:
         cf:bf:d3:4f:c7:8f:a3:a7:9a:10:7b:79:4f:13:3d:a5:7d:a8:
         ba:5a:ee:21:c7:c9:b6:37:fc:34:f7:a5:dd:7b:b5:8d:fc:ad:
         25:8c:82:51
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYwUVO3Tov9hakTWZfKuFILfyhLowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDAyMTIwWhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NDA0NWFkN2NiZjQ4YjA1OWIzMDNmNDMwMmQ5NzE1NWZm
YTE0ODRjZTEyOWJkZjdjMzg3NTc1ZjdjY2U5ZWFjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDoW64l6Ar+rK+HFoPVGpRKZJgRuF0PuefZ3OjeTlambGr4
AnkqQUXtcNb7qXPjv9mokESTrBKkY0yO/7joAasUQThxgA7+Gk3xI1gKF3HJyLH5
7xsroUrczc1vmPTH8E5cYe2EoNF5PUZmXMxhzetBNdtxltqvkCxGGAkv2YaGzAK1
SKF+Rbl8ztg3KK50Y3vCTcQ9VlB9Y78fLph6pJtzT6OAtecbkjG4z+1xFUocyXHP
L88dcWWvgRMpCXywy9tiJbKjlOWBZKHOkJsdjE1cghO1C1cRgyOefKimuinWbwK7
9DPLJdlQfn25gRRPRgjFAnHRdtzLcU9gROg9lTZvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcHXEJ3Jpe/A6aoe37CAWr4Jf3yQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI3OTZjYWExLTYxZDUtNDQ4Mi1hYjRmLTA3NjhkODllNjBmZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjl4gwDQYJKoZIhvcNAQELBQADggEBANE84fHFRlkUH2feVFhYyTHyih45
f5TWiSzWbvOQ27PeSXNYfDj2st+S7ytXcf7oyHXkawCfjlEMj1KA4X42WqPi4vbM
S6qIrJy5DLBouNHX8g086g2vtgofppaiL7oPFEZGdCslEjwr7wJzulZtRq9NTXmR
sOHTkObU6OCqbbNA9npHk+599sMCaQPtS1cJBzXKeFi4RGK3e79+OpqkxsjUPHFf
81UttROy4AmjSDi22zDM8F+TfPaV0e2LOUzAbmayvU9nbErvV2U8nBfXuuN22IZD
yK8i78+/00/Hj6OnmhB7eU8TPaV9qLpa7iHHybY3/DT3pd17tY38rSWMglE=
-----END CERTIFICATE-----