Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/36ee8694-0818-4109-a12a-7638aec01c2a.roa
File:                     36ee8694-0818-4109-a12a-7638aec01c2a.roa (raw, json)
Hash identifier:          CU1ukpqI9xlVYfbznr1IDYVJhWP6dSBle2VadZOtfb8=
Subject key identifier:   B5:AB:CD:BE:7E:44:0F:2B:7E:28:99:EE:29:C6:D8:F2:7C:78:9B:83
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1D0D31C5C0F9D60A06407AB3961F307796F650F5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/36ee8694-0818-4109-a12a-7638aec01c2a.roa
Signing time:             Sun 02 Nov 2025 00:41:22 +0000
ROA not before:           Sun 02 Nov 2025 00:41:22 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.150.96.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:0d:31:c5:c0:f9:d6:0a:06:40:7a:b3:96:1f:30:77:96:f6:50:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:41:22 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=87265a564a71edc7c486fdf0b5e35958e46828e96664073e7fad51f5efe57381, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:4f:b8:2a:b0:44:19:f4:26:79:a0:05:bc:d3:
                    3d:64:e3:9c:6a:c2:31:d2:25:a2:4e:c1:11:4a:44:
                    1e:4d:42:03:c5:62:e0:a7:85:54:f5:b1:38:37:b4:
                    9a:41:4b:0c:8b:57:fd:c2:b6:16:2b:0d:8d:75:bf:
                    cd:8e:ff:84:48:c7:1c:35:a2:dd:54:51:aa:6a:91:
                    e8:23:0b:74:6e:25:f5:2c:76:14:4c:c3:3f:3d:b6:
                    1a:09:14:54:fb:d7:a6:c4:7c:f2:94:97:52:2b:60:
                    70:ce:ec:cc:9d:1c:59:fa:14:79:fe:0e:ce:e6:8e:
                    55:f9:13:37:67:d2:77:cd:9b:4f:d0:b5:61:f6:e7:
                    01:19:e8:c9:3f:a0:a1:6c:08:53:1b:a2:7d:41:f3:
                    72:b0:60:56:34:f8:58:37:52:aa:cb:96:e0:1a:9d:
                    b4:be:81:6b:38:aa:78:b5:f1:00:a0:ed:86:75:a3:
                    c9:b2:37:9c:2c:9e:cc:56:9d:63:90:43:ea:64:3c:
                    bd:7b:5b:0c:1b:c9:2f:fa:8e:f8:17:0f:23:77:e4:
                    62:97:54:99:55:93:07:bf:0e:4f:f0:12:ed:62:a3:
                    94:8b:97:23:b4:25:df:3a:c3:26:00:bd:46:a0:44:
                    ae:a7:1a:03:23:7c:ff:9e:3b:a7:31:56:4a:ee:b9:
                    6b:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:AB:CD:BE:7E:44:0F:2B:7E:28:99:EE:29:C6:D8:F2:7C:78:9B:83
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/36ee8694-0818-4109-a12a-7638aec01c2a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.150.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9a:0e:6d:0b:77:ec:35:70:73:0b:60:91:fe:b0:c0:d7:f9:37:
         3e:4d:b6:38:b6:d4:9f:b6:0c:d8:17:b6:8e:62:eb:d8:e9:47:
         fc:82:3d:57:44:9d:54:67:66:7b:35:eb:37:d7:b0:75:53:88:
         4f:df:35:21:86:84:c3:7e:83:e8:8f:d9:c3:22:b1:27:4a:a2:
         33:35:99:ad:c9:91:2e:e0:5c:99:2a:a0:f3:84:5c:08:ee:9a:
         9e:77:7a:52:96:82:9d:9a:21:cb:71:8d:1c:dd:22:7d:f8:3b:
         c8:22:7d:d5:8c:1f:27:b9:8f:d2:38:1c:e2:c6:77:7d:3f:05:
         dc:02:42:77:5b:ed:1a:05:fd:43:95:f2:15:cd:0b:58:ad:d0:
         cf:b0:52:91:62:97:79:21:53:0c:20:7a:0b:ee:7a:d8:a8:88:
         b5:40:25:dd:3a:51:23:31:6e:95:36:91:a2:61:1e:f1:b7:6f:
         1b:05:1d:01:cf:50:4a:91:3d:68:bb:eb:26:cb:22:22:cb:bf:
         54:ca:ff:a8:83:3f:16:1e:06:84:d5:74:81:7a:4f:df:0b:f6:
         4c:44:1f:77:e1:a6:59:93:b7:1d:c8:27:cd:9e:b4:c3:75:3f:
         50:78:49:d3:10:d6:bd:4c:c0:3b:86:74:ff:cd:d4:f5:c4:f7:
         d6:1e:ae:9f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHQ0xxcD51goGQHqzlh8wd5b2UPUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDA0MTIyWhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NzI2NWE1NjRhNzFlZGM3YzQ4NmZkZjBiNWUzNTk1OGU0
NjgyOGU5NjY2NDA3M2U3ZmFkNTFmNWVmZTU3MzgxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClT7gqsEQZ9CZ5oAW80z1k45xqwjHSJaJOwRFKRB5NQgPF
YuCnhVT1sTg3tJpBSwyLV/3CthYrDY11v82O/4RIxxw1ot1UUapqkegjC3RuJfUs
dhRMwz89thoJFFT716bEfPKUl1IrYHDO7MydHFn6FHn+Ds7mjlX5Ezdn0nfNm0/Q
tWH25wEZ6Mk/oKFsCFMbon1B83KwYFY0+Fg3UqrLluAanbS+gWs4qni18QCg7YZ1
o8myN5wsnsxWnWOQQ+pkPL17WwwbyS/6jvgXDyN35GKXVJlVkwe/Dk/wEu1io5SL
lyO0Jd86wyYAvUagRK6nGgMjfP+eO6cxVkruuWs5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtavNvn5EDyt+KJnuKcbY8nx4m4MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM2ZWU4Njk0LTA4MTgtNDEwOS1hMTJhLTc2MzhhZWMwMWMyYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjlmAwDQYJKoZIhvcNAQELBQADggEBAJoObQt37DVwcwtgkf6wwNf5Nz5N
tji21J+2DNgXto5i69jpR/yCPVdEnVRnZns16zfXsHVTiE/fNSGGhMN+g+iP2cMi
sSdKojM1ma3JkS7gXJkqoPOEXAjump53elKWgp2aIctxjRzdIn34O8gifdWMHye5
j9I4HOLGd30/BdwCQndb7RoF/UOV8hXNC1it0M+wUpFil3khUwwgegvuetioiLVA
Jd06USMxbpU2kaJhHvG3bxsFHQHPUEqRPWi76ybLIiLLv1TK/6iDPxYeBoTVdIF6
T98L9kxEH3fhplmTtx3IJ82etMN1P1B4SdMQ1r1MwDuGdP/N1PXE99Yerp8=
-----END CERTIFICATE-----