Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3b7bb014-7d84-4429-ab54-38f604121593.roa
File:                     3b7bb014-7d84-4429-ab54-38f604121593.roa (raw, json)
Hash identifier:          neiHG1NxUM21ndZCXswpaiRdv+JZ+OKEVp2qdVUNLAY=
Subject key identifier:   C1:BC:30:D1:0B:62:27:92:D5:6C:6C:72:D9:61:C8:CB:DD:85:4B:4B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1579E3AFE0BD459C81D33A02E6E7DC9C92A05EE4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3b7bb014-7d84-4429-ab54-38f604121593.roa
Signing time:             Sun 02 Nov 2025 00:10:37 +0000
ROA not before:           Sun 02 Nov 2025 00:10:37 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.150.60.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:79:e3:af:e0:bd:45:9c:81:d3:3a:02:e6:e7:dc:9c:92:a0:5e:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:10:37 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=7688fc672c0fa3496c0c2e67ea1233e7b15ee81cc6cc4fa32748d60512cf583b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:99:79:0b:3b:09:78:2c:d2:56:c1:b2:2a:ab:
                    1e:bd:6e:a6:46:1f:89:95:80:48:24:8e:20:c7:da:
                    03:b6:5a:ee:0d:99:15:24:d5:e1:53:dc:ea:cd:b8:
                    a6:a2:52:c2:91:25:f3:50:71:7c:f7:72:05:a6:7d:
                    fb:16:04:15:9a:12:e0:c4:aa:97:10:f7:d5:23:9e:
                    b4:5a:af:a3:b9:39:07:cb:70:02:6a:91:c3:06:ba:
                    63:c8:a0:0c:24:e0:c8:53:4c:5b:91:87:0a:84:21:
                    1f:a0:12:2c:1b:26:23:d3:8a:a8:52:5e:e7:ef:73:
                    e0:cc:f3:23:25:d2:a6:fd:cc:c0:94:44:20:63:d6:
                    7c:31:f6:f3:c4:53:95:1a:61:6d:77:6a:8d:2e:5c:
                    8a:85:59:22:d5:73:46:23:5f:06:06:67:23:52:08:
                    99:69:e3:9a:85:e5:77:d6:bd:73:ed:45:d6:12:fc:
                    fe:bb:3f:c0:d8:66:9e:7a:f9:b9:eb:7f:99:46:27:
                    88:4e:d4:1d:ec:db:d0:02:fa:3d:42:7c:b0:35:06:
                    69:99:1e:70:e3:67:7f:9a:c3:96:5e:ba:71:6e:27:
                    db:53:ba:df:cb:d4:47:21:99:83:c3:be:b3:cf:40:
                    c7:c1:9d:09:27:3b:c2:54:8d:bd:49:b5:b1:9f:e3:
                    ff:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:BC:30:D1:0B:62:27:92:D5:6C:6C:72:D9:61:C8:CB:DD:85:4B:4B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3b7bb014-7d84-4429-ab54-38f604121593.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.150.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:b0:06:59:c4:da:09:c0:97:d5:4b:ef:03:2f:89:89:7e:f2:
         23:8c:88:02:4a:f5:d3:32:6c:59:7e:d4:3d:c6:9b:2e:24:bf:
         8f:7a:73:94:d1:99:6b:d6:00:f1:90:c6:bc:6f:fe:06:f7:68:
         a0:35:75:9d:f8:ff:a1:0e:8c:48:26:c4:ac:7d:a1:9d:94:1d:
         3f:0c:dc:4f:d1:5f:b2:90:e8:6d:16:4d:28:5d:a9:c1:eb:e9:
         67:5c:13:63:ab:a4:95:55:39:81:a8:ec:77:1b:f5:9d:9e:1f:
         e4:52:ee:7c:b8:87:be:de:fb:d9:88:fd:b1:27:6c:88:52:84:
         92:71:65:39:cf:3f:2d:83:f2:42:e2:83:7f:16:10:0f:a1:bc:
         ad:92:aa:6c:c4:9c:a2:35:36:5f:67:fb:39:f6:f8:42:52:6b:
         e8:97:89:d1:2c:2b:2b:10:96:18:60:8f:96:3a:52:9b:ee:17:
         90:85:bb:7c:02:2f:bc:f8:e5:fe:e9:71:d0:b6:4e:07:c6:ce:
         6e:95:23:fa:d4:de:6d:cd:8e:7b:f7:c7:90:ad:99:4c:2d:29:
         c6:0b:89:81:18:8b:12:9c:7d:eb:54:85:82:2f:22:0c:33:66:
         df:ce:07:e8:4b:07:6d:d4:9d:45:9e:c0:56:f8:a0:92:62:af:
         04:8a:5f:0e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFXnjr+C9RZyB0zoC5ufcnJKgXuQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDAxMDM3WhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3Njg4ZmM2NzJjMGZhMzQ5NmMwYzJlNjdlYTEyMzNlN2Ix
NWVlODFjYzZjYzRmYTMyNzQ4ZDYwNTEyY2Y1ODNiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2mXkLOwl4LNJWwbIqqx69bqZGH4mVgEgkjiDH2gO2Wu4N
mRUk1eFT3OrNuKaiUsKRJfNQcXz3cgWmffsWBBWaEuDEqpcQ99UjnrRar6O5OQfL
cAJqkcMGumPIoAwk4MhTTFuRhwqEIR+gEiwbJiPTiqhSXufvc+DM8yMl0qb9zMCU
RCBj1nwx9vPEU5UaYW13ao0uXIqFWSLVc0YjXwYGZyNSCJlp45qF5XfWvXPtRdYS
/P67P8DYZp56+bnrf5lGJ4hO1B3s29AC+j1CfLA1BmmZHnDjZ3+aw5ZeunFuJ9tT
ut/L1EchmYPDvrPPQMfBnQknO8JUjb1JtbGf4/9bAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwbww0QtiJ5LVbGxy2WHIy92FS0swHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNiN2JiMDE0LTdkODQtNDQyOS1hYjU0LTM4ZjYwNDEyMTU5My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJjljwwDQYJKoZIhvcNAQELBQADggEBAA6wBlnE2gnAl9VL7wMviYl+8iOM
iAJK9dMybFl+1D3Gmy4kv496c5TRmWvWAPGQxrxv/gb3aKA1dZ34/6EOjEgmxKx9
oZ2UHT8M3E/RX7KQ6G0WTShdqcHr6WdcE2OrpJVVOYGo7Hcb9Z2eH+RS7ny4h77e
+9mI/bEnbIhShJJxZTnPPy2D8kLig38WEA+hvK2SqmzEnKI1Nl9n+zn2+EJSa+iX
idEsKysQlhhgj5Y6UpvuF5CFu3wCL7z45f7pcdC2TgfGzm6VI/rU3m3Njnv3x5Ct
mUwtKcYLiYEYixKcfetUhYIvIgwzZt/OB+hLB23UnUWewFb4oJJirwSKXw4=
-----END CERTIFICATE-----