Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/45c2e527-9738-4594-aadb-f5b7380f4d86.roa
File:                     45c2e527-9738-4594-aadb-f5b7380f4d86.roa (raw, json)
Hash identifier:          yI4fRNEoDNc4B3juXAiQufHlmCbp6JfggZ1VjPJ4JMw=
Subject key identifier:   F6:A5:35:01:27:5B:06:BE:E6:8C:16:B7:26:58:9F:61:C6:98:B1:70
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       44E8A30E242B6345C2A639FBE3A217B7A012E39D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/45c2e527-9738-4594-aadb-f5b7380f4d86.roa
Signing time:             Wed 22 Oct 2025 00:11:00 +0000
ROA not before:           Wed 22 Oct 2025 00:11:00 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.152.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:e8:a3:0e:24:2b:63:45:c2:a6:39:fb:e3:a2:17:b7:a0:12:e3:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:11:00 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=442389ef1714977c441fcdde9cbc581ba88e236b99be304ee9c8fc1b24749b3e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:7a:1d:46:ad:4c:13:df:dc:22:48:b4:d1:4c:
                    d3:88:b7:43:20:9a:0e:97:fe:0b:c1:ff:72:d5:65:
                    38:f3:3a:91:67:bb:6b:fa:45:c9:32:ba:68:4c:15:
                    44:58:19:52:45:72:d3:da:c5:ee:15:56:59:14:d2:
                    f2:8b:9a:b0:a3:cc:5d:6f:00:2a:4c:27:ef:86:19:
                    3a:36:6f:95:bf:43:90:43:e3:28:1a:31:77:9e:aa:
                    94:b8:4a:3a:4f:c4:81:98:87:4f:09:7e:f3:53:1a:
                    e0:31:79:db:4f:78:5a:b4:0f:0e:50:b4:1c:d7:ea:
                    80:71:08:85:43:bb:d8:e3:cd:0e:3e:84:bd:17:91:
                    e9:6f:af:c6:75:cc:07:28:f1:11:53:0e:ce:fb:c9:
                    63:59:dd:59:1e:96:e9:16:aa:93:f5:ec:39:ee:e9:
                    b2:a4:e4:4f:af:90:32:4a:f8:14:d2:8d:72:95:7f:
                    12:50:44:2b:0a:46:5d:14:9a:98:b9:e0:ba:ae:f5:
                    57:7b:63:a8:b3:bf:b2:79:30:25:64:b2:36:1a:d5:
                    ec:6a:2c:32:4a:48:cd:d4:40:9e:cc:a4:c2:51:7a:
                    65:f7:9c:e5:51:e4:48:40:91:e4:25:56:6f:6c:02:
                    50:7a:92:3f:52:f4:fa:f0:40:88:44:7b:31:59:c7:
                    8d:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:A5:35:01:27:5B:06:BE:E6:8C:16:B7:26:58:9F:61:C6:98:B1:70
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/45c2e527-9738-4594-aadb-f5b7380f4d86.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:4d:ed:67:42:d4:3b:96:5d:bc:5b:dd:f2:47:0f:1b:96:e6:
         2b:12:f0:47:9a:53:9a:07:cf:af:b7:4b:0e:25:60:72:09:e5:
         37:14:8e:36:f7:56:7f:04:24:06:c3:d6:75:c9:23:e8:52:1b:
         da:11:46:9a:be:54:24:12:46:0e:86:33:60:30:be:d7:9f:b6:
         91:9a:e3:e9:01:54:9a:a8:6c:86:1e:56:5c:de:77:21:5d:15:
         a6:3c:41:b8:75:95:dc:cb:9b:79:25:4c:e4:5c:00:da:34:21:
         53:84:20:24:34:a6:32:88:d2:48:72:77:0b:cc:7e:db:8a:07:
         0f:8f:eb:cd:bb:2f:79:ed:91:ec:f1:45:84:c6:b4:54:ed:83:
         8b:1a:34:41:72:4f:82:b6:c9:78:1c:01:fa:9f:44:7c:da:0e:
         88:55:4f:63:41:af:9a:87:f7:ec:aa:fb:43:44:f0:c9:e0:4c:
         69:4f:08:ef:24:26:46:fa:29:ad:b7:7d:45:0f:c3:4e:67:a6:
         11:5d:af:fe:76:e8:f6:27:16:d1:89:1f:82:31:1c:02:fe:fd:
         1f:81:3a:f5:87:d9:45:06:a2:6d:4e:fc:ae:2a:c7:b7:b6:96:
         64:12:f8:f6:f0:8f:f7:87:d0:6a:60:ec:53:6c:48:22:e9:f9:
         89:ca:24:17
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUROijDiQrY0XCpjn746IXt6AS450wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAxMTAwWhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NDIzODllZjE3MTQ5NzdjNDQxZmNkZGU5Y2JjNTgxYmE4
OGUyMzZiOTliZTMwNGVlOWM4ZmMxYjI0NzQ5YjNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBeh1GrUwT39wiSLTRTNOIt0Mgmg6X/gvB/3LVZTjzOpFn
u2v6RckyumhMFURYGVJFctPaxe4VVlkU0vKLmrCjzF1vACpMJ++GGTo2b5W/Q5BD
4ygaMXeeqpS4SjpPxIGYh08JfvNTGuAxedtPeFq0Dw5QtBzX6oBxCIVDu9jjzQ4+
hL0Xkelvr8Z1zAco8RFTDs77yWNZ3VkelukWqpP17Dnu6bKk5E+vkDJK+BTSjXKV
fxJQRCsKRl0Umpi54Lqu9Vd7Y6izv7J5MCVksjYa1exqLDJKSM3UQJ7MpMJRemX3
nOVR5EhAkeQlVm9sAlB6kj9S9PrwQIhEezFZx42vAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9qU1ASdbBr7mjBa3JlifYcaYsXAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ1YzJlNTI3LTk3MzgtNDU5NC1hYWRiLWY1YjczODBmNGQ4Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTZgwDQYJKoZIhvcNAQELBQADggEBAB9N7WdC1DuWXbxb3fJHDxuW5isS
8EeaU5oHz6+3Sw4lYHIJ5TcUjjb3Vn8EJAbD1nXJI+hSG9oRRpq+VCQSRg6GM2Aw
vteftpGa4+kBVJqobIYeVlzedyFdFaY8Qbh1ldzLm3klTORcANo0IVOEICQ0pjKI
0khydwvMftuKBw+P6827L3ntkezxRYTGtFTtg4saNEFyT4K2yXgcAfqfRHzaDohV
T2NBr5qH9+yq+0NE8MngTGlPCO8kJkb6Ka23fUUPw05nphFdr/526PYnFtGJH4Ix
HAL+/R+BOvWH2UUGom1O/K4qx7e2lmQS+Pbwj/eH0Gpg7FNsSCLp+YnKJBc=
-----END CERTIFICATE-----