Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46d95802-c80e-48cb-8f8e-746d414d0f7f.roa
File:                     46d95802-c80e-48cb-8f8e-746d414d0f7f.roa (raw, json)
Hash identifier:          OsN9Ev4mVWOrOO3pSXtocdnSH/Zju8uuMI0O2LpGLe8=
Subject key identifier:   D8:10:58:93:60:40:C8:77:1E:70:15:8F:C9:1F:D9:94:8C:D0:81:1E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       77E996DFE4FC113415F0B1AEA0A5465CC26A3BE7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46d95802-c80e-48cb-8f8e-746d414d0f7f.roa
Signing time:             Wed 22 Oct 2025 00:00:15 +0000
ROA not before:           Wed 22 Oct 2025 00:00:15 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.237.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:e9:96:df:e4:fc:11:34:15:f0:b1:ae:a0:a5:46:5c:c2:6a:3b:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:00:15 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=bf1de6edc1c2903b1076abb39ef837ce24f2b76611150aa34eb22e7bf7cff6b8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:6f:2d:65:e4:52:a5:a3:2b:be:a8:3a:2f:cd:
                    f0:9d:95:75:ed:fd:95:e0:21:ce:c4:f3:0f:ec:36:
                    2e:a9:0b:84:85:66:4d:2c:54:16:31:98:50:2f:25:
                    5d:5f:b3:08:f2:7c:3b:32:af:77:6e:de:90:25:37:
                    d7:8f:fb:de:9f:7a:4b:3c:7f:6c:51:e3:21:e3:7c:
                    a3:1f:06:15:cb:f3:68:6e:e0:53:db:3e:3b:47:7c:
                    45:71:92:54:a6:c9:96:df:0e:8f:ae:1b:be:47:a4:
                    bb:49:01:56:15:47:2d:89:32:9e:22:0c:a5:76:b3:
                    a4:f6:06:5f:b8:f7:7f:4c:02:10:99:e6:55:b4:c8:
                    f9:18:ee:93:c6:7d:13:a0:65:19:f3:43:ea:8d:50:
                    c7:2d:2d:15:1c:5e:18:ad:a7:d7:ab:ec:54:3b:aa:
                    59:a9:47:68:df:20:76:4f:db:90:ca:5b:fb:32:51:
                    d7:2e:ba:03:0d:68:95:14:30:b5:ae:83:21:93:b8:
                    9f:f4:73:88:c2:ee:c8:bc:2c:14:e0:8f:db:13:5f:
                    ad:09:74:97:60:23:e7:9a:e2:e5:13:c4:fd:3c:5e:
                    f5:e1:03:13:c4:d8:88:f1:4f:f2:1c:94:a1:84:a8:
                    f9:4a:cf:70:eb:78:ad:60:c1:2f:75:37:8e:a9:75:
                    d3:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:10:58:93:60:40:C8:77:1E:70:15:8F:C9:1F:D9:94:8C:D0:81:1E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46d95802-c80e-48cb-8f8e-746d414d0f7f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:4e:5c:68:30:43:5e:c6:3f:01:8f:37:7a:a1:7d:32:7a:16:
         28:e4:c6:2a:48:ba:eb:cc:c3:e3:49:8c:d4:08:24:c4:eb:61:
         ea:61:b6:d5:8a:5a:00:36:bb:63:27:f1:aa:53:bb:e1:e9:10:
         a8:60:da:f3:99:b4:62:7e:58:36:ab:89:91:73:f7:9f:b1:6b:
         6e:43:ea:00:01:8c:52:75:f2:11:e6:c9:77:9f:24:72:7f:75:
         de:fc:4e:f3:da:48:39:7d:aa:7b:54:90:51:bf:08:72:4a:0f:
         b4:1e:5b:3d:60:73:1b:ea:46:84:f3:05:88:49:38:a6:ec:f0:
         90:82:23:83:7c:d0:cc:55:4e:5f:25:2d:12:f4:c2:ca:64:9f:
         e5:e2:5e:96:1f:ae:21:c2:4f:c4:a0:a9:f1:c4:8c:ea:c4:ef:
         90:16:d3:eb:2a:72:d8:00:4c:db:71:87:51:81:61:5d:60:64:
         5c:b9:40:61:0b:56:95:ff:28:ba:03:91:ed:2a:04:5e:8e:eb:
         40:b2:78:71:22:9b:13:38:b5:11:f9:96:f9:52:72:28:58:cf:
         93:6c:2d:97:4a:3a:0f:a6:e1:68:a2:c6:6d:30:fe:8a:38:da:
         42:84:1e:19:ed:99:8b:02:65:bd:b6:74:06:bc:e4:4d:5c:87:
         c6:9d:da:30
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUd+mW3+T8ETQV8LGuoKVGXMJqO+cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAwMDE1WhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZjFkZTZlZGMxYzI5MDNiMTA3NmFiYjM5ZWY4MzdjZTI0
ZjJiNzY2MTExNTBhYTM0ZWIyMmU3YmY3Y2ZmNmI4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChby1l5FKloyu+qDovzfCdlXXt/ZXgIc7E8w/sNi6pC4SF
Zk0sVBYxmFAvJV1fswjyfDsyr3du3pAlN9eP+96feks8f2xR4yHjfKMfBhXL82hu
4FPbPjtHfEVxklSmyZbfDo+uG75HpLtJAVYVRy2JMp4iDKV2s6T2Bl+4939MAhCZ
5lW0yPkY7pPGfROgZRnzQ+qNUMctLRUcXhitp9er7FQ7qlmpR2jfIHZP25DKW/sy
UdcuugMNaJUUMLWugyGTuJ/0c4jC7si8LBTgj9sTX60JdJdgI+ea4uUTxP08XvXh
AxPE2IjxT/IclKGEqPlKz3DreK1gwS91N46pddPpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2BBYk2BAyHcecBWPyR/ZlIzQgR4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ2ZDk1ODAyLWM4MGUtNDhjYi04ZjhlLTc0NmQ0MTRkMGY3Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTe0wDQYJKoZIhvcNAQELBQADggEBADZOXGgwQ17GPwGPN3qhfTJ6Fijk
xipIuuvMw+NJjNQIJMTrYephttWKWgA2u2Mn8apTu+HpEKhg2vOZtGJ+WDariZFz
95+xa25D6gABjFJ18hHmyXefJHJ/dd78TvPaSDl9qntUkFG/CHJKD7QeWz1gcxvq
RoTzBYhJOKbs8JCCI4N80MxVTl8lLRL0wspkn+XiXpYfriHCT8SgqfHEjOrE75AW
0+sqctgATNtxh1GBYV1gZFy5QGELVpX/KLoDke0qBF6O60CyeHEimxM4tRH5lvlS
cihYz5NsLZdKOg+m4Wiixm0w/oo42kKEHhntmYsCZb22dAa85E1ch8ad2jA=
-----END CERTIFICATE-----