Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/53b9504e-a82e-4bf9-be01-2560b7b49d15.roa
File:                     53b9504e-a82e-4bf9-be01-2560b7b49d15.roa (raw, json)
Hash identifier:          CGqeZvO1BQ/Co1dLFyWVUqsxHD+q2uuWDcHezrOwD7s=
Subject key identifier:   05:53:3A:E5:DF:AD:7B:10:62:7E:AB:B5:3C:D5:32:DF:D5:01:FB:41
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       25F3D34942FF151446A328B855BE27ECA5BDA1A4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/53b9504e-a82e-4bf9-be01-2560b7b49d15.roa
Signing time:             Sun 02 Nov 2025 00:10:36 +0000
ROA not before:           Sun 02 Nov 2025 00:10:36 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.150.114.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:f3:d3:49:42:ff:15:14:46:a3:28:b8:55:be:27:ec:a5:bd:a1:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:10:36 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=bf02db937aa05472a1d0f367089acab705e9d87067d8d7759198be29b6e77031, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:58:83:4e:cd:cc:8a:81:bc:24:49:b4:b0:c6:
                    2e:f8:cf:c1:c7:8a:ea:4e:56:fb:2d:55:07:53:19:
                    46:86:7e:c3:70:da:16:ac:86:34:42:46:89:7d:d1:
                    03:2e:bb:6f:d6:d4:3f:bb:ea:05:87:4d:2f:a5:66:
                    b2:f0:89:1f:01:9d:90:72:a3:dc:98:07:13:d2:c2:
                    55:f1:26:3d:93:68:af:f7:15:dc:a2:ef:22:66:11:
                    6d:8f:7b:30:8d:75:d4:17:7a:d6:27:e2:f8:2f:c0:
                    58:bf:91:24:90:e2:de:af:1c:3a:00:73:ee:a6:f5:
                    bc:5b:be:32:03:d1:b0:99:f0:a2:0b:58:ce:dc:05:
                    2e:e6:e9:02:16:e8:f3:ec:a2:e9:96:5b:06:41:ab:
                    ea:62:86:8b:fa:af:af:2b:59:d3:18:de:43:c8:6b:
                    13:6e:f4:81:60:65:e5:51:e8:5a:4f:ed:1d:b3:24:
                    a7:10:fa:29:5d:44:90:80:f5:ff:88:41:6a:2d:cf:
                    23:89:0f:d5:62:bc:ea:f4:6d:4d:1a:a6:c4:05:bf:
                    74:65:12:61:65:c5:83:26:7c:c6:7f:c3:e3:6a:1f:
                    97:9c:27:84:0d:a2:3d:92:5a:69:d2:75:19:5b:5f:
                    24:26:aa:72:2d:f8:f3:7c:94:65:ff:c5:4d:c6:13:
                    1e:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:53:3A:E5:DF:AD:7B:10:62:7E:AB:B5:3C:D5:32:DF:D5:01:FB:41
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/53b9504e-a82e-4bf9-be01-2560b7b49d15.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.150.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:a8:c7:e5:26:94:ca:5c:e2:13:1c:d3:a2:7b:95:0d:e7:2a:
         3c:e4:f1:de:34:1a:fe:d9:12:ad:41:ec:78:6d:e2:eb:21:dd:
         a2:b3:e0:b0:b7:83:c2:37:7f:59:e0:4f:a5:b8:41:9b:23:1c:
         f9:eb:fc:30:66:25:4f:5f:fd:8e:45:23:43:b3:14:1c:1b:fa:
         19:6a:4b:b0:de:d9:d9:63:71:b8:d0:76:18:26:a8:c1:df:32:
         18:54:b7:fa:6c:da:82:31:d6:d2:7e:aa:da:47:e4:a7:d4:c0:
         32:6b:9c:a8:7a:46:25:13:e9:46:fe:be:b5:fd:7c:df:11:d8:
         09:c8:a5:9a:71:8e:58:bf:00:40:aa:9d:00:84:86:71:a2:54:
         40:27:d5:06:b4:f9:d3:b9:7a:97:3f:77:14:92:9f:86:78:b3:
         43:9d:f7:51:dd:f2:b4:50:80:a7:08:c2:81:9a:4f:f0:ec:6f:
         a1:a7:e9:57:5f:69:3d:70:03:0a:18:04:46:15:77:04:12:73:
         70:a5:cc:cc:8e:cf:76:24:95:79:9c:27:fc:87:5f:54:36:61:
         6f:2a:cf:2c:f8:7d:6a:e0:f8:35:7e:bf:d3:1e:b7:d5:ac:b9:
         08:de:6d:f0:59:b3:d0:2d:a6:6d:29:5c:c7:d7:65:9f:13:62:
         c9:cc:86:81
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJfPTSUL/FRRGoyi4Vb4n7KW9oaQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDAxMDM2WhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZjAyZGI5MzdhYTA1NDcyYTFkMGYzNjcwODlhY2FiNzA1
ZTlkODcwNjdkOGQ3NzU5MTk4YmUyOWI2ZTc3MDMxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2WINOzcyKgbwkSbSwxi74z8HHiupOVvstVQdTGUaGfsNw
2hashjRCRol90QMuu2/W1D+76gWHTS+lZrLwiR8BnZByo9yYBxPSwlXxJj2TaK/3
Fdyi7yJmEW2PezCNddQXetYn4vgvwFi/kSSQ4t6vHDoAc+6m9bxbvjID0bCZ8KIL
WM7cBS7m6QIW6PPsoumWWwZBq+pihov6r68rWdMY3kPIaxNu9IFgZeVR6FpP7R2z
JKcQ+ildRJCA9f+IQWotzyOJD9VivOr0bU0apsQFv3RlEmFlxYMmfMZ/w+NqH5ec
J4QNoj2SWmnSdRlbXyQmqnIt+PN8lGX/xU3GEx5ZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUBVM65d+texBifqu1PNUy39UB+0EwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzUzYjk1MDRlLWE4MmUtNGJmOS1iZTAxLTI1NjBiN2I0OWQxNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjlnIwDQYJKoZIhvcNAQELBQADggEBAJSox+UmlMpc4hMc06J7lQ3nKjzk
8d40Gv7ZEq1B7Hht4ush3aKz4LC3g8I3f1ngT6W4QZsjHPnr/DBmJU9f/Y5FI0Oz
FBwb+hlqS7De2dljcbjQdhgmqMHfMhhUt/ps2oIx1tJ+qtpH5KfUwDJrnKh6RiUT
6Ub+vrX9fN8R2AnIpZpxjli/AECqnQCEhnGiVEAn1Qa0+dO5epc/dxSSn4Z4s0Od
91Hd8rRQgKcIwoGaT/Dsb6Gn6VdfaT1wAwoYBEYVdwQSc3ClzMyOz3YklXmcJ/yH
X1Q2YW8qzyz4fWrg+DV+v9Met9WsuQjebfBZs9Atpm0pXMfXZZ8TYsnMhoE=
-----END CERTIFICATE-----