Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5ee3f969-775f-4571-b834-3ffb3e1dd5f9.roa
File:                     5ee3f969-775f-4571-b834-3ffb3e1dd5f9.roa (raw, json)
Hash identifier:          TZr3WzEl6AblPq0qCqGtTZRInuASkCu5HzLQIelK/5Q=
Subject key identifier:   7C:E7:81:D4:D2:E5:2E:05:78:3B:00:8A:C7:9D:EE:89:25:3C:37:8A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5D2FF55F7E2DBED8237C0A6E3DB06ED0F5B37C63
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5ee3f969-775f-4571-b834-3ffb3e1dd5f9.roa
Signing time:             Sun 02 Nov 2025 00:10:12 +0000
ROA not before:           Sun 02 Nov 2025 00:10:12 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.104.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:2f:f5:5f:7e:2d:be:d8:23:7c:0a:6e:3d:b0:6e:d0:f5:b3:7c:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:10:12 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=bc96149898ecac2749667d6a8459301279afc54ca6346b529cc88aa5663b4966, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:11:37:dc:1b:d6:7d:f1:c6:bb:14:2e:59:aa:
                    85:7b:0a:54:11:e4:c8:bb:c7:f0:22:35:c9:b3:3a:
                    9e:4f:35:0b:f9:67:b2:de:0e:40:10:e2:2d:6d:4c:
                    bb:01:f4:b9:55:a4:ad:34:44:31:fc:f7:f9:9d:3d:
                    2a:a3:ed:4b:8c:f7:47:89:66:b9:13:e5:db:3b:65:
                    59:0d:76:bf:9f:f1:7e:03:3c:29:b3:fb:b7:b9:33:
                    e3:6e:bb:13:49:d3:d0:86:96:0c:14:8f:35:e9:c2:
                    2f:aa:e0:36:3e:28:ac:fc:fd:33:43:db:b3:0c:c8:
                    52:06:db:ff:99:8e:14:9f:eb:30:46:a5:ac:98:3e:
                    c6:64:c7:fc:7a:2e:76:35:20:e9:c8:6a:cb:08:44:
                    5d:fe:ab:5b:c7:ab:2d:0e:dd:24:fe:57:47:25:75:
                    db:0d:f3:89:c5:7e:ff:fe:b2:ff:3b:6b:1d:52:c3:
                    ea:de:55:45:b3:45:f7:04:14:b4:e0:99:54:da:3b:
                    3a:55:fa:99:61:aa:67:6d:b3:71:24:82:6f:86:28:
                    78:65:64:8b:bb:6b:6b:b5:3b:d3:0c:87:bd:2d:8e:
                    0a:6e:57:7b:db:32:01:9c:bf:11:b2:92:3b:22:2a:
                    d6:f5:04:8d:cc:2a:d0:63:c8:8e:81:06:44:f1:ab:
                    fb:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:E7:81:D4:D2:E5:2E:05:78:3B:00:8A:C7:9D:EE:89:25:3C:37:8A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5ee3f969-775f-4571-b834-3ffb3e1dd5f9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.104.0/21

    Signature Algorithm: sha256WithRSAEncryption
         23:15:19:06:b7:05:cb:ee:1c:51:7d:17:80:46:12:50:4e:4d:
         ae:4b:8e:55:f8:1b:57:34:61:78:04:76:5b:73:45:5b:f3:ad:
         b6:b1:ec:ea:cb:8c:bc:5a:9c:23:49:70:72:52:f9:9f:45:1a:
         47:1e:ad:b3:a2:47:02:36:8c:7d:88:a1:fa:5d:42:a0:22:5d:
         14:ee:16:5d:96:31:86:5c:16:1a:85:35:1c:cd:bb:1b:96:6d:
         67:9b:e1:08:d2:d1:3b:6d:c2:b4:08:47:71:3d:96:5e:08:01:
         f1:70:ba:81:5b:37:d2:75:92:0d:48:3b:3c:d6:53:5a:e1:22:
         b4:66:5c:b5:45:f6:44:bc:1d:74:c8:99:6c:53:08:4b:3f:ca:
         59:dd:01:eb:cc:4d:3e:b4:65:69:78:ac:bb:2b:52:11:eb:a4:
         44:c0:62:07:17:c0:43:47:ef:d3:ff:fb:51:a6:5d:de:e2:08:
         1c:6b:58:bf:c5:42:e1:53:0c:48:7b:7e:6a:85:22:bd:ff:dd:
         d2:66:6e:97:45:df:69:51:08:44:4b:fd:a1:27:1c:73:71:8e:
         88:ed:bd:ee:28:a7:aa:2e:b2:d8:c9:15:e2:ac:aa:46:36:87:
         ae:16:5b:54:da:c5:d7:c7:6e:6d:d7:ee:5c:ce:03:18:0c:b2:
         12:72:23:c3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXS/1X34tvtgjfApuPbBu0PWzfGMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDAxMDEyWhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiYzk2MTQ5ODk4ZWNhYzI3NDk2NjdkNmE4NDU5MzAxMjc5
YWZjNTRjYTYzNDZiNTI5Y2M4OGFhNTY2M2I0OTY2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCRETfcG9Z98ca7FC5ZqoV7ClQR5Mi7x/AiNcmzOp5PNQv5
Z7LeDkAQ4i1tTLsB9LlVpK00RDH89/mdPSqj7UuM90eJZrkT5ds7ZVkNdr+f8X4D
PCmz+7e5M+NuuxNJ09CGlgwUjzXpwi+q4DY+KKz8/TND27MMyFIG2/+ZjhSf6zBG
payYPsZkx/x6LnY1IOnIassIRF3+q1vHqy0O3ST+V0clddsN84nFfv/+sv87ax1S
w+reVUWzRfcEFLTgmVTaOzpV+plhqmdts3Ekgm+GKHhlZIu7a2u1O9MMh70tjgpu
V3vbMgGcvxGykjsiKtb1BI3MKtBjyI6BBkTxq/uXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfOeB1NLlLgV4OwCKx53uiSU8N4owHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVlZTNmOTY5LTc3NWYtNDU3MS1iODM0LTNmZmIzZTFkZDVmOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjl2gwDQYJKoZIhvcNAQELBQADggEBACMVGQa3BcvuHFF9F4BGElBOTa5L
jlX4G1c0YXgEdltzRVvzrbax7OrLjLxanCNJcHJS+Z9FGkcerbOiRwI2jH2Iofpd
QqAiXRTuFl2WMYZcFhqFNRzNuxuWbWeb4QjS0TttwrQIR3E9ll4IAfFwuoFbN9J1
kg1IOzzWU1rhIrRmXLVF9kS8HXTImWxTCEs/ylndAevMTT60ZWl4rLsrUhHrpETA
YgcXwENH79P/+1GmXd7iCBxrWL/FQuFTDEh7fmqFIr3/3dJmbpdF32lRCERL/aEn
HHNxjojtve4op6oustjJFeKsqkY2h64WW1TaxdfHbm3X7lzOAxgMshJyI8M=
-----END CERTIFICATE-----