Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/669c6dd1-8211-4cb9-b776-33c71b14ac40.roa
File:                     669c6dd1-8211-4cb9-b776-33c71b14ac40.roa (raw, json)
Hash identifier:          kT9YPVCXNz1qlF5TVbghkGaSdhVrahDNJRRdACzYRSI=
Subject key identifier:   EE:44:35:BF:BA:70:D4:20:56:C1:FD:51:56:32:98:72:F4:8B:8E:CB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       12F5ACC6EB5D3A68153BE79D94E7F0AA48B7A91C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/669c6dd1-8211-4cb9-b776-33c71b14ac40.roa
Signing time:             Sun 02 Nov 2025 00:40:55 +0000
ROA not before:           Sun 02 Nov 2025 00:40:55 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.72.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:f5:ac:c6:eb:5d:3a:68:15:3b:e7:9d:94:e7:f0:aa:48:b7:a9:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:40:55 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=ef51257f3b7a3c30349544958524a2d4834fd5646ec9eb010841143973c33da8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:95:2a:f9:a5:32:df:0e:60:84:57:e9:cb:31:
                    17:98:ab:c2:3f:60:f0:ce:44:1c:08:6b:b4:d0:ff:
                    a4:66:c5:af:a6:29:53:0c:77:b3:36:48:b3:3e:77:
                    5e:42:fb:75:81:9a:7e:db:4f:af:5e:47:3b:8c:df:
                    6d:3c:c3:10:82:5e:e2:59:27:a0:ae:5f:c6:41:b3:
                    28:7a:c7:e2:c2:8f:ab:d5:19:05:5f:34:6d:93:68:
                    cd:bf:50:2a:57:1f:cb:72:1f:58:fa:e6:a2:49:04:
                    c5:57:04:76:61:47:23:bd:47:f9:d6:a3:df:89:e8:
                    dd:f7:ca:46:ce:58:2f:9a:2e:be:e6:b8:7d:8f:6a:
                    6e:d4:5b:1a:20:1a:f0:ab:73:18:92:71:57:ee:c7:
                    74:f1:4a:04:25:84:21:7d:cd:33:2d:7d:98:a9:8a:
                    c3:c0:a0:4d:b1:48:5d:13:36:85:8a:b0:12:e2:ca:
                    a2:2f:ad:53:ea:29:c0:1a:b4:d7:08:e0:0c:82:a8:
                    aa:d4:44:e6:52:d5:92:7c:7b:a7:0b:6d:64:ee:19:
                    3f:3f:9e:ed:4c:49:78:a2:14:9d:d1:5a:57:7c:22:
                    96:6d:2e:0f:d2:c3:3d:30:95:c1:fa:f4:5d:b3:e9:
                    00:b8:ac:90:bd:31:77:b1:b1:b1:8e:d4:e3:82:b7:
                    1b:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:44:35:BF:BA:70:D4:20:56:C1:FD:51:56:32:98:72:F4:8B:8E:CB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/669c6dd1-8211-4cb9-b776-33c71b14ac40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7a:d8:f4:45:c6:99:ab:7b:75:06:06:f0:56:1c:10:94:74:91:
         67:88:69:ec:bf:03:fa:ca:77:0c:ba:50:3a:44:71:53:3c:df:
         1b:f4:6a:34:e6:e4:4d:4e:35:24:8c:39:7f:a0:a0:87:50:58:
         2d:8a:26:d3:46:c7:8b:7c:ab:57:ab:d3:45:72:b9:ad:20:27:
         60:2d:c4:42:1b:5d:4f:08:89:b9:d7:11:2b:50:0e:58:6b:e4:
         62:1f:73:cf:b7:23:05:ec:11:7d:67:0c:3a:87:5b:a5:69:63:
         5b:4e:de:96:93:29:4a:06:a8:2a:18:26:bc:d5:8d:39:dc:35:
         bb:2c:23:c9:f7:da:68:94:ae:c6:c6:94:44:a9:5f:82:c9:b9:
         52:06:52:44:10:4e:8c:69:12:c4:a3:7c:87:a4:e0:69:6e:1c:
         d0:f4:75:79:a6:f0:28:e3:ff:a7:68:e8:fc:2f:5f:5a:2f:ba:
         98:56:68:95:7d:1e:d6:8f:aa:99:6e:16:b7:3a:c1:59:bb:49:
         fb:51:7f:f3:66:aa:3b:f0:46:f2:b0:cc:a1:18:62:ca:15:38:
         0c:94:ae:e5:e3:e0:2d:1d:69:33:64:66:30:7e:67:49:5c:0e:
         65:e3:46:bf:09:5b:06:5c:53:46:0b:93:bf:66:a0:31:10:95:
         73:35:42:5e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEvWsxutdOmgVO+edlOfwqki3qRwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDA0MDU1WhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZjUxMjU3ZjNiN2EzYzMwMzQ5NTQ0OTU4NTI0YTJkNDgz
NGZkNTY0NmVjOWViMDEwODQxMTQzOTczYzMzZGE4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCGlSr5pTLfDmCEV+nLMReYq8I/YPDORBwIa7TQ/6Rmxa+m
KVMMd7M2SLM+d15C+3WBmn7bT69eRzuM3208wxCCXuJZJ6CuX8ZBsyh6x+LCj6vV
GQVfNG2TaM2/UCpXH8tyH1j65qJJBMVXBHZhRyO9R/nWo9+J6N33ykbOWC+aLr7m
uH2Pam7UWxogGvCrcxiScVfux3TxSgQlhCF9zTMtfZipisPAoE2xSF0TNoWKsBLi
yqIvrVPqKcAatNcI4AyCqKrUROZS1ZJ8e6cLbWTuGT8/nu1MSXiiFJ3RWld8IpZt
Lg/Swz0wlcH69F2z6QC4rJC9MXexsbGO1OOCtxtXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7kQ1v7pw1CBWwf1RVjKYcvSLjsswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY2OWM2ZGQxLTgyMTEtNGNiOS1iNzc2LTMzYzcxYjE0YWM0MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFjl0gwDQYJKoZIhvcNAQELBQADggEBAHrY9EXGmat7dQYG8FYcEJR0kWeI
aey/A/rKdwy6UDpEcVM83xv0ajTm5E1ONSSMOX+goIdQWC2KJtNGx4t8q1er00Vy
ua0gJ2AtxEIbXU8IibnXEStQDlhr5GIfc8+3IwXsEX1nDDqHW6VpY1tO3paTKUoG
qCoYJrzVjTncNbssI8n32miUrsbGlESpX4LJuVIGUkQQToxpEsSjfIek4GluHND0
dXmm8Cjj/6do6PwvX1ovuphWaJV9HtaPqpluFrc6wVm7SftRf/NmqjvwRvKwzKEY
YsoVOAyUruXj4C0daTNkZjB+Z0lcDmXjRr8JWwZcU0YLk79moDEQlXM1Ql4=
-----END CERTIFICATE-----