Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/69c5765e-9e8e-44a6-be4d-76b3616ef390.roa
File:                     69c5765e-9e8e-44a6-be4d-76b3616ef390.roa (raw, json)
Hash identifier:          A+Dny20t8+2z6+enNe05JHKc8gQ9HTY/+veNGmQZfLE=
Subject key identifier:   E7:7F:5F:79:31:F6:B0:52:7D:7D:16:A6:32:3C:C8:87:74:80:53:67
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       780AF7715E17D89C04ECA44135F67082F2E4161F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/69c5765e-9e8e-44a6-be4d-76b3616ef390.roa
Signing time:             Tue 21 Oct 2025 00:41:40 +0000
ROA not before:           Tue 21 Oct 2025 00:41:40 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.79.0.0/16 maxlen: 16
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:0a:f7:71:5e:17:d8:9c:04:ec:a4:41:35:f6:70:82:f2:e4:16:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 21 00:41:40 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=dd287ddd82ecd4c870bd07809b061b5e7667f0a7b3cea018529e4dd893a34071, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:0d:3b:12:af:53:63:50:6b:76:8b:1d:07:55:
                    20:b5:da:7b:ba:78:cc:64:b7:27:fe:66:28:ea:d1:
                    c4:8b:06:45:de:1f:e1:43:54:73:d4:3e:11:99:a3:
                    c9:1b:95:f1:e8:af:ef:18:bf:0e:ae:15:de:33:31:
                    94:aa:1d:5d:e5:0b:68:5f:9d:95:51:d4:5d:61:10:
                    ba:8e:d3:5e:3d:db:1d:77:a4:89:3c:85:cb:29:f1:
                    cc:e4:57:3c:35:ee:db:91:1e:07:15:93:77:9d:d4:
                    b4:bf:c2:f6:fd:4a:5a:21:c7:49:31:15:72:a9:1f:
                    32:1a:b3:76:76:fd:c4:e2:fc:03:4c:83:2d:96:df:
                    fb:a4:3c:a2:b1:e5:b8:25:b7:13:b3:21:7f:01:49:
                    3d:bf:e1:8d:52:87:11:c2:fb:9c:0e:f9:e9:70:2e:
                    81:5a:d5:37:93:7c:f2:93:65:73:91:2b:a9:db:71:
                    77:6d:52:b1:47:9d:07:4d:a8:82:10:57:ec:47:87:
                    9e:d9:b6:02:e9:3f:59:5d:07:76:75:76:3f:02:06:
                    b6:70:66:9b:ac:81:86:a4:bf:c5:7d:c4:fd:68:a4:
                    b0:ec:1f:d1:9f:18:0a:4a:4d:be:93:9f:7b:90:1f:
                    b7:80:cd:cc:33:dd:e7:f6:60:f2:b4:50:a0:1b:d8:
                    bd:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:7F:5F:79:31:F6:B0:52:7D:7D:16:A6:32:3C:C8:87:74:80:53:67
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/69c5765e-9e8e-44a6-be4d-76b3616ef390.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.79.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2a:8c:10:14:14:59:b1:85:ad:01:7a:d1:b7:54:6c:48:e6:4c:
         ac:e0:1f:0d:42:b8:82:c3:56:e8:1d:43:cb:9e:cb:0a:23:04:
         c1:c8:63:73:bc:ea:a9:13:cd:bd:d8:97:12:29:46:fb:12:3d:
         4c:10:11:57:09:24:e9:13:e2:ad:44:2d:1e:05:8d:7e:8e:ef:
         9f:5c:20:74:8e:5d:3e:67:ce:d8:ec:bc:2b:55:2d:ff:4c:6e:
         93:06:35:4d:bf:ce:95:12:ed:c2:15:8c:41:d7:05:83:a1:21:
         73:bf:fe:51:3f:86:9d:a1:45:5f:c2:23:c3:6f:53:a4:8f:d3:
         57:5b:be:c7:95:75:bf:d2:71:03:aa:c6:86:45:86:85:0d:2a:
         d7:95:cc:e8:0a:b6:87:99:dd:bd:5a:a2:8e:43:81:46:2e:6f:
         0f:79:cb:e7:d2:65:98:80:ff:f4:3f:22:7e:92:29:ca:71:97:
         7e:97:73:40:36:7a:bc:4b:f9:a0:c9:63:33:40:e2:49:de:78:
         24:75:20:11:e4:97:40:49:55:15:10:08:9b:be:f5:dd:ed:c8:
         96:52:81:e2:26:1c:25:d8:f9:17:80:34:42:ad:32:71:91:ad:
         26:31:42:bf:d9:a7:52:40:a3:53:04:3a:1a:9f:b0:6b:2b:b9:
         c5:99:29:0c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUeAr3cV4X2JwE7KRBNfZwgvLkFh8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIxMDA0MTQwWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZDI4N2RkZDgyZWNkNGM4NzBiZDA3ODA5YjA2MWI1ZTc2
NjdmMGE3YjNjZWEwMTg1MjllNGRkODkzYTM0MDcxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDYDTsSr1NjUGt2ix0HVSC12nu6eMxktyf+Zijq0cSLBkXe
H+FDVHPUPhGZo8kblfHor+8Yvw6uFd4zMZSqHV3lC2hfnZVR1F1hELqO01492x13
pIk8hcsp8czkVzw17tuRHgcVk3ed1LS/wvb9Slohx0kxFXKpHzIas3Z2/cTi/ANM
gy2W3/ukPKKx5bgltxOzIX8BST2/4Y1ShxHC+5wO+elwLoFa1TeTfPKTZXORK6nb
cXdtUrFHnQdNqIIQV+xHh57ZtgLpP1ldB3Z1dj8CBrZwZpusgYakv8V9xP1opLDs
H9GfGApKTb6Tn3uQH7eAzcwz3ef2YPK0UKAb2L2rAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU539feTH2sFJ9fRamMjzIh3SAU2cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY5YzU3NjVlLTllOGUtNDRhNi1iZTRkLTc2YjM2MTZlZjM5MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBjTzANBgkqhkiG9w0BAQsFAAOCAQEAKowQFBRZsYWtAXrRt1RsSOZMrOAf
DUK4gsNW6B1Dy57LCiMEwchjc7zqqRPNvdiXEilG+xI9TBARVwkk6RPirUQtHgWN
fo7vn1wgdI5dPmfO2Oy8K1Ut/0xukwY1Tb/OlRLtwhWMQdcFg6Ehc7/+UT+GnaFF
X8Ijw29TpI/TV1u+x5V1v9JxA6rGhkWGhQ0q15XM6Aq2h5ndvVqijkOBRi5vD3nL
59JlmID/9D8ifpIpynGXfpdzQDZ6vEv5oMljM0DiSd54JHUgEeSXQElVFRAIm771
3e3IllKB4iYcJdj5F4A0Qq0ycZGtJjFCv9mnUkCjUwQ6Gp+wayu5xZkpDA==
-----END CERTIFICATE-----