Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6ed41037-5334-48c4-867a-9c8a685c4482.roa
File:                     6ed41037-5334-48c4-867a-9c8a685c4482.roa (raw, json)
Hash identifier:          06i+HeutqzPreWV/GYByj9sXbMHd6aZimKHCbAAMex0=
Subject key identifier:   A0:6F:A5:7C:45:EA:9A:44:AC:FD:3B:85:87:D0:C8:B3:D6:CA:B3:BE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       28B066AA91809729D564399736E409CEB7C478F8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6ed41037-5334-48c4-867a-9c8a685c4482.roa
Signing time:             Fri 31 Oct 2025 21:36:50 +0000
ROA not before:           Fri 31 Oct 2025 21:36:50 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.83.144.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:b0:66:aa:91:80:97:29:d5:64:39:97:36:e4:09:ce:b7:c4:78:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 31 21:36:50 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=6d34c55e64280ad4cc6808cd1463671ac527617081636dc4f821c5479bca638f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:51:8f:a5:95:1f:e0:dc:bf:1e:57:8a:84:70:
                    36:2e:7b:1d:38:84:15:2c:79:bd:34:17:1e:21:6f:
                    af:53:f4:ff:a8:8c:3b:86:60:56:59:a7:21:ef:f0:
                    38:5b:3b:ed:94:fd:80:f5:19:ea:30:e8:15:0d:70:
                    c0:b2:7e:5b:6c:5c:ff:8a:c0:55:3f:9f:59:94:96:
                    8a:49:91:9c:a0:c2:ea:07:b4:ff:e3:a9:36:4e:38:
                    7d:fc:d6:f3:0d:9b:cb:c0:64:8f:ae:1c:34:88:52:
                    eb:2a:fa:61:9b:a6:5a:8f:cf:85:f1:59:47:a5:dc:
                    2b:8b:1f:32:be:78:1c:22:eb:89:7c:6c:0b:67:c9:
                    7d:8e:95:f0:9c:75:33:ef:f3:70:71:76:e6:62:01:
                    a0:20:db:0d:4f:51:9c:cb:f0:36:d4:60:28:58:75:
                    e7:31:88:e1:eb:24:c8:d0:1b:16:f6:c8:64:1b:9f:
                    81:d2:71:d2:c9:69:70:36:1f:82:d8:4a:e6:9f:0d:
                    88:8d:12:33:81:5c:56:aa:ad:3f:cf:d3:b2:b9:29:
                    66:fe:ff:15:d3:95:d0:fb:2b:3c:a4:8f:20:2a:1b:
                    1c:8e:39:41:3a:e5:1e:44:e2:fa:b5:d8:b1:2a:4b:
                    76:3e:02:a5:e4:d6:1a:69:2e:41:e2:ae:56:84:dd:
                    ac:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:6F:A5:7C:45:EA:9A:44:AC:FD:3B:85:87:D0:C8:B3:D6:CA:B3:BE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6ed41037-5334-48c4-867a-9c8a685c4482.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.83.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         9b:e7:29:7b:96:ea:f2:75:5f:cf:37:04:24:1b:fe:97:04:a2:
         a8:3b:d7:67:3b:0c:5b:cb:b6:6d:66:e6:25:13:b1:38:31:e9:
         d6:15:ca:32:3a:1d:48:4a:5d:b2:b2:b8:41:d2:e7:f7:e1:cd:
         f3:cc:e3:a0:41:97:1d:c4:8d:01:c9:c6:3d:64:23:72:90:79:
         ba:77:bc:54:46:b6:ba:d1:fd:21:a7:5d:1c:bf:25:0e:42:50:
         fa:56:bc:82:d3:6e:88:dd:eb:02:a3:dd:05:09:b6:34:ee:05:
         00:13:18:8e:20:b4:4e:2f:81:a9:53:d9:43:e3:62:49:98:e5:
         be:66:36:58:9a:f4:23:75:b2:a2:f2:8c:cd:ef:15:db:44:9a:
         b5:4c:be:c3:30:be:03:50:17:9b:c2:d8:3b:7e:7b:fe:16:ec:
         ec:af:7c:e3:92:bb:35:28:3a:90:8c:5d:ea:7f:c5:59:a4:78:
         92:c2:5d:8d:ee:12:1c:1d:e8:17:d7:fd:e6:0e:49:7c:1d:83:
         8d:db:2a:1d:27:84:63:09:4d:8e:3a:c1:18:80:ea:97:54:e1:
         af:5b:46:52:1a:28:9a:a2:d6:4f:f7:28:21:52:34:aa:18:3a:
         dd:60:83:46:ed:ff:76:1c:4a:d3:c0:f4:2e:24:e7:89:d7:e7:
         ac:a5:e2:03
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKLBmqpGAlynVZDmXNuQJzrfEePgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDMxMjEzNjUwWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZDM0YzU1ZTY0MjgwYWQ0Y2M2ODA4Y2QxNDYzNjcxYWM1
Mjc2MTcwODE2MzZkYzRmODIxYzU0NzliY2E2MzhmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgUY+llR/g3L8eV4qEcDYuex04hBUseb00Fx4hb69T9P+o
jDuGYFZZpyHv8DhbO+2U/YD1Geow6BUNcMCyfltsXP+KwFU/n1mUlopJkZygwuoH
tP/jqTZOOH381vMNm8vAZI+uHDSIUusq+mGbplqPz4XxWUel3CuLHzK+eBwi64l8
bAtnyX2OlfCcdTPv83BxduZiAaAg2w1PUZzL8DbUYChYdecxiOHrJMjQGxb2yGQb
n4HScdLJaXA2H4LYSuafDYiNEjOBXFaqrT/P07K5KWb+/xXTldD7KzykjyAqGxyO
OUE65R5E4vq12LEqS3Y+AqXk1hppLkHirlaE3awlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoG+lfEXqmkSs/TuFh9DIs9bKs74wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZlZDQxMDM3LTUzMzQtNDhjNC04NjdhLTljOGE2ODVjNDQ4Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARjU5AwDQYJKoZIhvcNAQELBQADggEBAJvnKXuW6vJ1X883BCQb/pcEoqg7
12c7DFvLtm1m5iUTsTgx6dYVyjI6HUhKXbKyuEHS5/fhzfPM46BBlx3EjQHJxj1k
I3KQebp3vFRGtrrR/SGnXRy/JQ5CUPpWvILTbojd6wKj3QUJtjTuBQATGI4gtE4v
galT2UPjYkmY5b5mNlia9CN1sqLyjM3vFdtEmrVMvsMwvgNQF5vC2Dt+e/4W7Oyv
fOOSuzUoOpCMXep/xVmkeJLCXY3uEhwd6BfX/eYOSXwdg43bKh0nhGMJTY46wRiA
6pdU4a9bRlIaKJqi1k/3KCFSNKoYOt1gg0bt/3YcStPA9C4k54nX56yl4gM=
-----END CERTIFICATE-----