Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7717889e-c371-48ff-a08c-1bac4d892dd4.roa
File:                     7717889e-c371-48ff-a08c-1bac4d892dd4.roa (raw, json)
Hash identifier:          0Clv4fdThS22l2konzCUjYFo24kLsVL+oJDBO1h28IU=
Subject key identifier:   BC:6E:00:D0:B9:60:B0:AB:33:01:0E:21:FC:BE:01:6F:0B:11:8D:7D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4B3463F86EEFCE0F5549DB89DD9651905CC294CD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7717889e-c371-48ff-a08c-1bac4d892dd4.roa
Signing time:             Sun 02 Nov 2025 00:40:11 +0000
ROA not before:           Sun 02 Nov 2025 00:40:11 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.150.80.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:34:63:f8:6e:ef:ce:0f:55:49:db:89:dd:96:51:90:5c:c2:94:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:40:11 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=d52f7a867b3c97fa5a44c43bdb304341e75d8a8ab60f9129338778ce120a9874, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:65:47:50:bf:7b:b9:0d:1a:fa:94:b9:4c:91:
                    f5:a8:33:b6:b9:56:e3:e0:af:5d:de:70:e7:9a:1e:
                    a5:c5:cf:ad:ee:93:7c:22:4e:ad:85:23:53:47:5e:
                    f2:c7:55:80:d2:6d:3e:e6:77:e9:85:16:c3:eb:5b:
                    71:64:e4:46:d0:12:55:1e:8c:d0:47:d0:65:ed:a0:
                    11:e8:57:6a:3d:30:09:cb:e6:3d:6e:35:d8:7a:ad:
                    8a:34:fc:be:1a:0b:5a:8b:fd:6d:77:11:69:cf:7f:
                    4a:0e:2c:74:86:60:77:1f:7a:b1:6f:5f:e1:75:c9:
                    ea:3b:b0:77:ad:0d:8b:47:5d:bd:e0:0e:0f:67:59:
                    93:2b:f5:9b:4f:61:91:a5:3f:ae:91:f3:9c:66:2d:
                    76:17:df:f5:0a:ea:fa:21:9a:7c:d4:80:b5:ff:4f:
                    77:91:71:89:ed:e3:c2:28:18:a8:95:4e:29:f8:0b:
                    ac:8a:ea:78:45:25:bf:0a:9f:e8:54:ff:97:02:a8:
                    98:e6:73:47:b0:44:d2:9b:85:c6:75:ac:25:0c:3f:
                    c4:2d:75:82:f1:27:7e:92:a3:51:80:45:a1:63:5c:
                    c5:45:6b:b4:23:0c:33:ad:22:76:3d:4e:7d:b1:e6:
                    6c:41:0c:1c:f8:81:97:56:2c:50:e6:8b:73:1b:7c:
                    cb:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:6E:00:D0:B9:60:B0:AB:33:01:0E:21:FC:BE:01:6F:0B:11:8D:7D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7717889e-c371-48ff-a08c-1bac4d892dd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.150.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:17:03:fe:ab:a2:be:0a:bc:ab:2f:96:ee:93:68:b5:44:0e:
         62:b3:b1:87:ed:67:0b:5e:2c:7e:ce:25:39:e3:ef:4b:94:ba:
         5f:c8:18:a8:ef:47:38:f2:fa:a7:ef:80:7e:87:a9:11:45:1a:
         56:33:08:a7:6a:11:51:6a:62:12:0b:3d:13:52:d2:7c:eb:4e:
         cf:0c:a4:8d:9f:83:46:9d:b8:c8:10:78:7f:98:c6:c5:a4:38:
         0a:66:17:47:d9:46:f2:c1:b4:52:f9:3d:a6:bb:3d:f2:01:45:
         6b:1c:11:bb:61:61:bc:6c:5f:e5:62:f7:52:49:f1:1c:ef:6c:
         3e:16:49:2d:bb:fe:71:9e:f3:5b:8a:6a:22:0c:4e:56:69:71:
         fd:a1:24:31:fe:e1:b4:2d:94:60:99:cb:ba:5f:7c:7a:f6:79:
         41:be:2a:d3:32:4a:7f:3d:bd:38:0e:b4:85:e7:06:c1:ea:ca:
         4b:a9:82:ec:b2:38:07:35:da:b3:d9:d5:39:1e:b6:43:a4:f1:
         62:f9:66:ea:4d:49:31:c2:4b:bb:78:ab:0e:74:02:b8:9d:e4:
         8a:80:84:10:52:ba:8f:78:04:c6:2a:32:24:23:5a:ce:14:df:
         4b:73:d3:09:1a:50:c3:5b:98:38:a9:ef:2c:60:14:0e:87:8b:
         5a:17:d8:6a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSzRj+G7vzg9VSduJ3ZZRkFzClM0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDA0MDExWhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNTJmN2E4NjdiM2M5N2ZhNWE0NGM0M2JkYjMwNDM0MWU3
NWQ4YThhYjYwZjkxMjkzMzg3NzhjZTEyMGE5ODc0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOZUdQv3u5DRr6lLlMkfWoM7a5VuPgr13ecOeaHqXFz63u
k3wiTq2FI1NHXvLHVYDSbT7md+mFFsPrW3Fk5EbQElUejNBH0GXtoBHoV2o9MAnL
5j1uNdh6rYo0/L4aC1qL/W13EWnPf0oOLHSGYHcferFvX+F1yeo7sHetDYtHXb3g
Dg9nWZMr9ZtPYZGlP66R85xmLXYX3/UK6vohmnzUgLX/T3eRcYnt48IoGKiVTin4
C6yK6nhFJb8Kn+hU/5cCqJjmc0ewRNKbhcZ1rCUMP8QtdYLxJ36So1GARaFjXMVF
a7QjDDOtInY9Tn2x5mxBDBz4gZdWLFDmi3MbfMvxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvG4A0LlgsKszAQ4h/L4BbwsRjX0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc3MTc4ODllLWMzNzEtNDhmZi1hMDhjLTFiYWM0ZDg5MmRkNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFjllAwDQYJKoZIhvcNAQELBQADggEBAB0XA/6ror4KvKsvlu6TaLVEDmKz
sYftZwteLH7OJTnj70uUul/IGKjvRzjy+qfvgH6HqRFFGlYzCKdqEVFqYhILPRNS
0nzrTs8MpI2fg0aduMgQeH+YxsWkOApmF0fZRvLBtFL5Paa7PfIBRWscEbthYbxs
X+Vi91JJ8RzvbD4WSS27/nGe81uKaiIMTlZpcf2hJDH+4bQtlGCZy7pffHr2eUG+
KtMySn89vTgOtIXnBsHqykupguyyOAc12rPZ1TketkOk8WL5ZupNSTHCS7t4qw50
Arid5IqAhBBSuo94BMYqMiQjWs4U30tz0wkaUMNbmDip7yxgFA6Hi1oX2Go=
-----END CERTIFICATE-----