Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7e23500a-7ffd-453d-be04-82eab76a246d.roa
File:                     7e23500a-7ffd-453d-be04-82eab76a246d.roa (raw, json)
Hash identifier:          EyJ43hEI8IR/Xk328Zw0r2edHl1gslOqdccvD2iXeDA=
Subject key identifier:   7C:91:FC:E0:17:F1:87:76:A0:BB:93:F6:53:A5:9B:ED:86:12:BB:94
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       518F27D824AB7D963F6DB25523BB9ED3E9F2524E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7e23500a-7ffd-453d-be04-82eab76a246d.roa
Signing time:             Sun 02 Nov 2025 00:31:18 +0000
ROA not before:           Sun 02 Nov 2025 00:31:18 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.150.6.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:8f:27:d8:24:ab:7d:96:3f:6d:b2:55:23:bb:9e:d3:e9:f2:52:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:31:18 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=e6ca0a0aec8948f886971042e50061170198c3fd77d0f1a44b9f11474e33ff9c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:33:a3:d0:8f:01:12:16:0e:11:12:8b:88:b0:
                    0a:be:f5:ce:54:1d:04:ec:f3:8b:54:72:5a:4a:b8:
                    0f:22:9b:56:74:b8:4b:19:e7:0d:ea:68:4b:df:51:
                    4a:9e:c9:f8:54:b3:75:20:e3:cb:88:fa:92:3c:b5:
                    16:2b:3c:e0:b9:b8:ea:b8:58:87:1a:e1:b0:41:82:
                    81:c1:1a:73:a1:e1:18:6b:d0:d3:c9:b3:13:a6:43:
                    51:37:b9:cc:64:2d:fa:b7:0f:8a:46:1d:05:cd:7e:
                    26:87:02:74:03:c7:e4:ec:e3:66:03:24:dd:c8:4e:
                    e0:31:b4:26:57:ac:81:8f:5f:2e:8d:f5:80:ee:ee:
                    9b:37:64:79:90:27:64:b0:fc:d4:8b:2b:4a:0b:fe:
                    ba:c1:0c:f9:72:e5:0f:5e:55:ba:66:bc:b3:b2:bc:
                    06:f9:83:e8:97:4a:7f:3f:2f:5c:3d:01:61:09:6e:
                    77:c2:e7:eb:0a:8e:18:8f:ab:df:7e:76:18:1d:52:
                    d3:13:30:cb:73:02:59:68:b9:77:33:2a:df:d4:c8:
                    e1:79:1f:7d:51:57:b2:4e:1b:62:9c:b1:2c:0c:11:
                    9d:17:d2:e4:e8:b8:4b:dc:0f:53:29:bb:4f:a4:8d:
                    d0:5f:35:75:c5:94:8e:b2:f6:c9:0e:18:fc:1a:4e:
                    a5:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:91:FC:E0:17:F1:87:76:A0:BB:93:F6:53:A5:9B:ED:86:12:BB:94
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7e23500a-7ffd-453d-be04-82eab76a246d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.150.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:ac:c4:ce:a5:8c:4d:9a:b8:62:2c:a7:23:bd:01:1c:6f:42:
         87:57:30:08:bd:9c:8b:6d:68:fd:94:0e:be:1d:84:35:19:9b:
         92:9e:d7:d2:8f:8b:b4:42:2c:4d:87:d6:f6:6c:32:6f:0e:97:
         03:3c:6b:ad:4c:dd:f5:00:b5:33:cb:38:d1:58:dc:e0:19:c8:
         9d:96:9f:66:7a:3f:dd:ae:fb:32:ef:a9:de:67:ba:0a:d5:38:
         23:f7:2b:e7:85:c5:3b:5c:fa:05:44:0d:c0:45:d7:34:f3:db:
         b3:71:6d:ea:e9:71:ed:89:38:13:5b:a5:23:2d:c4:6b:4c:21:
         55:34:62:67:6f:9c:2c:4e:34:ba:fc:68:19:4b:8a:df:ba:0d:
         7b:2a:38:a8:f9:90:c8:d1:df:15:89:d9:a7:3b:ae:1a:a3:22:
         3c:bb:fb:0b:44:07:59:90:68:e3:33:76:a3:53:5c:d9:b8:aa:
         b6:7d:ea:20:62:4c:d2:36:d7:15:b7:ef:8d:53:c3:48:ed:5e:
         24:41:8c:ab:ce:db:e6:64:1a:7a:3f:47:5d:84:7c:ed:ef:9f:
         a8:ed:65:27:5d:19:f8:03:d2:0a:0e:2c:f6:b7:58:92:95:bc:
         c0:61:cc:f6:d5:6b:a3:65:51:ef:03:1e:5b:35:30:09:d8:5a:
         ac:e0:6e:45
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUY8n2CSrfZY/bbJVI7ue0+nyUk4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDAzMTE4WhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNmNhMGEwYWVjODk0OGY4ODY5NzEwNDJlNTAwNjExNzAx
OThjM2ZkNzdkMGYxYTQ0YjlmMTE0NzRlMzNmZjljMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdM6PQjwESFg4REouIsAq+9c5UHQTs84tUclpKuA8im1Z0
uEsZ5w3qaEvfUUqeyfhUs3Ug48uI+pI8tRYrPOC5uOq4WIca4bBBgoHBGnOh4Rhr
0NPJsxOmQ1E3ucxkLfq3D4pGHQXNfiaHAnQDx+Ts42YDJN3ITuAxtCZXrIGPXy6N
9YDu7ps3ZHmQJ2Sw/NSLK0oL/rrBDPly5Q9eVbpmvLOyvAb5g+iXSn8/L1w9AWEJ
bnfC5+sKjhiPq99+dhgdUtMTMMtzAllouXczKt/UyOF5H31RV7JOG2KcsSwMEZ0X
0uTouEvcD1Mpu0+kjdBfNXXFlI6y9skOGPwaTqUbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfJH84Bfxh3agu5P2U6Wb7YYSu5QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdlMjM1MDBhLTdmZmQtNDUzZC1iZTA0LTgyZWFiNzZhMjQ2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjlgYwDQYJKoZIhvcNAQELBQADggEBAH+sxM6ljE2auGIspyO9ARxvQodX
MAi9nIttaP2UDr4dhDUZm5Ke19KPi7RCLE2H1vZsMm8OlwM8a61M3fUAtTPLONFY
3OAZyJ2Wn2Z6P92u+zLvqd5nugrVOCP3K+eFxTtc+gVEDcBF1zTz27Nxberpce2J
OBNbpSMtxGtMIVU0YmdvnCxONLr8aBlLit+6DXsqOKj5kMjR3xWJ2ac7rhqjIjy7
+wtEB1mQaOMzdqNTXNm4qrZ96iBiTNI21xW3741Tw0jtXiRBjKvO2+ZkGno/R12E
fO3vn6jtZSddGfgD0goOLPa3WJKVvMBhzPbVa6NlUe8DHls1MAnYWqzgbkU=
-----END CERTIFICATE-----