Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8213ff38-6db2-416c-9997-d93aac442a3c.roa
File:                     8213ff38-6db2-416c-9997-d93aac442a3c.roa (raw, json)
Hash identifier:          564ZgQFl34iRCybFnWxnFt8/W+j1ACqYcb4Qj5NoC/I=
Subject key identifier:   7F:39:D0:DD:13:E1:94:DD:38:54:F1:10:BC:01:78:D7:3E:81:F1:E2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       53DB93B97A23D8E0BB32E87017C7BAA7221A76E2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8213ff38-6db2-416c-9997-d93aac442a3c.roa
Signing time:             Sun 02 Nov 2025 00:41:21 +0000
ROA not before:           Sun 02 Nov 2025 00:41:21 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.150.40.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:db:93:b9:7a:23:d8:e0:bb:32:e8:70:17:c7:ba:a7:22:1a:76:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:41:21 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=09897cdc1c44a3fca2a2bfe0a21277ad5585c176bb1a3e3afbafdd2c63017f90, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:5b:71:d0:f5:77:80:50:e4:56:4d:73:98:31:
                    c4:ee:d6:de:3d:27:79:07:83:e5:0c:40:ee:0e:5e:
                    1f:f6:d8:d3:26:5d:48:94:d8:3c:26:b4:85:d8:6e:
                    d1:19:0f:93:c6:7e:b0:50:be:b8:6c:ec:56:1a:2c:
                    08:7f:b7:d7:83:1f:1d:4c:f2:48:f7:a9:d0:54:96:
                    d5:d1:77:a5:b5:67:96:ab:5a:33:33:69:4b:ce:7e:
                    30:e7:5b:b6:02:0b:cb:92:e9:b8:73:e6:e3:69:b1:
                    2a:ff:67:91:0d:67:b1:8f:8e:bb:3c:83:f3:df:5e:
                    68:00:47:1d:66:79:98:16:8e:3f:73:a3:39:29:4f:
                    40:6e:e9:12:be:3e:a6:29:58:d2:b3:21:f2:47:a1:
                    a2:c5:fa:5f:47:80:e0:e9:17:e0:13:81:f6:a4:03:
                    cb:0d:e7:fc:fe:bb:d9:75:d5:ae:11:e9:07:1d:98:
                    60:7d:48:8f:4c:43:f7:e7:96:a9:db:e3:59:9b:86:
                    b4:b4:41:9b:bf:b4:d5:dd:8c:ef:5d:e3:f2:d4:cb:
                    b7:80:b8:72:5c:b1:7c:53:b6:f4:4e:6e:b9:6a:b0:
                    e1:4f:bb:7a:78:6f:be:c0:e2:60:bc:99:dd:0a:ff:
                    41:7a:04:5e:f1:de:c3:55:20:d8:d9:9f:fd:45:40:
                    cc:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:39:D0:DD:13:E1:94:DD:38:54:F1:10:BC:01:78:D7:3E:81:F1:E2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8213ff38-6db2-416c-9997-d93aac442a3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.150.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9a:87:59:1b:bb:bc:9f:5a:c8:58:0b:dd:5d:3a:63:41:f9:0b:
         c3:9c:6d:43:16:05:8a:17:7b:9b:66:89:3b:ef:d8:f9:a4:79:
         e1:d1:e3:16:35:32:55:dc:63:7b:91:44:ce:c1:b2:ab:65:2a:
         f3:a3:b4:9e:4e:c3:9e:56:33:8d:ff:ea:ac:b8:d1:c7:9d:a8:
         b4:6f:d0:32:b0:af:ba:78:2a:89:11:75:58:55:12:2f:81:c5:
         b3:87:ee:dd:a2:5f:7d:b9:f8:c6:84:f1:f0:1c:2f:8a:b1:0a:
         a7:ad:f5:2d:f1:ba:ea:7a:df:b9:2b:16:a0:e8:12:00:16:2d:
         3d:cb:1e:bd:5a:72:71:0c:64:b8:7f:32:98:ef:57:ec:2b:cb:
         32:bb:47:15:d8:42:90:cd:28:24:57:82:35:21:e5:1d:85:9e:
         35:5f:f8:56:69:f1:3f:ed:38:9c:b8:35:07:07:36:8f:14:02:
         b0:7b:c3:1c:bf:65:c4:a5:ec:66:3e:70:e7:8e:0d:ac:cc:9c:
         55:9a:52:a7:dd:ef:4d:17:ad:ac:cf:60:11:aa:4f:96:e4:4d:
         72:95:2d:e0:4a:7e:bb:72:6f:f0:93:9a:1a:b9:b9:09:d2:18:
         f7:b6:6c:83:a1:ac:fe:4f:cf:0a:80:5f:06:53:cb:62:cd:7d:
         90:12:5a:ff
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU9uTuXoj2OC7MuhwF8e6pyIaduIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDA0MTIxWhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwOTg5N2NkYzFjNDRhM2ZjYTJhMmJmZTBhMjEyNzdhZDU1
ODVjMTc2YmIxYTNlM2FmYmFmZGQyYzYzMDE3ZjkwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsW3HQ9XeAUORWTXOYMcTu1t49J3kHg+UMQO4OXh/22NMm
XUiU2DwmtIXYbtEZD5PGfrBQvrhs7FYaLAh/t9eDHx1M8kj3qdBUltXRd6W1Z5ar
WjMzaUvOfjDnW7YCC8uS6bhz5uNpsSr/Z5ENZ7GPjrs8g/PfXmgARx1meZgWjj9z
ozkpT0Bu6RK+PqYpWNKzIfJHoaLF+l9HgODpF+ATgfakA8sN5/z+u9l11a4R6Qcd
mGB9SI9MQ/fnlqnb41mbhrS0QZu/tNXdjO9d4/LUy7eAuHJcsXxTtvRObrlqsOFP
u3p4b77A4mC8md0K/0F6BF7x3sNVINjZn/1FQMxZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfznQ3RPhlN04VPEQvAF41z6B8eIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgyMTNmZjM4LTZkYjItNDE2Yy05OTk3LWQ5M2FhYzQ0MmEzYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFjligwDQYJKoZIhvcNAQELBQADggEBAJqHWRu7vJ9ayFgL3V06Y0H5C8Oc
bUMWBYoXe5tmiTvv2PmkeeHR4xY1MlXcY3uRRM7BsqtlKvOjtJ5Ow55WM43/6qy4
0cedqLRv0DKwr7p4KokRdVhVEi+BxbOH7t2iX325+MaE8fAcL4qxCqet9S3xuup6
37krFqDoEgAWLT3LHr1acnEMZLh/MpjvV+wryzK7RxXYQpDNKCRXgjUh5R2FnjVf
+FZp8T/tOJy4NQcHNo8UArB7wxy/ZcSl7GY+cOeODazMnFWaUqfd700XrazPYBGq
T5bkTXKVLeBKfrtyb/CTmhq5uQnSGPe2bIOhrP5PzwqAXwZTy2LNfZASWv8=
-----END CERTIFICATE-----