Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8f289340-82bf-42dd-8b4e-a118719df322.roa
File:                     8f289340-82bf-42dd-8b4e-a118719df322.roa (raw, json)
Hash identifier:          qg+2fRFKxhqjgXQ2QDuYnv5iDafnUntsWaXM5rSJxo0=
Subject key identifier:   D0:78:11:3D:B7:95:FB:1F:58:DB:06:91:B9:05:4D:59:B6:B7:04:90
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7AB338B60AEDB232935CF6955763CD57908CC47B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8f289340-82bf-42dd-8b4e-a118719df322.roa
Signing time:             Sun 02 Nov 2025 00:40:13 +0000
ROA not before:           Sun 02 Nov 2025 00:40:13 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.72.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:b3:38:b6:0a:ed:b2:32:93:5c:f6:95:57:63:cd:57:90:8c:c4:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:40:13 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=b85ca38547ad7680fad78c7dc7b5add04fad2d1c022f4e77c534af4d0a9dd517, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:2d:4b:a0:39:a1:d0:90:ba:31:3b:3b:71:3d:
                    ad:3e:c5:41:ec:9b:b5:6b:ec:f2:88:b5:09:30:f6:
                    2b:fe:8d:49:55:24:73:22:3a:21:ce:8b:42:a9:59:
                    68:3f:5d:1a:4a:c8:02:ac:81:8b:06:7e:31:5b:fb:
                    3d:56:63:f8:78:33:60:3d:37:3e:30:f6:e1:1e:c2:
                    80:88:72:0c:08:83:72:4c:04:d6:87:7f:78:14:f4:
                    ce:a2:be:16:a7:b0:ce:ce:8c:84:90:51:80:ac:90:
                    10:17:11:e1:03:16:41:c5:84:17:f2:bc:10:be:e6:
                    48:63:26:e8:da:80:9e:77:d4:7a:4d:6d:31:e5:33:
                    c9:04:ec:7e:91:58:45:31:ff:64:88:72:c7:76:04:
                    8b:a5:56:94:b7:a1:d0:cf:18:b5:af:fc:09:a0:da:
                    17:2a:49:9d:9c:f5:96:7f:a8:11:c5:5b:b3:cd:76:
                    72:a4:82:71:cb:15:be:98:b3:00:f8:52:08:5d:2f:
                    54:59:6d:63:c8:ab:55:d5:fd:2f:ab:6e:db:d8:d1:
                    b6:6e:f4:98:56:d0:7a:b9:20:77:84:81:8e:d3:61:
                    d7:9c:c8:4b:21:a1:fa:02:12:22:3e:ba:ad:c7:b0:
                    53:b9:4c:d4:d5:76:8f:c7:9a:9d:43:31:70:4d:36:
                    db:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:78:11:3D:B7:95:FB:1F:58:DB:06:91:B9:05:4D:59:B6:B7:04:90
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8f289340-82bf-42dd-8b4e-a118719df322.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         01:ba:2b:df:8b:43:74:66:34:a3:38:0a:e5:94:91:02:f2:cc:
         2a:72:c9:ad:02:99:17:a0:f9:97:c4:36:b1:ce:89:99:e6:fa:
         ea:d7:8b:d4:84:b4:89:6c:0a:18:58:d7:8c:10:82:c5:0c:43:
         14:86:13:3f:2b:d3:e6:76:b2:89:d6:10:46:1c:28:ef:50:4a:
         ec:20:f6:cf:07:8f:ea:72:09:36:a0:c2:cd:6f:ac:e2:93:15:
         95:54:c0:ab:89:ee:29:89:a5:c9:47:37:78:09:fc:5a:31:b3:
         88:d1:e6:02:af:83:55:e2:c9:ec:76:4b:78:d6:de:ab:87:dd:
         a3:b7:ba:54:70:08:8f:b1:1f:01:13:07:ad:16:27:0c:92:49:
         57:5b:d9:ce:78:ca:98:1b:70:b2:a0:fc:fd:8f:a1:72:88:25:
         8f:6a:eb:e2:14:d4:bb:d7:e6:87:2a:06:35:6e:38:45:ba:be:
         e8:61:89:5f:dc:3a:df:e9:34:e8:c2:7a:2f:bd:d5:3f:85:47:
         af:32:67:af:86:6a:09:f0:e3:0b:62:57:90:24:72:8b:c2:9f:
         7e:f6:fb:64:e0:de:5e:2c:aa:e8:52:a9:a4:72:24:ac:4b:6e:
         08:22:29:a3:b8:43:0d:93:19:67:96:14:b9:57:da:60:3b:8c:
         2b:37:4c:a9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUerM4tgrtsjKTXPaVV2PNV5CMxHswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDA0MDEzWhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiODVjYTM4NTQ3YWQ3NjgwZmFkNzhjN2RjN2I1YWRkMDRm
YWQyZDFjMDIyZjRlNzdjNTM0YWY0ZDBhOWRkNTE3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRLUugOaHQkLoxOztxPa0+xUHsm7Vr7PKItQkw9iv+jUlV
JHMiOiHOi0KpWWg/XRpKyAKsgYsGfjFb+z1WY/h4M2A9Nz4w9uEewoCIcgwIg3JM
BNaHf3gU9M6ivhansM7OjISQUYCskBAXEeEDFkHFhBfyvBC+5khjJujagJ531HpN
bTHlM8kE7H6RWEUx/2SIcsd2BIulVpS3odDPGLWv/Amg2hcqSZ2c9ZZ/qBHFW7PN
dnKkgnHLFb6YswD4UghdL1RZbWPIq1XV/S+rbtvY0bZu9JhW0Hq5IHeEgY7TYdec
yEshofoCEiI+uq3HsFO5TNTVdo/Hmp1DMXBNNtt5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0HgRPbeV+x9Y2waRuQVNWba3BJAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhmMjg5MzQwLTgyYmYtNDJkZC04YjRlLWExMTg3MTlkZjMyMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjl0gwDQYJKoZIhvcNAQELBQADggEBAAG6K9+LQ3RmNKM4CuWUkQLyzCpy
ya0CmReg+ZfENrHOiZnm+urXi9SEtIlsChhY14wQgsUMQxSGEz8r0+Z2sonWEEYc
KO9QSuwg9s8Hj+pyCTagws1vrOKTFZVUwKuJ7imJpclHN3gJ/Foxs4jR5gKvg1Xi
yex2S3jW3quH3aO3ulRwCI+xHwETB60WJwySSVdb2c54ypgbcLKg/P2PoXKIJY9q
6+IU1LvX5ocqBjVuOEW6vuhhiV/cOt/pNOjCei+91T+FR68yZ6+Gagnw4wtiV5Ak
covCn372+2Tg3l4squhSqaRyJKxLbggiKaO4Qw2TGWeWFLlX2mA7jCs3TKk=
-----END CERTIFICATE-----