Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9013bd97-577e-43f7-91e4-454ea80fb5f6.roa
File:                     9013bd97-577e-43f7-91e4-454ea80fb5f6.roa (raw, json)
Hash identifier:          ro/5TFZtTi0JJ6IwjveK+faj/azxdXyQPx3D6PuV9MY=
Subject key identifier:   30:82:49:13:1E:3F:F4:A7:87:CA:0E:77:55:27:E2:A0:3A:9B:54:78
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3DB11A2CF9F638E92D1CFA9E785B44E4953D79EE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9013bd97-577e-43f7-91e4-454ea80fb5f6.roa
Signing time:             Tue 28 Oct 2025 00:10:59 +0000
ROA not before:           Tue 28 Oct 2025 00:10:59 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.82.188.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:b1:1a:2c:f9:f6:38:e9:2d:1c:fa:9e:78:5b:44:e4:95:3d:79:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:10:59 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=df081ce39a504f62205699a4b0528209a05c4bd3d7714b9d470762bdc0296ffb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a1:b8:2e:89:01:9b:b4:db:fb:6b:f5:24:32:
                    c1:b0:ba:e5:9a:ec:c6:0b:f7:88:05:55:7d:4d:15:
                    fb:3d:be:58:db:58:b2:01:c8:15:8b:e3:86:5c:7f:
                    fd:f3:ca:a3:4a:fb:f8:78:3a:27:3c:d5:8c:3a:46:
                    e5:3d:bf:11:00:f3:fa:6f:76:cd:58:bb:63:cc:c4:
                    11:89:52:05:8e:5d:2f:6c:30:b9:c5:e7:7e:69:31:
                    75:a3:0c:64:34:b6:99:90:4b:30:fd:48:b3:28:e6:
                    c5:b8:f6:cd:c9:38:4e:6a:7a:cb:39:08:22:f8:85:
                    f4:bb:86:47:08:94:50:5a:fd:20:55:9b:05:f3:4c:
                    80:78:77:c4:e3:0d:d4:04:08:bb:9a:e9:f9:17:ec:
                    33:ba:c8:b2:7c:0c:f7:92:86:f5:de:9c:76:3d:77:
                    75:7c:80:56:86:03:6c:0b:aa:cf:be:1d:5a:c3:63:
                    3f:a6:e8:bd:f4:5f:99:df:2b:bf:7b:d2:2e:c7:17:
                    79:0d:29:a7:5b:fb:db:f4:e8:86:a0:a1:9b:8e:45:
                    6e:26:e2:d7:4d:6b:98:87:6e:1a:b3:ba:93:3e:27:
                    1f:e9:0d:90:b6:fe:17:3d:83:87:45:53:e6:3f:ef:
                    74:99:ad:7c:05:0a:9f:af:6c:72:d9:d7:fe:02:9a:
                    f0:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:82:49:13:1E:3F:F4:A7:87:CA:0E:77:55:27:E2:A0:3A:9B:54:78
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9013bd97-577e-43f7-91e4-454ea80fb5f6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.82.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:1a:02:67:25:86:01:ec:84:3d:ee:a9:8d:e6:1a:dc:75:f2:
         c4:66:d9:5a:30:85:18:88:bd:90:e1:f0:8d:6e:1f:db:83:6b:
         64:33:4e:e6:6e:b1:00:a0:ca:c6:1c:b7:45:45:70:36:12:8f:
         d9:9d:4d:69:00:4f:ca:8c:19:2d:42:a3:db:ef:48:7e:88:5f:
         66:ba:7e:2e:34:26:d2:52:26:e5:cd:3b:76:11:20:b5:3d:66:
         f9:c2:ea:94:0f:f2:6f:8c:c8:e3:de:73:9f:1f:81:4b:cd:d9:
         d7:6e:a1:f6:55:cd:c1:be:fb:a2:9c:92:d2:ac:ab:03:18:42:
         37:fe:32:0b:a9:88:37:67:3c:a2:d7:ac:d5:32:32:ba:e3:47:
         bd:46:3a:6c:83:3c:4b:87:fa:83:fd:9a:c3:a2:ff:c5:51:d7:
         ea:55:e5:64:38:40:61:92:87:54:58:e9:ac:a6:6a:65:e8:e2:
         f5:c8:02:c0:3d:09:7d:f9:44:c9:dc:21:12:3b:77:d5:70:74:
         f1:0e:9c:a5:f5:53:92:18:0a:6f:dc:59:87:79:6e:31:2c:46:
         db:92:d9:b7:3c:e4:7a:5a:50:ff:c7:1c:f3:ca:64:1f:12:49:
         18:b3:03:cf:d4:da:0d:a3:30:4a:d2:3d:bf:f4:03:7a:8e:61:
         f9:c2:e8:fa
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPbEaLPn2OOktHPqeeFtE5JU9ee4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDAxMDU5WhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BkZjA4MWNlMzlhNTA0ZjYyMjA1Njk5YTRiMDUyODIwOWEw
NWM0YmQzZDc3MTRiOWQ0NzA3NjJiZGMwMjk2ZmZiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyobguiQGbtNv7a/UkMsGwuuWa7MYL94gFVX1NFfs9vljb
WLIByBWL44Zcf/3zyqNK+/h4Oic81Yw6RuU9vxEA8/pvds1Yu2PMxBGJUgWOXS9s
MLnF535pMXWjDGQ0tpmQSzD9SLMo5sW49s3JOE5qess5CCL4hfS7hkcIlFBa/SBV
mwXzTIB4d8TjDdQECLua6fkX7DO6yLJ8DPeShvXenHY9d3V8gFaGA2wLqs++HVrD
Yz+m6L30X5nfK7970i7HF3kNKadb+9v06IagoZuORW4m4tdNa5iHbhqzupM+Jx/p
DZC2/hc9g4dFU+Y/73SZrXwFCp+vbHLZ1/4CmvBZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMIJJEx4/9KeHyg53VSfioDqbVHgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzkwMTNiZDk3LTU3N2UtNDNmNy05MWU0LTQ1NGVhODBmYjVmNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJjUrwwDQYJKoZIhvcNAQELBQADggEBAKYaAmclhgHshD3uqY3mGtx18sRm
2VowhRiIvZDh8I1uH9uDa2QzTuZusQCgysYct0VFcDYSj9mdTWkAT8qMGS1Co9vv
SH6IX2a6fi40JtJSJuXNO3YRILU9ZvnC6pQP8m+MyOPec58fgUvN2dduofZVzcG+
+6KcktKsqwMYQjf+MgupiDdnPKLXrNUyMrrjR71GOmyDPEuH+oP9msOi/8VR1+pV
5WQ4QGGSh1RY6aymamXo4vXIAsA9CX35RMncIRI7d9VwdPEOnKX1U5IYCm/cWYd5
bjEsRtuS2bc85HpaUP/HHPPKZB8SSRizA8/U2g2jMErSPb/0A3qOYfnC6Po=
-----END CERTIFICATE-----