Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9188fa7b-db94-4ddb-97de-5cb09ac9c624.roa
File:                     9188fa7b-db94-4ddb-97de-5cb09ac9c624.roa (raw, json)
Hash identifier:          tHy0c1w7lug3zFl8tn37drULWrOGL65bu2Z/jDsgeA4=
Subject key identifier:   71:00:A6:F6:F8:0F:65:92:14:61:9E:C8:1D:C5:BA:8F:7E:24:94:B9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       639E3686E7042FE703F6EF25B723912C178A6E8A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9188fa7b-db94-4ddb-97de-5cb09ac9c624.roa
Signing time:             Sun 02 Nov 2025 00:30:16 +0000
ROA not before:           Sun 02 Nov 2025 00:30:16 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        99.151.190.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:9e:36:86:e7:04:2f:e7:03:f6:ef:25:b7:23:91:2c:17:8a:6e:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:30:16 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=bad2e7b9087a4fe5f571a489e71c9a86b2f64357fa8d32a3b117ef74363293d0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f5:55:4c:f0:a6:c7:6a:28:43:d7:e6:5c:da:
                    91:2f:34:4c:ea:b4:08:19:86:87:76:c5:77:7e:31:
                    70:94:5a:54:7a:f8:81:6c:7e:ca:a1:f5:89:a7:a9:
                    9a:90:77:b3:09:3f:12:80:ca:bb:05:5e:93:0a:07:
                    f1:b5:9d:2e:2b:66:eb:58:85:20:68:a7:c7:8a:cc:
                    f3:0e:b2:ac:72:13:de:97:f1:4a:fc:f0:62:03:d5:
                    9d:d5:eb:87:bf:3f:c0:0a:b1:9d:ae:51:74:f0:48:
                    88:0b:8b:af:c2:74:fd:8a:13:6e:90:02:42:6f:26:
                    b8:90:b8:b0:62:81:13:d0:9e:5b:8b:66:2a:99:e8:
                    07:c4:12:c9:fe:09:04:43:80:67:1b:51:e6:41:d3:
                    59:1c:5c:87:c9:a1:16:8f:25:44:01:ea:c1:a0:74:
                    1a:ca:98:85:2c:ab:63:29:d1:35:28:2c:84:12:13:
                    77:ec:bd:fd:d6:7a:b0:fa:e0:35:8d:98:8a:70:a7:
                    d5:04:69:23:fb:71:07:fe:a2:d9:f6:29:a2:40:b1:
                    45:44:70:a4:60:1a:70:c5:23:ef:b0:18:04:db:4f:
                    00:bb:f7:5b:c7:59:97:27:07:eb:36:7d:7d:62:be:
                    9c:b8:c2:06:bd:82:a1:4a:0b:79:a4:56:12:58:13:
                    fd:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:00:A6:F6:F8:0F:65:92:14:61:9E:C8:1D:C5:BA:8F:7E:24:94:B9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9188fa7b-db94-4ddb-97de-5cb09ac9c624.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:8e:60:c5:35:14:4e:1f:c8:07:a1:11:c7:b9:6d:00:ce:ab:
         ff:af:45:07:fe:32:39:a7:c7:db:27:1a:5b:54:55:7d:70:4a:
         60:0e:e1:e2:ca:48:53:99:30:92:36:2c:4f:fa:e3:1e:8e:4c:
         d0:09:5f:ca:ce:13:cb:47:27:a3:c4:ae:62:f8:af:32:5c:8c:
         b4:96:a8:69:78:cd:79:ff:15:3f:85:37:5f:0b:ff:98:73:28:
         23:13:d8:46:66:53:cd:5d:f1:b8:b1:65:60:1d:a6:5b:ae:5b:
         a2:55:47:3a:cb:32:ae:cb:ee:81:33:9b:f1:ce:c8:8e:31:2b:
         60:42:48:54:fd:cd:1f:1c:e0:37:61:ca:cc:48:de:49:1b:e5:
         64:6e:0f:1e:7b:28:8a:a3:c5:a2:30:65:c0:d6:d4:a7:e4:92:
         c2:22:d6:71:54:94:69:a4:f5:74:37:8e:85:cf:6a:25:16:3c:
         8c:33:58:a2:78:8a:06:73:3b:8e:7a:2c:97:09:b0:8e:c2:ec:
         6b:8d:12:8f:a0:33:35:c2:20:05:ad:05:0a:e4:8a:78:8a:14:
         d0:38:5c:76:00:95:5e:bc:9c:8a:63:cb:17:45:e0:f0:3e:0a:
         c4:0e:a2:f9:3f:11:b2:0b:b5:a0:97:b3:fc:ad:b7:fc:51:d8:
         12:54:89:28
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY542hucEL+cD9u8ltyORLBeKboowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDAzMDE2WhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiYWQyZTdiOTA4N2E0ZmU1ZjU3MWE0ODllNzFjOWE4NmIy
ZjY0MzU3ZmE4ZDMyYTNiMTE3ZWY3NDM2MzI5M2QwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCh9VVM8KbHaihD1+Zc2pEvNEzqtAgZhod2xXd+MXCUWlR6
+IFsfsqh9YmnqZqQd7MJPxKAyrsFXpMKB/G1nS4rZutYhSBop8eKzPMOsqxyE96X
8Ur88GID1Z3V64e/P8AKsZ2uUXTwSIgLi6/CdP2KE26QAkJvJriQuLBigRPQnluL
ZiqZ6AfEEsn+CQRDgGcbUeZB01kcXIfJoRaPJUQB6sGgdBrKmIUsq2Mp0TUoLIQS
E3fsvf3WerD64DWNmIpwp9UEaSP7cQf+otn2KaJAsUVEcKRgGnDFI++wGATbTwC7
91vHWZcnB+s2fX1ivpy4wga9gqFKC3mkVhJYE/35AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcQCm9vgPZZIUYZ7IHcW6j34klLkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzkxODhmYTdiLWRiOTQtNGRkYi05N2RlLTVjYjA5YWM5YzYyNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFjl74wDQYJKoZIhvcNAQELBQADggEBAEyOYMU1FE4fyAehEce5bQDOq/+v
RQf+Mjmnx9snGltUVX1wSmAO4eLKSFOZMJI2LE/64x6OTNAJX8rOE8tHJ6PErmL4
rzJcjLSWqGl4zXn/FT+FN18L/5hzKCMT2EZmU81d8bixZWAdpluuW6JVRzrLMq7L
7oEzm/HOyI4xK2BCSFT9zR8c4DdhysxI3kkb5WRuDx57KIqjxaIwZcDW1KfkksIi
1nFUlGmk9XQ3joXPaiUWPIwzWKJ4igZzO456LJcJsI7C7GuNEo+gMzXCIAWtBQrk
iniKFNA4XHYAlV68nIpjyxdF4PA+CsQOovk/EbILtaCXs/ytt/xR2BJUiSg=
-----END CERTIFICATE-----