Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/96e165dc-4d07-4326-aacf-c4700465f695.roa
File:                     96e165dc-4d07-4326-aacf-c4700465f695.roa (raw, json)
Hash identifier:          mmsB1yiz0AdNY5UYz1LKuPhvkc83/HE5yMOcdWT3I9U=
Subject key identifier:   C9:F3:1D:9E:E5:0E:AD:A9:5F:19:77:FA:E4:78:E1:B6:44:E5:31:C7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       059EC35DD407F9D3EEA488F5957D31C60AD7AD73
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/96e165dc-4d07-4326-aacf-c4700465f695.roa
Signing time:             Wed 22 Oct 2025 00:20:14 +0000
ROA not before:           Wed 22 Oct 2025 00:20:14 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        98.130.0.0/15 maxlen: 15
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:9e:c3:5d:d4:07:f9:d3:ee:a4:88:f5:95:7d:31:c6:0a:d7:ad:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 22 00:20:14 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=0727b3dde8542221085006bc035950fe1b28d502fb4dee25ee0a2794c585eaa5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ae:ca:31:e8:7e:bf:9a:19:d6:c9:12:28:40:
                    43:3e:a8:3f:b2:1d:87:0b:0c:cc:a3:1d:9c:c2:cc:
                    60:8f:0e:17:ec:39:bd:5a:7c:3c:c0:06:45:d7:eb:
                    af:54:6e:46:26:b3:b5:f6:99:ba:c4:0f:31:0c:f4:
                    8e:07:43:80:1a:d6:23:56:f5:e9:fc:d2:68:09:c5:
                    93:b1:f0:69:05:10:71:3c:db:08:80:0c:9d:97:17:
                    78:78:ed:97:72:59:f9:fb:3c:5e:13:a1:ce:ec:3d:
                    2b:00:bd:89:22:e5:d6:51:7b:69:fd:b1:5a:2f:cd:
                    d8:13:98:b6:2a:07:3c:fc:21:0a:43:dd:54:f7:cf:
                    3a:68:9b:db:31:82:c9:99:d2:63:5b:65:89:54:4d:
                    4b:d9:2e:c6:41:5c:9e:b4:99:e7:6c:30:25:4a:27:
                    6c:d9:ad:36:c8:dd:ce:08:67:61:f4:48:a0:a5:53:
                    c5:eb:e1:7e:2f:ec:ce:3f:a7:b7:3d:1d:d2:d2:8c:
                    cd:ef:e0:fc:bc:7e:9f:f2:ea:11:92:7c:13:41:35:
                    95:17:f9:a4:65:75:72:b5:fa:2e:73:bc:23:01:c0:
                    5c:18:a4:bf:70:84:02:31:9d:ec:29:fb:5c:2d:6d:
                    c4:73:c3:a5:2f:a5:d2:66:ac:39:c4:7d:16:f7:8b:
                    8c:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:F3:1D:9E:E5:0E:AD:A9:5F:19:77:FA:E4:78:E1:B6:44:E5:31:C7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/96e165dc-4d07-4326-aacf-c4700465f695.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  98.130.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         40:0d:cc:c1:b3:f9:a2:13:a1:23:10:53:d3:77:10:04:4e:de:
         a3:cf:6f:97:28:44:b6:5d:cf:99:82:35:28:40:f4:1b:af:16:
         43:f5:19:da:9c:e1:e8:0e:34:39:d3:73:97:2e:a2:89:78:bf:
         ab:d8:29:24:d9:07:37:37:89:db:ba:d5:47:e3:3b:01:79:29:
         97:6d:86:74:99:d1:70:3c:1b:9d:30:23:8c:db:7f:5f:b3:84:
         34:15:04:e9:43:9f:25:e2:70:54:46:6a:77:d0:10:19:f0:32:
         0f:8f:b8:f8:27:bb:86:25:3a:60:4f:5d:41:15:99:70:6a:eb:
         25:80:b6:32:bc:3f:29:af:04:11:85:ca:63:cd:06:89:48:87:
         c8:82:bc:eb:76:e3:66:9c:c1:3e:a0:c4:d5:d9:f9:c0:db:c2:
         16:48:73:42:92:82:7c:aa:fe:17:c6:91:63:62:90:fe:fb:fa:
         53:29:2c:52:0d:e0:54:a4:f3:19:c0:bf:db:7f:c2:ba:ad:d1:
         aa:fe:9c:bc:d6:fa:3d:3d:56:e5:a0:b7:a1:f7:f8:67:fd:7b:
         e4:9c:9c:cb:5d:58:4d:2b:6f:5c:dc:4e:52:ed:60:8a:03:32:
         f8:b6:b1:c1:93:22:70:cc:17:43:b5:98:8e:46:78:70:39:31:
         f7:62:98:56
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBZ7DXdQH+dPupIj1lX0xxgrXrXMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIyMDAyMDE0WhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNzI3YjNkZGU4NTQyMjIxMDg1MDA2YmMwMzU5NTBmZTFi
MjhkNTAyZmI0ZGVlMjVlZTBhMjc5NGM1ODVlYWE1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCHrsox6H6/mhnWyRIoQEM+qD+yHYcLDMyjHZzCzGCPDhfs
Ob1afDzABkXX669UbkYms7X2mbrEDzEM9I4HQ4Aa1iNW9en80mgJxZOx8GkFEHE8
2wiADJ2XF3h47ZdyWfn7PF4Toc7sPSsAvYki5dZRe2n9sVovzdgTmLYqBzz8IQpD
3VT3zzpom9sxgsmZ0mNbZYlUTUvZLsZBXJ60medsMCVKJ2zZrTbI3c4IZ2H0SKCl
U8Xr4X4v7M4/p7c9HdLSjM3v4Py8fp/y6hGSfBNBNZUX+aRldXK1+i5zvCMBwFwY
pL9whAIxnewp+1wtbcRzw6UvpdJmrDnEfRb3i4xjAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUyfMdnuUOralfGXf65HjhtkTlMccwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk2ZTE2NWRjLTRkMDctNDMyNi1hYWNmLWM0NzAwNDY1ZjY5NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwFigjANBgkqhkiG9w0BAQsFAAOCAQEAQA3MwbP5ohOhIxBT03cQBE7eo89v
lyhEtl3PmYI1KED0G68WQ/UZ2pzh6A40OdNzly6iiXi/q9gpJNkHNzeJ27rVR+M7
AXkpl22GdJnRcDwbnTAjjNt/X7OENBUE6UOfJeJwVEZqd9AQGfAyD4+4+Ce7hiU6
YE9dQRWZcGrrJYC2Mrw/Ka8EEYXKY80GiUiHyIK863bjZpzBPqDE1dn5wNvCFkhz
QpKCfKr+F8aRY2KQ/vv6UyksUg3gVKTzGcC/23/Cuq3Rqv6cvNb6PT1W5aC3off4
Z/175Jycy11YTStvXNxOUu1gigMy+LaxwZMicMwXQ7WYjkZ4cDkx92KYVg==
-----END CERTIFICATE-----