Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a3275665-17d9-4bb2-8f2d-df1421f7adfe.roa
File:                     a3275665-17d9-4bb2-8f2d-df1421f7adfe.roa (raw, json)
Hash identifier:          B3kkWOOazt0VZ3y5qq+rGVANtrn4catCDmwyAIPaiNI=
Subject key identifier:   AB:18:E5:92:58:C4:C0:F7:8C:FD:BE:34:6F:72:FA:63:F4:CF:5B:96
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5AF9F2DAAC8BF3E7F15437F3B1D72AF0C7D8F373
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a3275665-17d9-4bb2-8f2d-df1421f7adfe.roa
Signing time:             Tue 28 Oct 2025 00:10:59 +0000
ROA not before:           Tue 28 Oct 2025 00:10:59 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.191.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:f9:f2:da:ac:8b:f3:e7:f1:54:37:f3:b1:d7:2a:f0:c7:d8:f3:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:10:59 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=39aeb5c1504539d08770090ccdbd082147f61986370bca2a3852bc61b776787a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:84:70:6e:7f:a8:a8:5b:d8:90:25:f4:a2:ef:
                    05:9e:ce:b8:b1:b0:b4:0d:4b:3b:cd:a8:26:3d:09:
                    e3:ab:f5:12:d0:54:79:06:ef:d9:14:ab:10:ce:d7:
                    65:c6:e7:50:20:6a:53:a3:85:e3:6c:65:80:3e:20:
                    5a:eb:b3:ee:cb:39:70:45:2c:22:e6:76:f9:67:56:
                    bb:70:ec:96:3f:2b:57:09:9e:2e:93:48:89:0e:f4:
                    75:50:ea:a5:b6:73:f6:a0:ba:00:bc:46:f4:7a:d2:
                    10:07:ae:24:aa:13:34:99:24:3a:3d:e5:f7:8c:af:
                    fd:26:ac:00:80:a2:a3:14:5a:3e:7e:95:60:1b:27:
                    f3:13:22:14:1b:15:50:fe:be:5c:69:10:a1:f1:e2:
                    80:5c:2e:9f:ae:e6:40:90:6f:12:89:be:f3:15:4d:
                    e7:b1:3a:1e:d9:d9:50:f6:ae:2e:33:dc:9e:3b:d8:
                    ed:b4:1f:c1:d6:43:06:fb:d0:c2:04:b9:23:78:14:
                    d1:b0:d2:4d:05:94:43:27:b0:df:be:ce:c0:39:c6:
                    ac:72:2d:02:f1:cd:aa:3b:2c:93:a0:e0:59:75:37:
                    f6:d1:a0:50:c3:c0:4d:6c:37:ae:99:c3:be:74:fb:
                    a3:ed:9d:f7:a0:22:21:b9:0b:f7:62:fa:da:93:12:
                    e2:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:18:E5:92:58:C4:C0:F7:8C:FD:BE:34:6F:72:FA:63:F4:CF:5B:96
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a3275665-17d9-4bb2-8f2d-df1421f7adfe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:6f:3b:7b:d2:3f:94:7c:5b:36:0b:f1:98:fa:57:67:e5:32:
         7e:e4:0c:05:ac:1d:1e:94:bd:43:f4:ef:ef:48:52:f8:bd:a7:
         0a:c8:4b:da:1e:a2:88:19:78:3b:fd:52:0d:1b:d1:8e:89:68:
         9f:70:24:a2:16:49:b6:9d:ca:86:ed:5a:32:8a:2e:4b:ac:ac:
         d0:cc:0e:31:f2:6a:e0:c9:ba:b5:72:cc:9f:8f:81:c6:6e:1d:
         4d:71:3f:e1:17:c0:67:c4:4e:79:9f:cb:eb:c1:93:7d:bc:c4:
         f4:c1:d9:d7:3d:0b:b2:a6:7e:dd:74:85:1b:63:ed:be:bc:53:
         26:7f:99:ce:aa:34:ad:fa:f7:5e:ea:17:09:d2:55:61:5d:fc:
         f9:a7:cb:34:8c:61:64:92:b3:de:43:f0:b7:5a:c9:25:c6:fa:
         44:6c:00:1c:0f:24:83:b6:73:78:03:4d:4d:ac:99:cc:7d:c5:
         1a:2b:f4:bb:7f:22:d3:2a:81:4f:09:5f:a4:47:95:5e:74:93:
         59:bd:e5:bf:c4:c8:c3:d9:ab:b7:74:d7:f5:f4:1c:f8:4c:cf:
         23:e8:a1:3d:93:02:55:c7:f2:3d:e5:c0:89:99:45:e6:ac:2d:
         26:d6:88:8a:f2:48:b0:cb:20:39:39:5d:67:9b:71:ab:43:71:
         25:af:cc:be
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWvny2qyL8+fxVDfzsdcq8MfY83MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDAxMDU5WhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzOWFlYjVjMTUwNDUzOWQwODc3MDA5MGNjZGJkMDgyMTQ3
ZjYxOTg2MzcwYmNhMmEzODUyYmM2MWI3NzY3ODdhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1hHBuf6ioW9iQJfSi7wWezrixsLQNSzvNqCY9CeOr9RLQ
VHkG79kUqxDO12XG51AgalOjheNsZYA+IFrrs+7LOXBFLCLmdvlnVrtw7JY/K1cJ
ni6TSIkO9HVQ6qW2c/agugC8RvR60hAHriSqEzSZJDo95feMr/0mrACAoqMUWj5+
lWAbJ/MTIhQbFVD+vlxpEKHx4oBcLp+u5kCQbxKJvvMVTeexOh7Z2VD2ri4z3J47
2O20H8HWQwb70MIEuSN4FNGw0k0FlEMnsN++zsA5xqxyLQLxzao7LJOg4Fl1N/bR
oFDDwE1sN66Zw750+6PtnfegIiG5C/di+tqTEuKrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqxjlkljEwPeM/b40b3L6Y/TPW5YwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EzMjc1NjY1LTE3ZDktNGJiMi04ZjJkLWRmMTQyMWY3YWRmZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTb8wDQYJKoZIhvcNAQELBQADggEBAIJvO3vSP5R8WzYL8Zj6V2flMn7k
DAWsHR6UvUP07+9IUvi9pwrIS9oeoogZeDv9Ug0b0Y6JaJ9wJKIWSbadyobtWjKK
LkusrNDMDjHyauDJurVyzJ+PgcZuHU1xP+EXwGfETnmfy+vBk328xPTB2dc9C7Km
ft10hRtj7b68UyZ/mc6qNK36917qFwnSVWFd/PmnyzSMYWSSs95D8LdaySXG+kRs
ABwPJIO2c3gDTU2smcx9xRor9Lt/ItMqgU8JX6RHlV50k1m95b/EyMPZq7d01/X0
HPhMzyPooT2TAlXH8j3lwImZReasLSbWiIrySLDLIDk5XWebcatDcSWvzL4=
-----END CERTIFICATE-----