Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a42a738c-9b5f-415d-a4cc-d638a82f8193.roa
File:                     a42a738c-9b5f-415d-a4cc-d638a82f8193.roa (raw, json)
Hash identifier:          bMlXDaOCd0Iges+T72xxhQpN+3J4aRIvhdORbaloo5o=
Subject key identifier:   41:E8:70:30:E0:31:6C:50:35:6C:0F:6E:20:3B:81:13:AB:22:8F:20
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2666E97D2E99FF67E01073613A06C37FF4BCDECC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a42a738c-9b5f-415d-a4cc-d638a82f8193.roa
Signing time:             Sun 02 Nov 2025 00:31:17 +0000
ROA not before:           Sun 02 Nov 2025 00:31:17 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.150.122.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:66:e9:7d:2e:99:ff:67:e0:10:73:61:3a:06:c3:7f:f4:bc:de:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:31:17 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=6341f88e6c94575fd63fc2de97cfdfb0d6c37fbf2cf78d76b1448986feb97bc9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b1:9d:ca:0e:59:6c:ab:d7:11:dc:e3:16:4c:
                    42:3b:38:fd:6f:65:c6:61:ab:5d:b8:5b:d5:ad:b1:
                    94:ab:0f:f7:2b:83:da:3e:93:e9:70:ef:51:c9:26:
                    e2:d3:c1:0a:c5:81:b0:81:82:38:d4:c5:d2:3c:1d:
                    87:21:5d:86:75:5a:a2:59:a5:61:3d:63:66:b6:e4:
                    62:2a:33:43:bf:13:30:c3:a9:3f:8c:5d:5e:8d:90:
                    97:de:1b:12:a2:e2:e6:ca:59:3a:89:8e:7c:39:05:
                    a4:7b:87:11:3e:44:cb:0f:0f:f8:47:b9:c7:2e:11:
                    f4:22:6b:f7:73:3b:fb:3d:f8:78:a8:6c:11:43:ed:
                    fd:fd:bc:fa:e5:27:b9:75:c2:ab:6d:16:d5:d8:8e:
                    30:81:5a:e4:5f:72:f4:12:7c:04:53:59:db:fe:ff:
                    c0:c2:7c:c6:4c:ac:91:bd:3c:8c:1b:89:49:7a:b4:
                    3e:32:43:24:0e:04:44:d8:ed:d3:58:99:e1:7a:64:
                    17:92:40:c1:bd:53:ae:a9:c0:42:6c:7c:aa:1f:ce:
                    9b:e5:39:f9:aa:84:f6:88:49:32:19:8c:44:96:bb:
                    ff:dd:f0:0e:02:a2:07:5c:d0:77:df:21:e8:6f:84:
                    05:01:55:31:16:b8:3a:8d:5b:b6:42:a1:7b:1e:92:
                    e7:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:E8:70:30:E0:31:6C:50:35:6C:0F:6E:20:3B:81:13:AB:22:8F:20
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a42a738c-9b5f-415d-a4cc-d638a82f8193.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.150.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:bd:78:db:1f:60:72:7b:68:a1:83:72:18:10:f0:9b:00:ac:
         bb:c4:d8:14:a8:e8:fe:91:70:74:72:18:ea:10:da:2b:17:de:
         b2:54:a7:67:6f:f5:3f:7c:75:e6:24:02:69:f7:d1:92:c8:33:
         ce:5c:7b:c2:fd:77:0e:1c:7e:39:28:a8:34:7d:90:26:6d:50:
         b0:eb:91:de:5a:a2:1d:2d:51:1f:4f:87:e3:0d:67:94:78:a7:
         d2:3c:a0:92:73:c2:f6:17:e7:f9:69:70:e4:b8:71:32:57:ab:
         d3:02:ea:46:e7:74:ec:f2:be:63:62:ba:1e:dd:8b:29:3a:0a:
         cd:34:fa:a3:ae:fe:bc:46:b3:56:d4:29:15:3f:36:dc:b7:e7:
         47:d0:22:92:26:72:f5:2c:55:54:8d:84:85:78:f7:b1:b0:cb:
         22:fd:ae:d5:f5:62:a0:cb:11:77:e4:5c:b5:b4:b5:60:e8:d9:
         4e:a8:e7:8d:67:cc:9e:92:70:5f:37:90:ed:65:92:00:ef:76:
         ae:7a:67:6e:9e:98:f5:a2:8f:1c:0b:31:f1:76:04:17:d7:e3:
         d3:aa:5f:34:0b:ab:12:86:1c:d3:b4:df:01:c9:6b:be:2d:ec:
         9a:a6:32:79:df:2e:7e:5f:a5:ae:5d:42:a5:4c:96:ba:50:81:
         75:79:38:be
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJmbpfS6Z/2fgEHNhOgbDf/S83swwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDAzMTE3WhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MzQxZjg4ZTZjOTQ1NzVmZDYzZmMyZGU5N2NmZGZiMGQ2
YzM3ZmJmMmNmNzhkNzZiMTQ0ODk4NmZlYjk3YmM5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDsZ3KDllsq9cR3OMWTEI7OP1vZcZhq124W9WtsZSrD/cr
g9o+k+lw71HJJuLTwQrFgbCBgjjUxdI8HYchXYZ1WqJZpWE9Y2a25GIqM0O/EzDD
qT+MXV6NkJfeGxKi4ubKWTqJjnw5BaR7hxE+RMsPD/hHuccuEfQia/dzO/s9+Hio
bBFD7f39vPrlJ7l1wqttFtXYjjCBWuRfcvQSfARTWdv+/8DCfMZMrJG9PIwbiUl6
tD4yQyQOBETY7dNYmeF6ZBeSQMG9U66pwEJsfKofzpvlOfmqhPaISTIZjESWu//d
8A4Cogdc0HffIehvhAUBVTEWuDqNW7ZCoXsekue/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQehwMOAxbFA1bA9uIDuBE6sijyAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E0MmE3MzhjLTliNWYtNDE1ZC1hNGNjLWQ2MzhhODJmODE5My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjlnowDQYJKoZIhvcNAQELBQADggEBAEW9eNsfYHJ7aKGDchgQ8JsArLvE
2BSo6P6RcHRyGOoQ2isX3rJUp2dv9T98deYkAmn30ZLIM85ce8L9dw4cfjkoqDR9
kCZtULDrkd5aoh0tUR9Ph+MNZ5R4p9I8oJJzwvYX5/lpcOS4cTJXq9MC6kbndOzy
vmNiuh7diyk6Cs00+qOu/rxGs1bUKRU/Nty350fQIpImcvUsVVSNhIV497GwyyL9
rtX1YqDLEXfkXLW0tWDo2U6o541nzJ6ScF83kO1lkgDvdq56Z26emPWijxwLMfF2
BBfX49OqXzQLqxKGHNO03wHJa74t7JqmMnnfLn5fpa5dQqVMlrpQgXV5OL4=
-----END CERTIFICATE-----