Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7b573de-8dbd-4362-82ea-1bd3c997a837.roa
File:                     a7b573de-8dbd-4362-82ea-1bd3c997a837.roa (raw, json)
Hash identifier:          7OWPb22UOgGsjV1lCP+tngtwDXm3l9V7KuhS0ju1I0Y=
Subject key identifier:   D6:E4:BC:6C:EB:E5:38:21:93:FA:37:2E:CD:A0:8B:D4:0F:27:C6:A2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       046A0198CF25AF627C7E86F7136391F3935084C0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7b573de-8dbd-4362-82ea-1bd3c997a837.roa
Signing time:             Sun 02 Nov 2025 00:10:38 +0000
ROA not before:           Sun 02 Nov 2025 00:10:38 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.64.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:6a:01:98:cf:25:af:62:7c:7e:86:f7:13:63:91:f3:93:50:84:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:10:38 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=8f851bd99c0a4b036235a0843dc6b134a7c436fb06b0454f5946cd4e0d75eec5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f4:82:75:23:68:78:f0:60:ed:cb:8b:67:fb:
                    02:fc:54:47:2c:5f:ae:69:97:ca:c9:6a:ad:cd:81:
                    22:85:57:2e:78:c9:3a:19:ff:e2:b5:d4:c6:6c:39:
                    df:4a:b0:5a:c0:1e:5b:a6:39:ea:0a:c3:f9:e8:d2:
                    2a:d3:10:a4:ba:ba:9d:c8:d0:d0:29:97:5b:8c:4a:
                    7a:45:ac:76:9d:54:45:96:fc:87:6e:e4:06:9c:39:
                    93:00:58:1a:b2:cc:59:1e:14:c5:88:5e:8d:c8:c2:
                    be:c0:d3:ab:8b:cb:48:39:67:5b:43:0e:e7:20:f8:
                    cb:d2:26:2c:32:af:df:56:70:d5:bc:0f:44:05:3c:
                    aa:fd:79:46:a4:b4:06:79:9a:78:36:8f:5d:4c:77:
                    e1:a8:b5:53:63:e6:06:ff:76:25:15:ad:b9:5c:5a:
                    82:b0:45:05:5f:94:18:d7:df:c4:d5:00:1f:1e:62:
                    20:9a:a2:67:8d:66:0c:db:85:c9:11:6b:c3:2a:c9:
                    06:48:02:b8:0c:e7:e2:f5:0a:0e:2a:e3:53:12:07:
                    de:07:bf:4a:ea:ce:0f:46:be:83:cc:10:d3:a9:3b:
                    08:ff:2f:4c:7c:8b:ca:b4:4a:b2:f0:9f:de:ac:cc:
                    d5:2f:c2:8b:3f:e5:53:01:ed:b9:34:a3:c9:4c:b2:
                    2b:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:E4:BC:6C:EB:E5:38:21:93:FA:37:2E:CD:A0:8B:D4:0F:27:C6:A2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7b573de-8dbd-4362-82ea-1bd3c997a837.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         07:db:24:64:92:86:f7:a1:dc:67:77:4d:d2:a9:cb:6f:fd:44:
         9c:b3:ba:05:67:d3:76:f3:22:e9:0a:95:c5:2b:54:4e:86:10:
         14:12:42:4c:33:40:85:34:30:3f:21:67:dc:96:ef:fe:27:74:
         be:b8:ad:62:72:fb:1d:68:84:07:96:b1:93:1b:38:5b:ba:e3:
         76:32:1b:6e:3d:c0:79:e1:53:82:b2:c1:73:b0:0d:c9:30:99:
         27:21:0b:17:55:83:08:a5:b8:13:45:6f:04:e6:c1:e5:3f:c6:
         3f:66:7d:bb:fa:80:56:13:4f:6c:07:3c:ef:e6:25:cc:41:a3:
         ce:f0:ee:ea:da:f4:0b:29:88:ba:a6:47:1e:0c:f3:de:1c:63:
         96:3b:5a:8f:ee:fd:df:b4:d2:da:89:a1:14:4b:8d:d3:b7:af:
         35:46:7e:bd:77:1e:03:a4:11:4c:19:bd:80:e1:bd:07:65:a4:
         09:2f:87:57:0b:cb:c2:7f:5a:8d:19:2d:a9:86:c6:a6:15:39:
         45:29:6e:8c:69:46:13:f3:3d:72:91:ec:4e:15:7c:59:d3:1d:
         b1:c8:c0:c2:ad:f8:58:69:55:68:e4:10:fb:91:2b:a3:9d:c4:
         9b:05:50:8f:ae:84:4b:ef:21:bb:da:a2:ab:17:01:bb:6f:e9:
         b5:7f:f8:47
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBGoBmM8lr2J8fob3E2OR85NQhMAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDAxMDM4WhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4Zjg1MWJkOTljMGE0YjAzNjIzNWEwODQzZGM2YjEzNGE3
YzQzNmZiMDZiMDQ1NGY1OTQ2Y2Q0ZTBkNzVlZWM1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/9IJ1I2h48GDty4tn+wL8VEcsX65pl8rJaq3NgSKFVy54
yToZ/+K11MZsOd9KsFrAHlumOeoKw/no0irTEKS6up3I0NApl1uMSnpFrHadVEWW
/Idu5AacOZMAWBqyzFkeFMWIXo3Iwr7A06uLy0g5Z1tDDucg+MvSJiwyr99WcNW8
D0QFPKr9eUaktAZ5mng2j11Md+GotVNj5gb/diUVrblcWoKwRQVflBjX38TVAB8e
YiCaomeNZgzbhckRa8MqyQZIArgM5+L1Cg4q41MSB94Hv0rqzg9GvoPMENOpOwj/
L0x8i8q0SrLwn96szNUvwos/5VMB7bk0o8lMsivFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1uS8bOvlOCGT+jcuzaCL1A8nxqIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E3YjU3M2RlLThkYmQtNDM2Mi04MmVhLTFiZDNjOTk3YTgzNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjl0AwDQYJKoZIhvcNAQELBQADggEBAAfbJGSShveh3Gd3TdKpy2/9RJyz
ugVn03bzIukKlcUrVE6GEBQSQkwzQIU0MD8hZ9yW7/4ndL64rWJy+x1ohAeWsZMb
OFu643YyG249wHnhU4KywXOwDckwmSchCxdVgwiluBNFbwTmweU/xj9mfbv6gFYT
T2wHPO/mJcxBo87w7ura9AspiLqmRx4M894cY5Y7Wo/u/d+00tqJoRRLjdO3rzVG
fr13HgOkEUwZvYDhvQdlpAkvh1cLy8J/Wo0ZLamGxqYVOUUpboxpRhPzPXKR7E4V
fFnTHbHIwMKt+FhpVWjkEPuRK6OdxJsFUI+uhEvvIbvaoqsXAbtv6bV/+Ec=
-----END CERTIFICATE-----