Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af71deda-bc43-4d3b-ac30-314953a27a4b.roa
File:                     af71deda-bc43-4d3b-ac30-314953a27a4b.roa (raw, json)
Hash identifier:          DZseqhsWA+o9LbNAtgLTdPdh+4Ar8zzQfyhA6cFIwSI=
Subject key identifier:   C8:F9:60:E6:F9:7F:06:21:98:64:B7:05:83:04:A2:36:FE:6B:07:6F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       10DFC523ABE3DE407F5B45ED19631BA25394C4FB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af71deda-bc43-4d3b-ac30-314953a27a4b.roa
Signing time:             Sun 02 Nov 2025 00:20:09 +0000
ROA not before:           Sun 02 Nov 2025 00:20:09 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.150.104.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:df:c5:23:ab:e3:de:40:7f:5b:45:ed:19:63:1b:a2:53:94:c4:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:20:09 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=0db5deda14fcf40d1d48d1299922c47bd4f5ecd22b169c164e7f7f77d57ce14d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:64:f0:b1:60:c9:00:f9:9e:85:ba:c9:a8:6b:
                    c5:b5:de:fb:26:d4:11:54:35:9c:00:80:3a:a2:02:
                    ff:d0:e1:24:36:41:6e:ff:20:2d:32:a9:e8:b1:f7:
                    9f:33:5d:d7:46:35:29:e0:ec:90:2e:8a:bc:bd:0c:
                    30:47:85:cd:ef:34:4a:15:2d:1b:4b:ad:61:27:bc:
                    88:43:83:69:67:5e:32:d0:01:54:22:44:be:67:7a:
                    b3:86:0d:9b:60:e6:ab:01:ec:7d:2a:2d:7b:11:39:
                    ca:5b:68:e8:0e:1b:1e:4e:ec:9b:26:cd:64:90:7c:
                    09:3f:a2:f1:37:a9:51:a0:ab:94:65:3b:e2:2d:16:
                    74:5c:47:33:f8:c4:7f:0e:2f:ab:31:30:43:2d:de:
                    cb:06:cc:e1:1e:56:0f:ce:70:d3:ca:73:ff:7f:f9:
                    32:a9:10:a3:07:38:a0:d1:2c:64:13:df:ec:d6:1a:
                    76:1b:6c:3c:14:75:6c:83:6c:95:e4:ae:f2:d1:94:
                    cc:5b:e9:0e:53:e6:19:6c:fb:ca:8b:5d:e4:e7:4f:
                    73:03:e4:51:27:73:84:08:2d:b0:b4:89:0a:58:e4:
                    09:51:26:16:8d:50:4c:ac:77:4d:c3:ba:9c:b0:c4:
                    3b:fd:83:f1:12:36:1d:8f:fe:40:18:ec:6f:51:58:
                    e8:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:F9:60:E6:F9:7F:06:21:98:64:B7:05:83:04:A2:36:FE:6B:07:6F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af71deda-bc43-4d3b-ac30-314953a27a4b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.150.104.0/21

    Signature Algorithm: sha256WithRSAEncryption
         70:fe:94:ca:99:5d:2d:15:26:68:09:a6:da:a5:fb:6a:2e:68:
         62:be:18:bd:12:e8:58:29:03:9a:46:09:a7:a2:09:d5:e8:6d:
         46:36:7e:58:70:96:9b:84:ae:65:84:5e:7f:0a:c8:e4:9f:7f:
         39:d0:9a:6c:50:56:a5:f1:1a:a3:ab:fd:83:28:83:0f:82:0b:
         3a:e0:1d:52:dd:c8:5b:d3:5a:d3:d1:56:e1:67:09:de:40:c5:
         a1:4d:99:fc:d7:ab:65:6f:96:27:b9:e3:5e:e6:b9:9e:35:35:
         0b:91:05:30:29:08:11:b1:dc:bd:bb:1e:12:d1:23:f5:1a:3c:
         8f:e7:d7:da:1d:26:67:a1:b2:90:ce:98:07:0f:38:98:dd:64:
         07:ac:61:c3:bf:13:2e:54:f9:76:3e:2c:1f:fd:af:84:0f:e9:
         d5:cc:12:24:80:45:05:0f:a0:f3:31:e4:eb:59:54:5b:ae:93:
         d1:01:32:e4:46:90:47:3d:16:6c:c7:89:47:c9:1c:50:9b:17:
         42:aa:22:e6:45:90:df:ba:2b:47:7b:f9:6b:52:ca:0d:2b:29:
         1c:07:00:d6:47:48:93:49:12:e1:f5:7f:b6:df:4d:d2:27:01:
         02:d8:6d:14:7f:bb:89:a2:c9:5c:5d:a8:8e:f8:d5:1e:67:de:
         23:77:23:d1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEN/FI6vj3kB/W0XtGWMbolOUxPswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDAyMDA5WhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZGI1ZGVkYTE0ZmNmNDBkMWQ0OGQxMjk5OTIyYzQ3YmQ0
ZjVlY2QyMmIxNjljMTY0ZTdmN2Y3N2Q1N2NlMTRkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrZPCxYMkA+Z6Fusmoa8W13vsm1BFUNZwAgDqiAv/Q4SQ2
QW7/IC0yqeix958zXddGNSng7JAuiry9DDBHhc3vNEoVLRtLrWEnvIhDg2lnXjLQ
AVQiRL5nerOGDZtg5qsB7H0qLXsROcpbaOgOGx5O7JsmzWSQfAk/ovE3qVGgq5Rl
O+ItFnRcRzP4xH8OL6sxMEMt3ssGzOEeVg/OcNPKc/9/+TKpEKMHOKDRLGQT3+zW
GnYbbDwUdWyDbJXkrvLRlMxb6Q5T5hls+8qLXeTnT3MD5FEnc4QILbC0iQpY5AlR
JhaNUEysd03DupywxDv9g/ESNh2P/kAY7G9RWOiVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUyPlg5vl/BiGYZLcFgwSiNv5rB28wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FmNzFkZWRhLWJjNDMtNGQzYi1hYzMwLTMxNDk1M2EyN2E0Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjlmgwDQYJKoZIhvcNAQELBQADggEBAHD+lMqZXS0VJmgJptql+2ouaGK+
GL0S6FgpA5pGCaeiCdXobUY2flhwlpuErmWEXn8KyOSffznQmmxQVqXxGqOr/YMo
gw+CCzrgHVLdyFvTWtPRVuFnCd5AxaFNmfzXq2Vvlie5417muZ41NQuRBTApCBGx
3L27HhLRI/UaPI/n19odJmehspDOmAcPOJjdZAesYcO/Ey5U+XY+LB/9r4QP6dXM
EiSARQUPoPMx5OtZVFuuk9EBMuRGkEc9FmzHiUfJHFCbF0KqIuZFkN+6K0d7+WtS
yg0rKRwHANZHSJNJEuH1f7bfTdInAQLYbRR/u4miyVxdqI741R5n3iN3I9E=
-----END CERTIFICATE-----