Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b6fff12b-04f6-4091-84aa-f568d30f090b.roa
File:                     b6fff12b-04f6-4091-84aa-f568d30f090b.roa (raw, json)
Hash identifier:          7i1FgoxO1+/8xFw5dpXGSXDUsuEVW/O48ZnR4OUdL9k=
Subject key identifier:   63:46:B1:08:11:89:0F:88:32:B2:FD:62:1B:A3:0B:DC:7E:95:24:5E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7DD8A4694844FE97C597C5D619C9EC5109A28E89
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b6fff12b-04f6-4091-84aa-f568d30f090b.roa
Signing time:             Sun 02 Nov 2025 00:41:20 +0000
ROA not before:           Sun 02 Nov 2025 00:41:20 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.150.32.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:d8:a4:69:48:44:fe:97:c5:97:c5:d6:19:c9:ec:51:09:a2:8e:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:41:20 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=c5fb8ac2af6481940b82f4c774e804df3e6c79ba38a6c0a85d5ee50a27d69ef9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:63:84:e8:3c:53:63:ce:ee:c8:68:9a:0f:b8:
                    00:d3:15:b8:79:9d:77:f5:93:2f:9e:53:73:a3:ff:
                    22:a2:cb:a4:69:a2:4a:fa:ed:e2:d9:07:6d:8d:04:
                    4c:1f:4d:6b:85:e8:49:7e:35:0a:37:74:7c:2a:32:
                    20:e6:8b:9b:b2:f5:ba:88:83:22:c7:8a:40:66:1d:
                    41:48:49:d3:96:a9:ad:03:c5:c2:23:81:bb:e9:61:
                    42:01:a9:ca:e9:28:65:31:26:7d:3c:92:82:4c:53:
                    19:8a:d3:37:a8:c2:7f:1e:b1:25:d1:72:d9:d6:db:
                    d3:b9:60:0f:90:a5:db:49:f6:92:29:10:aa:f7:53:
                    58:af:54:4d:ba:7e:a1:0d:34:4a:f6:ce:71:41:a7:
                    56:51:f2:db:7f:9b:56:d2:73:d6:47:cb:75:7a:2a:
                    74:eb:59:72:10:7a:0d:1c:d2:30:4f:3b:e3:74:02:
                    e5:6b:9b:36:e3:34:16:fd:6a:61:f6:9e:88:2b:fa:
                    f0:d1:10:00:5a:55:0d:ec:16:0c:32:74:ea:6e:da:
                    b0:18:e0:54:0a:6e:31:62:d9:5b:74:75:e3:ee:27:
                    d9:90:2e:23:8c:1d:99:2a:2a:0c:f7:0c:d1:94:bd:
                    3f:41:63:b2:37:be:fd:81:0e:42:f3:46:11:c5:1c:
                    16:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:46:B1:08:11:89:0F:88:32:B2:FD:62:1B:A3:0B:DC:7E:95:24:5E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b6fff12b-04f6-4091-84aa-f568d30f090b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.150.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2f:d9:44:77:e9:0c:0b:fd:1a:68:45:95:d6:03:30:e8:e3:fc:
         6f:79:8a:df:f4:8f:95:35:5a:11:05:bc:6a:bf:66:f8:d3:f0:
         c9:65:bc:2b:ed:cb:46:42:1d:04:09:be:e9:7c:99:70:61:e2:
         0a:4d:4b:ff:3d:fb:4d:ae:a8:71:0b:84:cd:0b:b7:52:70:c6:
         fc:f7:9e:76:91:89:58:62:bb:94:a1:de:fa:b8:fc:a1:6f:c9:
         2b:8d:7f:bf:90:33:f2:1e:7c:df:f3:8c:94:11:1e:a4:c1:26:
         91:17:e5:82:40:f4:c9:8e:d1:17:4c:e0:2e:50:85:ea:cf:5e:
         8c:09:cf:85:4d:4f:43:6a:17:6c:32:82:73:4b:e2:c8:29:fa:
         3c:9e:0b:d5:c2:be:00:09:14:73:c7:50:22:71:77:bb:93:1c:
         64:f6:26:82:a8:ab:11:90:16:81:30:ef:ff:aa:e8:3a:7a:84:
         45:f5:b7:c2:f7:fb:61:1b:7f:59:cd:26:0b:36:3e:67:ef:b0:
         db:1f:89:11:db:d6:74:d6:df:a9:03:bb:66:2b:47:be:70:a9:
         dc:ea:26:31:3c:d2:7e:c6:de:98:b5:1b:40:d5:46:54:e4:72:
         88:fd:81:ad:b7:6d:a2:0b:37:23:e3:2d:47:14:a9:b9:90:e3:
         6d:cd:dc:81
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfdikaUhE/pfFl8XWGcnsUQmijokwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDA0MTIwWhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjNWZiOGFjMmFmNjQ4MTk0MGI4MmY0Yzc3NGU4MDRkZjNl
NmM3OWJhMzhhNmMwYTg1ZDVlZTUwYTI3ZDY5ZWY5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCXY4ToPFNjzu7IaJoPuADTFbh5nXf1ky+eU3Oj/yKiy6Rp
okr67eLZB22NBEwfTWuF6El+NQo3dHwqMiDmi5uy9bqIgyLHikBmHUFISdOWqa0D
xcIjgbvpYUIBqcrpKGUxJn08koJMUxmK0zeown8esSXRctnW29O5YA+QpdtJ9pIp
EKr3U1ivVE26fqENNEr2znFBp1ZR8tt/m1bSc9ZHy3V6KnTrWXIQeg0c0jBPO+N0
AuVrmzbjNBb9amH2nogr+vDREABaVQ3sFgwydOpu2rAY4FQKbjFi2Vt0dePuJ9mQ
LiOMHZkqKgz3DNGUvT9BY7I3vv2BDkLzRhHFHBYLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUY0axCBGJD4gysv1iG6ML3H6VJF4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I2ZmZmMTJiLTA0ZjYtNDA5MS04NGFhLWY1NjhkMzBmMDkwYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjliAwDQYJKoZIhvcNAQELBQADggEBAC/ZRHfpDAv9GmhFldYDMOjj/G95
it/0j5U1WhEFvGq/ZvjT8MllvCvty0ZCHQQJvul8mXBh4gpNS/89+02uqHELhM0L
t1Jwxvz3nnaRiVhiu5Sh3vq4/KFvySuNf7+QM/IefN/zjJQRHqTBJpEX5YJA9MmO
0RdM4C5QherPXowJz4VNT0NqF2wygnNL4sgp+jyeC9XCvgAJFHPHUCJxd7uTHGT2
JoKoqxGQFoEw7/+q6Dp6hEX1t8L3+2Ebf1nNJgs2PmfvsNsfiRHb1nTW36kDu2Yr
R75wqdzqJjE80n7G3pi1G0DVRlTkcoj9ga23baILNyPjLUcUqbmQ423N3IE=
-----END CERTIFICATE-----