Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cafba1e8-cd39-40c6-9b3a-6e52504dfabd.roa
File:                     cafba1e8-cd39-40c6-9b3a-6e52504dfabd.roa (raw, json)
Hash identifier:          lXfrr4I1OTGtDcmp6T/F1DOa4OUjH3wQeRmf3pRUTHE=
Subject key identifier:   25:26:0F:17:D8:B1:82:4B:7E:D1:B1:A6:35:9C:B1:8F:12:16:55:7A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0C881EE5A1539B8D09F64CE4AE67806A2957084E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cafba1e8-cd39-40c6-9b3a-6e52504dfabd.roa
Signing time:             Tue 28 Oct 2025 00:20:14 +0000
ROA not before:           Tue 28 Oct 2025 00:20:14 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.87.0.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:88:1e:e5:a1:53:9b:8d:09:f6:4c:e4:ae:67:80:6a:29:57:08:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 28 00:20:14 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=12c60727bc0ec6a6cbda73db12570879384eac1029fc540b30de38623b41070b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:43:7e:36:5c:b0:25:7d:0c:22:fb:71:37:56:
                    5b:65:d3:b6:09:8b:d5:7d:17:cd:71:2b:bc:d9:78:
                    6d:df:19:63:c2:14:c2:d1:af:40:53:e6:0b:c7:13:
                    86:4d:9b:cb:d8:71:4c:2c:f2:a8:f0:2a:56:57:fb:
                    ef:16:99:de:46:d4:96:a0:2e:33:a9:89:56:c0:d5:
                    7e:27:c2:1d:0d:14:b4:8f:05:33:1a:7e:86:41:40:
                    08:2f:76:19:13:b5:35:03:62:da:77:ed:35:9a:97:
                    1b:2d:dd:3e:b6:c1:6c:f2:06:93:a9:46:b8:18:69:
                    6d:02:68:d8:bf:e7:1f:41:f5:87:cf:c2:8a:9e:f7:
                    bc:f7:53:ff:d8:5e:c5:6f:b9:ec:a6:cf:35:22:2e:
                    47:7c:2f:e5:4f:78:1c:56:de:d4:91:f2:ce:20:e1:
                    b1:93:e6:52:fe:6b:e5:99:8f:4a:ee:95:f4:aa:27:
                    01:63:e1:3e:ef:48:f6:43:39:be:4f:ca:b7:2d:e7:
                    aa:fa:b5:d9:7d:96:ba:3d:b7:3b:4e:56:9c:92:18:
                    f9:2a:c4:12:22:56:92:f3:db:97:66:48:a0:9b:cc:
                    c4:fd:bb:74:34:df:7b:3c:83:e7:78:cc:74:d3:72:
                    8a:58:9a:80:f8:c2:28:95:38:aa:48:ac:cf:19:26:
                    18:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:26:0F:17:D8:B1:82:4B:7E:D1:B1:A6:35:9C:B1:8F:12:16:55:7A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cafba1e8-cd39-40c6-9b3a-6e52504dfabd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.87.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         bf:87:6a:0b:8b:e9:0d:17:98:37:35:08:3c:12:a3:cf:59:4a:
         72:57:4c:07:71:a2:e5:e9:48:51:66:2b:d7:1a:df:04:0a:37:
         87:da:ce:8d:19:4b:2e:2c:2c:49:af:6f:44:fa:b7:d2:e3:41:
         66:61:61:68:6c:8f:17:0f:0a:3b:34:f3:e5:6a:ea:11:dc:6d:
         cc:b3:9a:8b:1e:4c:9e:7c:58:31:9f:26:40:51:ab:c2:8b:be:
         76:4a:91:d0:ca:09:a6:d0:c8:2f:2e:64:94:d4:4a:8d:04:41:
         30:c9:47:7d:d0:97:e4:77:b8:e7:fc:64:4b:f3:02:92:ca:69:
         ad:2f:cc:3e:0b:8f:68:30:46:15:8a:c3:39:e6:97:c1:b2:12:
         10:2d:65:81:e5:13:17:c9:77:e3:c7:42:2b:4d:84:25:14:59:
         5f:42:d2:ce:d0:b9:f4:7f:4e:b3:24:a3:2f:95:f2:a6:05:85:
         17:ce:27:5c:17:2c:91:26:db:5e:02:0b:43:19:b6:7d:b3:0b:
         1a:9c:15:a6:7d:32:aa:06:e2:12:50:bf:3e:cd:0d:21:d7:d0:
         b9:52:ce:02:53:e6:73:56:37:ae:51:c1:cb:d8:13:07:2d:8b:
         37:d5:4d:e7:2c:1d:a3:b5:de:02:9b:64:85:9e:de:17:a4:87:
         94:6e:9a:70
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDIge5aFTm40J9kzkrmeAailXCE4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI4MDAyMDE0WhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMmM2MDcyN2JjMGVjNmE2Y2JkYTczZGIxMjU3MDg3OTM4
NGVhYzEwMjlmYzU0MGIzMGRlMzg2MjNiNDEwNzBiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGQ342XLAlfQwi+3E3Vltl07YJi9V9F81xK7zZeG3fGWPC
FMLRr0BT5gvHE4ZNm8vYcUws8qjwKlZX++8Wmd5G1JagLjOpiVbA1X4nwh0NFLSP
BTMafoZBQAgvdhkTtTUDYtp37TWalxst3T62wWzyBpOpRrgYaW0CaNi/5x9B9YfP
woqe97z3U//YXsVvueymzzUiLkd8L+VPeBxW3tSR8s4g4bGT5lL+a+WZj0rulfSq
JwFj4T7vSPZDOb5Pyrct56r6tdl9lro9tztOVpySGPkqxBIiVpLz25dmSKCbzMT9
u3Q033s8g+d4zHTTcopYmoD4wiiVOKpIrM8ZJhgJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJSYPF9ixgkt+0bGmNZyxjxIWVXowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NhZmJhMWU4LWNkMzktNDBjNi05YjNhLTZlNTI1MDRkZmFiZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdjVwAwDQYJKoZIhvcNAQELBQADggEBAL+HaguL6Q0XmDc1CDwSo89ZSnJX
TAdxouXpSFFmK9ca3wQKN4fazo0ZSy4sLEmvb0T6t9LjQWZhYWhsjxcPCjs08+Vq
6hHcbcyzmoseTJ58WDGfJkBRq8KLvnZKkdDKCabQyC8uZJTUSo0EQTDJR33Ql+R3
uOf8ZEvzApLKaa0vzD4Lj2gwRhWKwznml8GyEhAtZYHlExfJd+PHQitNhCUUWV9C
0s7QufR/TrMkoy+V8qYFhRfOJ1wXLJEm214CC0MZtn2zCxqcFaZ9MqoG4hJQvz7N
DSHX0LlSzgJT5nNWN65RwcvYEwctizfVTecsHaO13gKbZIWe3hekh5RumnA=
-----END CERTIFICATE-----