Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ebe39619-319e-458b-b84a-3d8a21095a66.roa
File:                     ebe39619-319e-458b-b84a-3d8a21095a66.roa (raw, json)
Hash identifier:          jy02gpLrrqQWbjr2nQV14Rnx9eL85SPc1HVuF9g+gow=
Subject key identifier:   FE:44:CA:05:E9:F6:2A:C3:F7:3E:5A:23:5B:9D:2C:BA:16:54:85:CD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       33F33FBAE20053B1F498CE9CAD954C0C2DEED1F8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ebe39619-319e-458b-b84a-3d8a21095a66.roa
Signing time:             Sun 26 Oct 2025 00:21:52 +0000
ROA not before:           Sun 26 Oct 2025 00:21:52 +0000
ROA not after:            Sun 30 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.143.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:f3:3f:ba:e2:00:53:b1:f4:98:ce:9c:ad:95:4c:0c:2d:ee:d1:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 26 00:21:52 2025 GMT
            Not After : Nov 30 23:59:59 2025 GMT
        Subject: serialNumber=3f8008c2bdc52c7997d09b44c971c3483547d12a64b2c527b8bd0a36d1b69a6a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:b2:a9:5b:70:5d:eb:57:8c:20:63:29:d3:6d:
                    fb:ac:bf:92:1c:a4:5a:c5:ae:06:90:71:16:ee:d6:
                    72:c2:1f:e7:3a:dd:05:e8:23:bb:67:41:a4:12:b9:
                    cd:08:30:dd:3b:34:f9:ee:be:d9:ff:13:9b:01:a4:
                    f4:cd:9c:4f:23:fe:5c:13:dd:60:47:e2:3d:53:7e:
                    b4:85:cd:07:f1:3a:ce:1f:21:97:32:c6:24:84:5c:
                    38:ee:2c:2d:66:c2:6c:81:e5:39:7e:71:e1:1d:ba:
                    af:93:c5:09:a9:27:6a:af:bc:44:b7:9a:c0:5c:d5:
                    cc:66:c4:c7:4d:d6:df:ae:f5:31:fc:00:fc:8d:0b:
                    ac:0e:8f:c6:9b:cc:18:10:ae:45:51:93:97:74:68:
                    82:f3:8d:fa:52:45:2a:96:f8:87:1e:8c:5d:48:3c:
                    8f:36:92:61:9e:fa:40:02:0e:98:7f:5d:9e:b5:fe:
                    c2:f5:54:6b:28:56:4e:f4:b1:51:ca:51:9e:a7:44:
                    e6:a3:78:07:54:24:8f:ca:2f:09:a4:c0:ae:03:75:
                    17:7f:06:9c:db:70:7c:b2:85:15:f1:3e:91:a1:fe:
                    d4:0c:e0:99:2b:5c:dc:19:99:fd:62:76:8b:3e:0b:
                    42:e2:a6:21:c6:42:c1:b0:87:77:8e:da:45:f2:f5:
                    b8:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:44:CA:05:E9:F6:2A:C3:F7:3E:5A:23:5B:9D:2C:BA:16:54:85:CD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ebe39619-319e-458b-b84a-3d8a21095a66.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:e2:c7:a3:aa:fe:d2:4d:97:ed:53:0c:11:17:d8:01:b7:d8:
         14:9c:9b:41:e5:23:a8:23:68:48:29:95:19:d3:66:00:ca:f6:
         25:50:0a:da:3f:5e:81:35:fc:78:dc:60:58:ba:88:93:be:ba:
         40:48:ef:ae:77:c4:2b:77:6b:5f:6a:af:d5:3a:36:f7:f4:d5:
         24:89:c1:9b:62:48:58:1b:e6:da:4f:b6:1a:ae:46:e9:b0:ee:
         d3:59:b8:c4:40:2b:60:bf:8b:68:a4:b0:b3:59:19:37:69:7f:
         8f:6c:eb:4d:9f:fd:99:fd:7f:d0:8d:cb:95:ff:5a:1b:71:51:
         a4:c8:5e:80:b7:41:c0:1c:42:63:f7:2c:5a:e7:94:27:ec:c2:
         12:d0:52:80:98:f1:44:e3:06:44:8b:bc:3d:46:50:ba:02:77:
         f3:b3:13:78:3b:6f:0d:9d:34:67:b1:d9:68:12:6a:9d:ff:cf:
         eb:ce:c1:18:69:df:42:28:6e:67:12:48:d8:3e:8d:67:74:aa:
         3b:f4:90:89:e6:43:60:00:22:06:04:3e:66:99:5f:36:cd:a4:
         13:e9:03:80:2a:a8:64:8c:7b:3b:86:16:4c:51:62:1c:5e:76:
         49:3b:93:6e:30:b1:e5:57:ea:0b:ca:e1:dd:86:03:50:01:42:
         32:73:44:d6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUM/M/uuIAU7H0mM6crZVMDC3u0fgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDI2MDAyMTUyWhcNMjUxMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzZjgwMDhjMmJkYzUyYzc5OTdkMDliNDRjOTcxYzM0ODM1
NDdkMTJhNjRiMmM1MjdiOGJkMGEzNmQxYjY5YTZhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDfsqlbcF3rV4wgYynTbfusv5IcpFrFrgaQcRbu1nLCH+c6
3QXoI7tnQaQSuc0IMN07NPnuvtn/E5sBpPTNnE8j/lwT3WBH4j1TfrSFzQfxOs4f
IZcyxiSEXDjuLC1mwmyB5Tl+ceEduq+TxQmpJ2qvvES3msBc1cxmxMdN1t+u9TH8
APyNC6wOj8abzBgQrkVRk5d0aILzjfpSRSqW+IcejF1IPI82kmGe+kACDph/XZ61
/sL1VGsoVk70sVHKUZ6nROajeAdUJI/KLwmkwK4DdRd/BpzbcHyyhRXxPpGh/tQM
4JkrXNwZmf1idos+C0LipiHGQsGwh3eO2kXy9bihAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/kTKBen2KsP3PlojW50suhZUhc0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ViZTM5NjE5LTMxOWUtNDU4Yi1iODRhLTNkOGEyMTA5NWE2Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTY8wDQYJKoZIhvcNAQELBQADggEBAAHix6Oq/tJNl+1TDBEX2AG32BSc
m0HlI6gjaEgplRnTZgDK9iVQCto/XoE1/HjcYFi6iJO+ukBI7653xCt3a19qr9U6
Nvf01SSJwZtiSFgb5tpPthquRumw7tNZuMRAK2C/i2iksLNZGTdpf49s602f/Zn9
f9CNy5X/WhtxUaTIXoC3QcAcQmP3LFrnlCfswhLQUoCY8UTjBkSLvD1GULoCd/Oz
E3g7bw2dNGex2WgSap3/z+vOwRhp30IobmcSSNg+jWd0qjv0kInmQ2AAIgYEPmaZ
XzbNpBPpA4AqqGSMezuGFkxRYhxedkk7k24wseVX6gvK4d2GA1ABQjJzRNY=
-----END CERTIFICATE-----