Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f7163317-d375-4621-b59e-ffde018eed9d.roa
File:                     f7163317-d375-4621-b59e-ffde018eed9d.roa (raw, json)
Hash identifier:          I56558mv7SAv5+rYv9SfJPaeuxZMPczp4xqCbFAJF1U=
Subject key identifier:   A6:4C:24:B8:71:56:49:6E:18:8A:18:2C:CA:0B:EA:C0:1F:6D:DE:3A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       52984305EE507005CD401626503DD13F9008207E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f7163317-d375-4621-b59e-ffde018eed9d.roa
Signing time:             Sun 02 Nov 2025 00:31:20 +0000
ROA not before:           Sun 02 Nov 2025 00:31:20 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.120.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:98:43:05:ee:50:70:05:cd:40:16:26:50:3d:d1:3f:90:08:20:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:31:20 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=896dfa4c8131daeb28393a84bbff5ddc3ce68e41451b7ff567fcd4dc743da41b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:eb:67:ac:88:ef:66:e5:46:35:4a:b9:e6:c7:
                    6c:cb:3f:21:ad:fb:b5:15:45:f8:bc:ec:e5:c4:83:
                    f9:71:b0:c7:32:96:2f:78:de:47:4d:b7:ce:fb:cb:
                    e8:89:6f:35:b9:77:b8:35:7b:1b:5e:9c:6c:2f:4f:
                    be:82:d3:40:46:02:43:97:16:f1:fc:5b:fd:7f:bf:
                    59:36:b3:2b:df:4c:d3:dd:a2:20:01:a4:65:7d:f0:
                    c6:1c:e0:01:a1:b4:e8:9b:ba:df:cb:b7:36:08:cd:
                    26:29:c2:62:29:f8:4a:a5:b4:04:44:a1:a3:d3:e7:
                    0a:94:43:d9:b0:06:00:f5:b0:d4:be:b5:2b:96:d3:
                    e5:b3:56:78:03:29:95:4e:cc:af:c3:d4:99:17:46:
                    12:98:c3:c8:ce:90:40:f3:73:43:6c:d0:81:52:53:
                    90:d5:2a:9d:9f:5a:3b:7f:af:67:eb:50:66:2b:a7:
                    cb:73:c1:f3:35:13:d2:ef:24:17:25:69:98:73:73:
                    05:ed:45:27:a8:45:10:c7:83:28:ed:a6:f1:1c:14:
                    4e:f8:b1:72:51:20:cb:12:68:fa:5d:6e:5b:c6:4d:
                    10:d4:71:58:1c:87:c4:9c:3c:09:70:d6:72:f1:46:
                    92:50:e3:9a:e1:8e:f8:5e:60:09:11:a5:e1:3a:ee:
                    98:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:4C:24:B8:71:56:49:6E:18:8A:18:2C:CA:0B:EA:C0:1F:6D:DE:3A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f7163317-d375-4621-b59e-ffde018eed9d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         12:4d:e8:04:b0:1f:cd:fd:eb:f2:e8:e4:cd:9b:ac:fc:be:fd:
         d5:58:33:78:ad:06:eb:80:bb:08:83:a1:2b:e4:89:13:4c:28:
         fb:15:6b:91:3b:9e:8c:b3:32:25:dc:b9:76:eb:b1:1e:02:18:
         89:bc:c0:fa:24:61:03:dc:d5:f5:dc:77:16:89:dd:c0:1f:7e:
         7c:30:bb:38:b7:f2:ba:ba:fc:2a:36:d1:2c:43:95:2a:fa:14:
         ba:65:1f:37:b6:d3:3d:cd:81:ed:eb:2f:6b:73:b3:28:f3:0a:
         f8:98:8a:a0:b8:13:74:cf:b5:fa:5d:3a:cb:f0:83:55:1b:fa:
         33:5c:11:d8:5b:29:3f:2e:62:03:83:4a:d6:0b:5f:1b:36:8d:
         8e:61:18:4c:b5:69:50:6d:cd:75:cf:9c:66:bf:ac:94:d5:72:
         63:75:12:1b:5e:30:05:97:8e:59:de:42:3b:6f:56:14:57:19:
         2d:08:7e:96:98:9d:e3:a6:e8:d9:87:90:de:cf:60:2a:d1:00:
         1e:90:42:d3:34:de:1d:c7:61:91:84:55:81:60:15:b2:a4:35:
         6f:4a:1c:8b:57:39:2e:13:a0:a5:ec:f7:4c:5c:b5:5a:a5:94:
         cf:17:29:5e:51:06:9f:fe:8b:1e:10:27:77:d4:0d:13:64:f5:
         68:22:e2:1a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUphDBe5QcAXNQBYmUD3RP5AIIH4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDAzMTIwWhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4OTZkZmE0YzgxMzFkYWViMjgzOTNhODRiYmZmNWRkYzNj
ZTY4ZTQxNDUxYjdmZjU2N2ZjZDRkYzc0M2RhNDFiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCl62esiO9m5UY1Srnmx2zLPyGt+7UVRfi87OXEg/lxsMcy
li943kdNt877y+iJbzW5d7g1extenGwvT76C00BGAkOXFvH8W/1/v1k2syvfTNPd
oiABpGV98MYc4AGhtOibut/LtzYIzSYpwmIp+EqltAREoaPT5wqUQ9mwBgD1sNS+
tSuW0+WzVngDKZVOzK/D1JkXRhKYw8jOkEDzc0Ns0IFSU5DVKp2fWjt/r2frUGYr
p8tzwfM1E9LvJBclaZhzcwXtRSeoRRDHgyjtpvEcFE74sXJRIMsSaPpdblvGTRDU
cVgch8ScPAlw1nLxRpJQ45rhjvheYAkRpeE67pjrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpkwkuHFWSW4YihgsygvqwB9t3jowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y3MTYzMzE3LWQzNzUtNDYyMS1iNTllLWZmZGUwMThlZWQ5ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjl3gwDQYJKoZIhvcNAQELBQADggEBABJN6ASwH8396/Lo5M2brPy+/dVY
M3itBuuAuwiDoSvkiRNMKPsVa5E7noyzMiXcuXbrsR4CGIm8wPokYQPc1fXcdxaJ
3cAffnwwuzi38rq6/Co20SxDlSr6FLplHze20z3Nge3rL2tzsyjzCviYiqC4E3TP
tfpdOsvwg1Ub+jNcEdhbKT8uYgODStYLXxs2jY5hGEy1aVBtzXXPnGa/rJTVcmN1
EhteMAWXjlneQjtvVhRXGS0IfpaYneOm6NmHkN7PYCrRAB6QQtM03h3HYZGEVYFg
FbKkNW9KHItXOS4ToKXs90xctVqllM8XKV5RBp/+ix4QJ3fUDRNk9Wgi4ho=
-----END CERTIFICATE-----