Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5d0d6a5a-16aa-4b09-a02b-98190290d009.roa
File:                     5d0d6a5a-16aa-4b09-a02b-98190290d009.roa (raw, json)
Hash identifier:          jSFS3pI4B/ZPxJmiEgi96MFsgPdzWhGYWgERmxgrxtI=
Subject key identifier:   8B:1B:12:58:9B:84:66:22:07:8C:BC:F2:63:90:93:CB:82:0E:CC:8F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       215E8580E41B31303AB328187A3EF3EF556C1D97
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5d0d6a5a-16aa-4b09-a02b-98190290d009.roa
Signing time:             Tue 11 Nov 2025 01:00:45 +0000
ROA not before:           Tue 11 Nov 2025 01:00:45 +0000
ROA not after:            Tue 16 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        107.22.152.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:5e:85:80:e4:1b:31:30:3a:b3:28:18:7a:3e:f3:ef:55:6c:1d:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 11 01:00:45 2025 GMT
            Not After : Dec 16 23:59:59 2025 GMT
        Subject: serialNumber=06c88b01a8b162d9ae25572ab1463b6dd3a379baf1415f871178a25e7741f797, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:09:83:dc:f1:cd:d1:2d:87:12:b9:58:9b:7e:
                    fc:37:45:e8:4c:30:84:00:e6:e8:74:e5:0d:a5:d3:
                    e9:c1:bf:99:19:68:37:68:ed:ca:bb:dd:a4:9e:e8:
                    06:e2:9e:8e:a0:f3:5b:1c:84:10:e7:5f:5e:b9:2a:
                    e1:55:c2:a2:8e:f7:cd:78:52:aa:55:17:62:b4:66:
                    43:e9:3e:d1:8e:7c:a6:73:66:08:72:21:a0:4d:4e:
                    b0:4f:47:07:13:63:a1:42:ab:f1:a5:44:90:6d:d5:
                    f0:80:04:1f:a2:d6:31:7a:af:91:98:cf:e5:ee:15:
                    83:f6:dc:ee:76:c1:31:07:d9:78:43:41:91:91:43:
                    fe:41:d8:ee:e4:81:1c:1f:3d:9e:b0:42:c6:e7:ca:
                    ef:b5:f4:90:ae:a0:fa:a9:06:10:30:09:ae:73:29:
                    13:a3:f6:f0:e0:86:48:56:92:5c:1c:44:3a:95:40:
                    e4:7a:40:90:0a:8a:d0:58:8e:2b:5b:9f:18:ab:7c:
                    f3:09:e7:c7:44:5c:5e:8d:d1:a8:a3:d0:22:ee:c9:
                    01:ed:27:43:96:f7:ce:b8:c9:8c:c7:1d:a0:06:75:
                    55:2a:c4:05:da:e0:72:11:6f:21:23:19:03:d3:2c:
                    b4:1f:31:7b:d6:5c:4d:50:41:b9:86:5f:3c:61:94:
                    22:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:1B:12:58:9B:84:66:22:07:8C:BC:F2:63:90:93:CB:82:0E:CC:8F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5d0d6a5a-16aa-4b09-a02b-98190290d009.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.22.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         68:0c:03:94:86:e2:08:85:99:33:e1:d3:85:73:41:99:31:24:
         5b:58:44:0a:90:90:88:3d:6e:f3:76:45:24:6e:52:2b:ed:06:
         96:c1:86:e6:b3:4c:04:78:01:c5:21:10:54:79:d0:1a:ae:be:
         81:64:85:75:47:04:45:97:75:02:d7:1e:90:d7:9d:e3:f1:11:
         47:d0:da:7a:1a:2f:fa:e5:17:9e:55:16:15:e6:ad:73:78:67:
         3b:52:fb:94:6f:dc:6d:b1:c9:9d:29:6e:17:a9:89:0b:c1:b1:
         ee:e5:89:0e:fe:cd:cb:5f:fe:ba:ed:85:44:b2:2a:a6:5d:f4:
         95:73:63:31:28:f5:d3:d9:a8:f2:51:48:1c:18:a7:ae:1b:ff:
         15:00:ff:bb:05:49:62:c9:a4:f2:74:b4:80:41:aa:1b:44:6d:
         0b:ca:1d:c9:88:10:e0:f6:93:9d:2e:7d:25:0f:b7:9e:a3:25:
         c9:04:54:18:48:5b:08:32:02:70:69:c2:28:1a:33:12:7f:8d:
         f7:60:b6:ba:d7:18:2c:69:74:cd:82:17:71:4a:1c:6c:83:56:
         d9:5f:dd:92:1a:76:35:a2:f9:ca:13:b4:91:31:c8:37:ce:37:
         97:ad:7d:06:0f:48:2e:21:f1:64:35:a8:ed:9f:86:36:0b:f7:
         4a:0f:27:d3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIV6FgOQbMTA6sygYej7z71VsHZcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTExMDEwMDQ1WhcNMjUxMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNmM4OGIwMWE4YjE2MmQ5YWUyNTU3MmFiMTQ2M2I2ZGQz
YTM3OWJhZjE0MTVmODcxMTc4YTI1ZTc3NDFmNzk3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCVCYPc8c3RLYcSuVibfvw3RehMMIQA5uh05Q2l0+nBv5kZ
aDdo7cq73aSe6Abino6g81schBDnX165KuFVwqKO9814UqpVF2K0ZkPpPtGOfKZz
ZghyIaBNTrBPRwcTY6FCq/GlRJBt1fCABB+i1jF6r5GYz+XuFYP23O52wTEH2XhD
QZGRQ/5B2O7kgRwfPZ6wQsbnyu+19JCuoPqpBhAwCa5zKROj9vDghkhWklwcRDqV
QOR6QJAKitBYjitbnxirfPMJ58dEXF6N0aij0CLuyQHtJ0OW9864yYzHHaAGdVUq
xAXa4HIRbyEjGQPTLLQfMXvWXE1QQbmGXzxhlCKXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUixsSWJuEZiIHjLzyY5CTy4IOzI8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVkMGQ2YTVhLTE2YWEtNGIwOS1hMDJiLTk4MTkwMjkwZDAwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJrFpgwDQYJKoZIhvcNAQELBQADggEBAGgMA5SG4giFmTPh04VzQZkxJFtY
RAqQkIg9bvN2RSRuUivtBpbBhuazTAR4AcUhEFR50BquvoFkhXVHBEWXdQLXHpDX
nePxEUfQ2noaL/rlF55VFhXmrXN4ZztS+5Rv3G2xyZ0pbhepiQvBse7liQ7+zctf
/rrthUSyKqZd9JVzYzEo9dPZqPJRSBwYp64b/xUA/7sFSWLJpPJ0tIBBqhtEbQvK
HcmIEOD2k50ufSUPt56jJckEVBhIWwgyAnBpwigaMxJ/jfdgtrrXGCxpdM2CF3FK
HGyDVtlf3ZIadjWi+coTtJExyDfON5etfQYPSC4h8WQ1qO2fhjYL90oPJ9M=
-----END CERTIFICATE-----