Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0be78ea0-6a1a-4e66-9ad6-81abf6751953.roa
File:                     0be78ea0-6a1a-4e66-9ad6-81abf6751953.roa (raw, json)
Hash identifier:          Zocl12t8lsuG2DEKcSrcL/WD7+en7VPIn97e+/BgEIA=
Subject key identifier:   D4:9D:43:0A:A2:FB:DD:91:03:F1:79:7B:E5:57:88:50:BF:61:9E:10
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4E05C96465BE39296411162610CF22967741759E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0be78ea0-6a1a-4e66-9ad6-81abf6751953.roa
Signing time:             Mon 20 Oct 2025 00:00:59 +0000
ROA not before:           Mon 20 Oct 2025 00:00:59 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.159.24.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:05:c9:64:65:be:39:29:64:11:16:26:10:cf:22:96:77:41:75:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 00:00:59 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=91e12e87d86a7efd07abc30f468810c8a325171bb0743adcb7f1708daa727c86, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:e8:32:3a:fc:7a:4d:67:3d:36:e6:96:4a:5d:
                    c8:56:09:a7:18:99:8c:26:24:ce:6d:d2:b5:73:2d:
                    e4:75:91:33:cf:29:d1:e7:ee:3b:81:dd:4f:2d:51:
                    92:89:06:57:05:4e:d0:15:45:01:9d:ef:2a:5a:62:
                    21:69:e4:96:0a:e1:74:fb:2f:57:ed:40:2c:38:0f:
                    9d:69:17:c3:c6:8c:e5:fc:6c:29:9f:ec:ae:a3:68:
                    dc:0d:e8:88:d8:58:ed:89:ea:6d:04:a4:60:5c:19:
                    cc:aa:20:79:15:fe:21:96:96:43:e2:27:b6:f8:ae:
                    ca:ae:ca:91:9e:4e:8f:0b:a9:b8:d3:8b:10:14:c2:
                    49:68:0e:fa:b8:d1:e2:d0:18:77:8b:cd:c7:29:fb:
                    0f:5c:c8:45:61:76:cc:fe:88:a4:75:09:32:a1:df:
                    17:70:0b:6c:cc:7c:bf:b2:ce:03:3a:40:fb:25:46:
                    65:d5:66:7f:bd:3a:f3:a6:3d:d8:3c:6e:7c:00:5c:
                    24:a7:bc:7e:3f:c5:f9:a2:3c:11:3b:0a:84:6f:5d:
                    69:f5:e4:dd:2a:2a:7d:09:e7:36:7b:0c:29:fe:b5:
                    72:a2:fd:f9:a3:f9:d8:d8:4d:6c:87:ce:ae:98:b8:
                    d3:54:f8:8b:60:d4:42:61:b4:a2:c9:42:7c:9f:d2:
                    fc:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:9D:43:0A:A2:FB:DD:91:03:F1:79:7B:E5:57:88:50:BF:61:9E:10
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0be78ea0-6a1a-4e66-9ad6-81abf6751953.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.159.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:18:e5:9a:79:63:b0:ba:c0:f4:83:af:35:df:dc:da:14:8c:
         fd:94:b7:2f:60:17:03:87:5f:6e:70:4b:fc:40:5e:27:38:c8:
         f5:60:89:da:a2:0c:05:4d:f6:38:ed:7a:aa:1f:de:65:7d:4b:
         d0:74:ce:97:55:e1:40:ae:2b:40:45:7c:7c:f5:09:61:83:bf:
         23:7e:94:19:8d:c4:fa:32:4c:c4:53:39:27:a1:eb:a8:e8:e6:
         71:f8:5e:a6:ff:b8:22:80:0e:3c:1e:f0:70:7c:c9:32:32:ae:
         bd:e9:66:f9:d8:4e:07:10:7d:17:75:c4:12:b0:a2:85:d4:48:
         11:00:07:7d:c0:62:17:46:37:75:d2:b0:1a:53:5b:21:8d:e5:
         96:3b:4d:6b:83:81:23:6f:9d:cd:8a:b2:7b:c2:90:d3:f4:0a:
         06:03:62:8d:c9:df:30:81:4a:e8:ff:6f:d0:b8:c0:a4:45:d3:
         58:20:f6:2d:ea:9e:7e:c1:2f:55:c3:ff:52:9f:eb:c7:61:77:
         06:70:54:34:5e:16:97:d1:8d:27:c2:a9:60:ca:42:8d:ba:31:
         17:c9:8f:d7:c8:d0:7a:fb:ad:b3:44:2f:c6:fd:b0:fe:90:28:
         0d:5b:ca:68:f8:39:b8:a5:a5:26:ec:95:0c:5e:51:a9:74:b0:
         82:ce:fe:46
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTgXJZGW+OSlkERYmEM8ilndBdZ4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDAwMDU5WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MWUxMmU4N2Q4NmE3ZWZkMDdhYmMzMGY0Njg4MTBjOGEz
MjUxNzFiYjA3NDNhZGNiN2YxNzA4ZGFhNzI3Yzg2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDn6DI6/HpNZz025pZKXchWCacYmYwmJM5t0rVzLeR1kTPP
KdHn7juB3U8tUZKJBlcFTtAVRQGd7ypaYiFp5JYK4XT7L1ftQCw4D51pF8PGjOX8
bCmf7K6jaNwN6IjYWO2J6m0EpGBcGcyqIHkV/iGWlkPiJ7b4rsquypGeTo8LqbjT
ixAUwkloDvq40eLQGHeLzccp+w9cyEVhdsz+iKR1CTKh3xdwC2zMfL+yzgM6QPsl
RmXVZn+9OvOmPdg8bnwAXCSnvH4/xfmiPBE7CoRvXWn15N0qKn0J5zZ7DCn+tXKi
/fmj+djYTWyHzq6YuNNU+Itg1EJhtKLJQnyf0vwBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1J1DCqL73ZED8Xl75VeIUL9hnhAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBiZTc4ZWEwLTZhMWEtNGU2Ni05YWQ2LTgxYWJmNjc1MTk1My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnxgwDQYJKoZIhvcNAQELBQADggEBAHgY5Zp5Y7C6wPSDrzXf3NoUjP2U
ty9gFwOHX25wS/xAXic4yPVgidqiDAVN9jjteqof3mV9S9B0zpdV4UCuK0BFfHz1
CWGDvyN+lBmNxPoyTMRTOSeh66jo5nH4Xqb/uCKADjwe8HB8yTIyrr3pZvnYTgcQ
fRd1xBKwooXUSBEAB33AYhdGN3XSsBpTWyGN5ZY7TWuDgSNvnc2KsnvCkNP0CgYD
Yo3J3zCBSuj/b9C4wKRF01gg9i3qnn7BL1XD/1Kf68dhdwZwVDReFpfRjSfCqWDK
Qo26MRfJj9fI0Hr7rbNEL8b9sP6QKA1bymj4ObilpSbslQxeUal0sILO/kY=
-----END CERTIFICATE-----