Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0ccf5ad8-45ea-43ca-9216-ce4cd3c72061.roa
File:                     0ccf5ad8-45ea-43ca-9216-ce4cd3c72061.roa (raw, json)
Hash identifier:          AARov/vHye3O5693ZKd+fOmN12Vv6HPxaveK//r8dsg=
Subject key identifier:   6C:7F:79:03:E1:9A:6C:3F:A0:F0:AD:A2:7D:9C:1E:62:3A:2D:43:28
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4CFD577E903E3A686F82D8A6F1B2B7D789E153BB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0ccf5ad8-45ea-43ca-9216-ce4cd3c72061.roa
Signing time:             Mon 20 Oct 2025 01:32:26 +0000
ROA not before:           Mon 20 Oct 2025 01:32:26 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.156.0.0/18 maxlen: 18
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:fd:57:7e:90:3e:3a:68:6f:82:d8:a6:f1:b2:b7:d7:89:e1:53:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 01:32:26 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=95acad65de1e0b8881d0f89a97cd7ace862b07c8f7c7d8d34de88420f6f02251, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ee:4d:dd:00:37:69:f4:13:82:8f:22:4e:03:
                    45:c6:ee:d7:28:02:37:ff:6a:fd:1a:cb:57:9d:7b:
                    90:2a:9c:88:93:2c:3e:78:3f:8e:c3:cb:97:38:89:
                    4e:9e:0a:e9:90:b5:cb:8b:9f:b3:8d:7a:09:cf:95:
                    f4:d5:4d:07:62:15:f8:e4:31:4c:77:b6:82:7e:65:
                    b4:5c:ac:b9:c6:45:cf:a5:d5:65:b2:06:1e:a8:e8:
                    f8:bb:d3:8b:41:59:1a:47:0f:55:a3:bf:78:3b:7a:
                    d4:b5:cd:62:d1:95:99:46:d9:ba:4d:5e:12:e8:ba:
                    10:f1:e4:f6:76:4c:12:b9:05:57:21:33:0f:a5:dc:
                    77:dd:4b:3e:86:e5:54:5b:f9:7e:95:94:6c:97:53:
                    8a:5a:89:5f:ae:90:9a:8b:6e:92:ad:0b:f4:98:27:
                    d1:ad:f9:00:41:9c:0d:26:a3:e0:d7:86:3a:3e:cb:
                    5c:24:53:8b:c0:0d:1c:dd:9c:3f:ee:ff:df:ac:fe:
                    54:f9:23:25:c7:a5:11:53:87:19:82:f6:b2:53:2b:
                    77:9e:73:4b:e9:fe:b7:19:a2:90:99:1f:f3:6d:61:
                    c2:e1:45:be:90:42:13:f9:a4:a4:ca:21:49:9d:32:
                    90:ab:3a:f1:62:98:2f:51:4b:ac:68:48:7e:ae:a5:
                    a8:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:7F:79:03:E1:9A:6C:3F:A0:F0:AD:A2:7D:9C:1E:62:3A:2D:43:28
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0ccf5ad8-45ea-43ca-9216-ce4cd3c72061.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.156.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         78:ae:a2:87:a7:ae:5b:f5:6a:3b:ba:9f:15:f5:43:78:61:44:
         1c:af:4f:c0:bf:7e:23:39:2a:d1:95:8f:3f:b3:ec:5a:ba:fd:
         52:c8:ac:7a:2e:d6:87:ac:fa:c7:79:ee:87:6e:1b:1f:98:a8:
         3f:cb:dd:91:e0:34:6c:17:aa:2c:ac:08:a9:05:2b:89:17:b9:
         1d:04:6b:68:31:a9:db:26:e7:66:b3:6b:c2:08:d1:06:a7:0c:
         b5:3e:1a:ab:28:26:bf:ed:cd:eb:bd:f8:b9:32:82:78:14:b5:
         4f:f7:52:ca:1e:6d:9b:2f:06:08:c8:f2:08:fc:82:0a:46:63:
         fa:8f:e0:55:95:86:4a:08:32:4b:32:dc:87:3a:cc:30:81:af:
         de:6e:f5:ba:a2:78:7a:4d:18:14:b9:e9:79:83:d1:9f:eb:4e:
         1a:3b:3c:47:85:d6:83:2e:9c:c7:f1:69:18:7d:6b:84:53:d4:
         3d:93:f7:50:d6:39:2f:7a:d9:19:74:30:61:97:fb:f6:2c:a2:
         d8:f1:57:d6:f3:bd:32:2d:06:46:e4:aa:a3:9d:cd:67:da:7d:
         82:c0:10:e9:b0:42:9a:a0:8f:85:77:a8:50:0b:cd:b5:a5:86:
         18:7b:7c:d7:c8:d0:31:7c:25:38:f5:ca:db:b6:97:24:6f:6c:
         f0:88:3a:b2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTP1XfpA+Omhvgtim8bK314nhU7swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDEzMjI2WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NWFjYWQ2NWRlMWUwYjg4ODFkMGY4OWE5N2NkN2FjZTg2
MmIwN2M4ZjdjN2Q4ZDM0ZGU4ODQyMGY2ZjAyMjUxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCj7k3dADdp9BOCjyJOA0XG7tcoAjf/av0ay1ede5AqnIiT
LD54P47Dy5c4iU6eCumQtcuLn7ONegnPlfTVTQdiFfjkMUx3toJ+ZbRcrLnGRc+l
1WWyBh6o6Pi704tBWRpHD1Wjv3g7etS1zWLRlZlG2bpNXhLouhDx5PZ2TBK5BVch
Mw+l3HfdSz6G5VRb+X6VlGyXU4paiV+ukJqLbpKtC/SYJ9Gt+QBBnA0mo+DXhjo+
y1wkU4vADRzdnD/u/9+s/lT5IyXHpRFThxmC9rJTK3eec0vp/rcZopCZH/NtYcLh
Rb6QQhP5pKTKIUmdMpCrOvFimC9RS6xoSH6upaivAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbH95A+GabD+g8K2ifZweYjotQygwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBjY2Y1YWQ4LTQ1ZWEtNDNjYS05MjE2LWNlNGNkM2M3MjA2MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZsnAAwDQYJKoZIhvcNAQELBQADggEBAHiuooenrlv1aju6nxX1Q3hhRByv
T8C/fiM5KtGVjz+z7Fq6/VLIrHou1oes+sd57oduGx+YqD/L3ZHgNGwXqiysCKkF
K4kXuR0Ea2gxqdsm52aza8II0QanDLU+GqsoJr/tzeu9+LkygngUtU/3UsoebZsv
BgjI8gj8ggpGY/qP4FWVhkoIMksy3Ic6zDCBr95u9bqieHpNGBS56XmD0Z/rTho7
PEeF1oMunMfxaRh9a4RT1D2T91DWOS962Rl0MGGX+/YsotjxV9bzvTItBkbkqqOd
zWfafYLAEOmwQpqgj4V3qFALzbWlhhh7fNfI0DF8JTj1ytu2lyRvbPCIOrI=
-----END CERTIFICATE-----