Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0d60eb4f-51b1-419f-b13d-194121678630.roa
File:                     0d60eb4f-51b1-419f-b13d-194121678630.roa (raw, json)
Hash identifier:          wlHVyQF8Li5igUNEo2mhD92sTJ459A0z8phNmX6n40w=
Subject key identifier:   F1:7A:1A:85:7E:8F:50:58:3E:35:DB:FF:9A:49:C7:0F:70:3C:1C:92
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7490916A6F26D274BC7920A92749EDAC057A21CB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0d60eb4f-51b1-419f-b13d-194121678630.roa
Signing time:             Mon 20 Oct 2025 03:41:04 +0000
ROA not before:           Mon 20 Oct 2025 03:41:04 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.159.16.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:90:91:6a:6f:26:d2:74:bc:79:20:a9:27:49:ed:ac:05:7a:21:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 03:41:04 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=15e12803e7cdf48f96d8bb0d792eb9ed43db477c2f07163d160e3b0d0ce28c8f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:81:b5:32:ad:39:bb:eb:19:83:ae:7d:69:28:
                    7d:ac:08:6c:58:71:cc:9d:73:65:f2:05:15:7e:29:
                    e0:63:4d:eb:cf:c3:8c:3a:2c:29:0d:ed:6c:1f:68:
                    d3:4c:c7:73:33:96:fb:1a:f2:d5:37:f5:f4:e9:15:
                    74:b0:6e:86:6e:92:4b:11:b6:c1:18:2f:6e:6e:e6:
                    89:fb:8b:1c:c4:5a:0d:6b:29:bc:44:af:f0:52:11:
                    2a:86:b7:75:33:09:a4:44:ea:0f:0b:71:db:44:4e:
                    ba:0f:df:95:07:fa:09:80:6b:a6:ea:76:60:d5:4a:
                    6e:1d:08:e6:a7:49:18:c5:84:05:f7:69:b6:bb:2f:
                    da:64:2a:8f:02:e4:1f:50:a6:5f:14:e8:f0:ee:b7:
                    fa:b4:f2:1b:fe:f9:65:b8:1e:bb:a4:6d:8b:e3:a2:
                    ed:a7:13:e2:57:92:8d:8e:ee:2c:04:29:f8:e4:b8:
                    f5:77:7f:b9:78:b7:ff:1a:96:50:87:4e:46:f9:31:
                    f8:79:63:e6:81:8e:6b:be:c5:d0:99:4f:a7:f1:e9:
                    dc:ec:36:92:08:d1:7d:74:28:46:53:9c:11:4a:20:
                    b8:0b:4e:10:9f:f5:72:21:a2:d4:ee:71:9c:aa:02:
                    ad:af:da:ea:54:e6:e0:b7:31:43:94:74:7b:f2:6a:
                    75:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:7A:1A:85:7E:8F:50:58:3E:35:DB:FF:9A:49:C7:0F:70:3C:1C:92
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0d60eb4f-51b1-419f-b13d-194121678630.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.159.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5b:dd:7b:6e:35:38:3e:49:c1:db:a9:8c:3b:95:d1:0f:0a:a0:
         26:67:d0:63:a6:cb:99:36:e5:67:2b:60:bd:8e:b1:05:80:99:
         08:a6:17:f0:a0:59:0f:98:63:47:bf:b9:14:6b:03:5e:c6:b3:
         3c:22:97:50:fd:03:f6:3d:a8:ae:81:5b:e0:10:2b:50:19:69:
         38:19:83:81:1a:0e:d7:85:ef:4b:8b:88:ad:3f:81:7e:57:8a:
         f6:80:20:ac:b4:cd:a4:3b:88:3e:17:4e:bb:bc:34:60:3f:a2:
         a3:c6:05:3c:bc:21:38:3a:20:cc:9c:78:a2:53:26:a3:0f:18:
         2a:24:c1:b9:f9:73:e8:06:e1:24:6b:36:b5:85:04:fe:44:33:
         76:a2:7a:d9:13:a4:b1:8d:86:93:1b:0c:4a:3f:30:37:ab:24:
         d0:48:5b:63:61:cb:23:80:75:d2:d1:be:79:e0:98:f9:fa:80:
         a7:d3:ce:d6:a3:bd:1c:74:2c:93:ae:5f:36:60:29:0c:3f:d9:
         10:e5:72:ac:0c:73:81:c4:c2:53:bd:fd:cc:0a:2a:ca:66:a5:
         8e:0a:2c:fb:26:67:93:7c:40:43:d2:3b:b4:4f:97:52:6a:80:
         95:e2:9d:6a:a0:ef:73:58:ae:e6:2f:8d:27:82:ad:ee:a5:57:
         ff:f8:38:39
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdJCRam8m0nS8eSCpJ0ntrAV6IcswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDM0MTA0WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNWUxMjgwM2U3Y2RmNDhmOTZkOGJiMGQ3OTJlYjllZDQz
ZGI0NzdjMmYwNzE2M2QxNjBlM2IwZDBjZTI4YzhmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDcgbUyrTm76xmDrn1pKH2sCGxYccydc2XyBRV+KeBjTevP
w4w6LCkN7WwfaNNMx3Mzlvsa8tU39fTpFXSwboZukksRtsEYL25u5on7ixzEWg1r
KbxEr/BSESqGt3UzCaRE6g8LcdtETroP35UH+gmAa6bqdmDVSm4dCOanSRjFhAX3
aba7L9pkKo8C5B9Qpl8U6PDut/q08hv++WW4HrukbYvjou2nE+JXko2O7iwEKfjk
uPV3f7l4t/8allCHTkb5Mfh5Y+aBjmu+xdCZT6fx6dzsNpII0X10KEZTnBFKILgL
ThCf9XIhotTucZyqAq2v2upU5uC3MUOUdHvyanW1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8XoahX6PUFg+Ndv/mknHD3A8HJIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBkNjBlYjRmLTUxYjEtNDE5Zi1iMTNkLTE5NDEyMTY3ODYzMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANsnxAwDQYJKoZIhvcNAQELBQADggEBAFvde241OD5JwdupjDuV0Q8KoCZn
0GOmy5k25WcrYL2OsQWAmQimF/CgWQ+YY0e/uRRrA17Gszwil1D9A/Y9qK6BW+AQ
K1AZaTgZg4EaDteF70uLiK0/gX5XivaAIKy0zaQ7iD4XTru8NGA/oqPGBTy8ITg6
IMyceKJTJqMPGCokwbn5c+gG4SRrNrWFBP5EM3aietkTpLGNhpMbDEo/MDerJNBI
W2NhyyOAddLRvnngmPn6gKfTztajvRx0LJOuXzZgKQw/2RDlcqwMc4HEwlO9/cwK
KspmpY4KLPsmZ5N8QEPSO7RPl1JqgJXinWqg73NYruYvjSeCre6lV//4ODk=
-----END CERTIFICATE-----