Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/116d4ecc-bcd7-4d69-b849-e1d4127725a5.roa
File:                     116d4ecc-bcd7-4d69-b849-e1d4127725a5.roa (raw, json)
Hash identifier:          m8ZIdZnsbdzzFfVvPKXPbGUtkDuXTz6y0iNK4/FSyYg=
Subject key identifier:   57:52:E0:6E:79:C6:9B:B7:B9:E0:DE:65:39:8D:61:BF:85:87:FD:BF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       78293BEF00B9CF42B158E3926A087049681CC9A5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/116d4ecc-bcd7-4d69-b849-e1d4127725a5.roa
Signing time:             Mon 20 Oct 2025 01:52:32 +0000
ROA not before:           Mon 20 Oct 2025 01:52:32 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.159.236.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:29:3b:ef:00:b9:cf:42:b1:58:e3:92:6a:08:70:49:68:1c:c9:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 01:52:32 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=b049a1635b89295005a4df47dd1a8b15998750780e63676b91dca2dab987bd94, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:8e:a5:6a:48:fb:5f:d0:42:26:ca:1f:51:f2:
                    63:d8:e5:42:39:1b:8e:9d:a4:fe:19:16:d7:61:58:
                    2e:20:10:fb:be:73:d3:86:52:90:95:f4:4c:31:c9:
                    c3:2c:3f:bd:b2:2c:f9:39:c0:3b:45:83:cb:63:0e:
                    85:c8:ae:25:14:b6:cf:44:9b:c4:aa:5f:96:51:7b:
                    79:31:aa:dd:3d:19:cf:26:0e:cd:28:39:dd:c6:dd:
                    64:69:06:49:ce:6e:a5:5b:ed:a8:ac:ee:d3:f1:21:
                    23:9a:a0:cc:a4:ce:87:ca:f3:75:0e:71:ba:18:db:
                    29:8f:ae:e5:3e:e9:e9:3e:41:2f:91:e6:39:7d:7a:
                    06:ea:0c:1d:e8:f2:f7:8c:78:1a:26:dc:05:a0:a4:
                    32:28:a7:f7:22:28:79:6d:ae:6b:9c:f0:a4:5a:a2:
                    2b:e4:e9:2c:8f:8d:f0:ae:4f:df:1a:33:5f:be:cf:
                    e6:00:e5:f8:92:06:ed:0a:6e:fb:a7:63:58:76:f4:
                    09:74:3e:a3:b2:38:e1:04:12:64:58:33:f4:5b:67:
                    e8:4b:3c:79:57:5f:c2:83:5d:97:57:7d:5a:c6:a0:
                    42:16:cc:a3:58:a9:fa:69:02:d0:be:1e:c0:22:0b:
                    9d:9a:a1:41:ae:b3:62:cf:2d:79:89:6f:ac:1a:e8:
                    bd:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:52:E0:6E:79:C6:9B:B7:B9:E0:DE:65:39:8D:61:BF:85:87:FD:BF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/116d4ecc-bcd7-4d69-b849-e1d4127725a5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.159.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:87:36:ea:2b:09:37:b9:e1:aa:4c:4e:ff:32:6d:1d:fa:b7:
         38:f3:a1:e1:1b:6d:7a:4b:aa:a5:37:0b:4a:2d:04:9b:e8:89:
         ca:db:3a:38:1f:2f:1d:2f:1c:ef:a8:b9:cd:25:c6:c3:8c:4c:
         ef:65:7d:1e:04:f5:ba:c5:22:a2:dd:74:c3:76:a7:0c:b3:ae:
         39:41:3c:63:57:e6:ef:bb:53:4f:53:0e:ef:da:3f:31:15:7b:
         86:dc:de:46:b5:51:8f:30:68:3d:8a:10:3c:a7:b8:c7:c4:70:
         ed:54:4c:34:15:a7:56:31:88:6b:69:19:0e:20:c7:55:6b:63:
         d2:b3:79:41:58:93:79:85:ef:cb:31:52:b8:9c:b7:5c:34:96:
         52:86:93:dc:bf:31:8d:16:16:22:0f:be:5d:ed:05:55:d7:51:
         b6:d7:b4:4d:a1:84:e7:30:ff:da:89:65:b3:6c:25:59:ad:6b:
         5c:64:99:ca:82:e3:71:a4:66:d2:67:8a:1d:37:7c:22:d0:f8:
         8e:d8:38:4a:7d:af:da:19:09:f2:f3:40:b6:53:bb:27:aa:19:
         5b:ac:35:33:13:7a:50:8b:9f:c7:f2:eb:a6:9b:30:16:a3:75:
         35:94:5c:ee:bb:42:2d:89:b2:bd:3c:6f:71:12:c9:62:33:d5:
         de:6e:63:c9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeCk77wC5z0KxWOOSaghwSWgcyaUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDE1MjMyWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMDQ5YTE2MzViODkyOTUwMDVhNGRmNDdkZDFhOGIxNTk5
ODc1MDc4MGU2MzY3NmI5MWRjYTJkYWI5ODdiZDk0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrjqVqSPtf0EImyh9R8mPY5UI5G46dpP4ZFtdhWC4gEPu+
c9OGUpCV9EwxycMsP72yLPk5wDtFg8tjDoXIriUUts9Em8SqX5ZRe3kxqt09Gc8m
Ds0oOd3G3WRpBknObqVb7ais7tPxISOaoMykzofK83UOcboY2ymPruU+6ek+QS+R
5jl9egbqDB3o8veMeBom3AWgpDIop/ciKHltrmuc8KRaoivk6SyPjfCuT98aM1++
z+YA5fiSBu0KbvunY1h29Al0PqOyOOEEEmRYM/RbZ+hLPHlXX8KDXZdXfVrGoEIW
zKNYqfppAtC+HsAiC52aoUGus2LPLXmJb6wa6L2DAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUV1LgbnnGm7e54N5lOY1hv4WH/b8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzExNmQ0ZWNjLWJjZDctNGQ2OS1iODQ5LWUxZDQxMjc3MjVhNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsn+wwDQYJKoZIhvcNAQELBQADggEBAKaHNuorCTe54apMTv8ybR36tzjz
oeEbbXpLqqU3C0otBJvoicrbOjgfLx0vHO+ouc0lxsOMTO9lfR4E9brFIqLddMN2
pwyzrjlBPGNX5u+7U09TDu/aPzEVe4bc3ka1UY8waD2KEDynuMfEcO1UTDQVp1Yx
iGtpGQ4gx1VrY9KzeUFYk3mF78sxUrict1w0llKGk9y/MY0WFiIPvl3tBVXXUbbX
tE2hhOcw/9qJZbNsJVmta1xkmcqC43GkZtJnih03fCLQ+I7YOEp9r9oZCfLzQLZT
uyeqGVusNTMTelCLn8fy66abMBajdTWUXO67Qi2Jsr08b3ESyWIz1d5uY8k=
-----END CERTIFICATE-----