Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1a3d0c37-8c82-41a2-b4cd-23ea1866a535.roa
File:                     1a3d0c37-8c82-41a2-b4cd-23ea1866a535.roa (raw, json)
Hash identifier:          /lNzNvWz3VcnB4+JlY7PB7eqJ1jVGruCFREiZI348os=
Subject key identifier:   04:FB:7C:7F:1C:5C:82:3C:13:17:62:93:38:EB:31:9E:48:19:A0:30
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       591C5ACDE6131E074C0E7DE91D330126AAE1C8EA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1a3d0c37-8c82-41a2-b4cd-23ea1866a535.roa
Signing time:             Mon 20 Oct 2025 05:20:03 +0000
ROA not before:           Mon 20 Oct 2025 05:20:03 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.157.128.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:1c:5a:cd:e6:13:1e:07:4c:0e:7d:e9:1d:33:01:26:aa:e1:c8:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 05:20:03 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=caae4448f016621266c44518043ed2cb686c1ba4a8f7ce3c0a0adc5d5bf529a8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ee:a6:4c:bb:3c:ca:b1:4c:a9:57:69:70:4f:
                    07:48:0b:bf:d4:98:55:56:d1:cd:69:9f:01:4f:31:
                    20:dd:7f:9b:7c:07:48:27:6c:d3:11:21:af:c6:43:
                    d5:b2:76:4e:9f:61:36:8a:75:e6:af:12:cc:d8:e8:
                    c5:e3:ac:a3:07:18:da:70:4e:7d:16:e7:10:36:e4:
                    94:91:e2:37:c8:84:3c:13:7f:8c:f6:d5:81:28:c2:
                    b1:e5:13:a8:da:db:13:56:40:99:c8:14:da:0a:91:
                    8b:5e:9e:55:11:03:08:1c:91:ad:5f:9c:06:a2:9a:
                    08:b6:d3:cc:87:3c:80:85:1a:40:53:62:49:e4:2e:
                    7e:d4:0c:9f:c1:f5:db:a5:ab:e6:6c:d5:2e:0f:f2:
                    67:29:0f:28:13:fe:59:53:60:9b:79:7e:b8:ea:aa:
                    1b:53:84:c3:fb:d3:2b:9a:e0:60:e1:d3:33:03:94:
                    05:76:17:1f:9d:a6:5a:e1:25:73:ed:1a:7b:80:96:
                    50:d4:7d:c8:d3:85:6e:e7:3e:43:95:2c:c2:27:cc:
                    e5:15:93:80:49:78:c5:65:d3:08:11:1e:da:59:a7:
                    b9:6e:12:74:d8:6c:ba:21:df:4d:e2:9d:a3:64:f8:
                    74:8b:21:3a:d8:c6:36:b2:10:03:f1:68:fb:65:9d:
                    a7:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:FB:7C:7F:1C:5C:82:3C:13:17:62:93:38:EB:31:9E:48:19:A0:30
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1a3d0c37-8c82-41a2-b4cd-23ea1866a535.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.157.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:04:00:27:bf:e8:38:ae:d0:cb:69:fd:22:12:49:ba:e3:8a:
         1a:1b:40:87:38:4e:0a:5a:bc:f8:b1:5d:58:b3:27:fd:66:0b:
         d3:14:25:94:34:e2:11:22:ff:aa:63:04:1e:08:4b:4e:48:a7:
         a5:69:41:8f:4a:02:16:18:0f:e5:b9:a4:54:4a:a7:fd:e5:e7:
         15:c1:ff:64:18:f3:ce:67:bd:08:5a:42:ed:5e:91:c4:6b:b3:
         5e:f5:06:09:e0:33:41:a5:99:a8:3a:43:14:0d:c7:43:ce:1b:
         2f:f3:6f:17:dc:3f:f7:fd:58:28:0a:3a:de:be:91:19:ff:ed:
         90:47:9d:e2:bf:15:cd:f3:39:85:58:bc:cd:93:3f:f1:d6:61:
         09:3c:99:35:9d:ec:6b:16:94:48:ba:af:75:f4:2d:0e:fe:ad:
         8b:41:05:ae:4c:f7:a8:e7:a3:4d:04:8b:80:6f:13:19:85:94:
         c2:96:66:92:67:e1:fd:ee:df:65:65:42:de:9d:85:fc:ce:e2:
         a2:44:f7:9e:36:45:11:60:bd:ba:17:3f:6b:72:95:f4:03:c1:
         0f:5d:1f:1e:12:ef:c7:25:94:5c:eb:25:6e:79:d7:b5:96:b7:
         04:19:6d:ac:a6:81:e7:03:16:66:5a:65:ad:5f:76:46:99:e8:
         28:4f:4a:5a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWRxazeYTHgdMDn3pHTMBJqrhyOowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDUyMDAzWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYWFlNDQ0OGYwMTY2MjEyNjZjNDQ1MTgwNDNlZDJjYjY4
NmMxYmE0YThmN2NlM2MwYTBhZGM1ZDViZjUyOWE4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC17qZMuzzKsUypV2lwTwdIC7/UmFVW0c1pnwFPMSDdf5t8
B0gnbNMRIa/GQ9Wydk6fYTaKdeavEszY6MXjrKMHGNpwTn0W5xA25JSR4jfIhDwT
f4z21YEowrHlE6ja2xNWQJnIFNoKkYtenlURAwgcka1fnAaimgi208yHPICFGkBT
YknkLn7UDJ/B9dulq+Zs1S4P8mcpDygT/llTYJt5frjqqhtThMP70yua4GDh0zMD
lAV2Fx+dplrhJXPtGnuAllDUfcjThW7nPkOVLMInzOUVk4BJeMVl0wgRHtpZp7lu
EnTYbLoh303inaNk+HSLITrYxjayEAPxaPtlnacvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUBPt8fxxcgjwTF2KTOOsxnkgZoDAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFhM2QwYzM3LThjODItNDFhMi1iNGNkLTIzZWExODY2YTUzNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnYAwDQYJKoZIhvcNAQELBQADggEBAMwEACe/6Diu0Mtp/SISSbrjihob
QIc4TgpavPixXVizJ/1mC9MUJZQ04hEi/6pjBB4IS05Ip6VpQY9KAhYYD+W5pFRK
p/3l5xXB/2QY885nvQhaQu1ekcRrs171BgngM0Glmag6QxQNx0POGy/zbxfcP/f9
WCgKOt6+kRn/7ZBHneK/Fc3zOYVYvM2TP/HWYQk8mTWd7GsWlEi6r3X0LQ7+rYtB
Ba5M96jno00Ei4BvExmFlMKWZpJn4f3u32VlQt6dhfzO4qJE9542RRFgvboXP2ty
lfQDwQ9dHx4S78cllFzrJW5517WWtwQZbaymgecDFmZaZa1fdkaZ6ChPSlo=
-----END CERTIFICATE-----