Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/33e84d9e-c448-447d-bb31-7640709810b5.roa
File:                     33e84d9e-c448-447d-bb31-7640709810b5.roa (raw, json)
Hash identifier:          z1BG/rvlNTgaEQGzqMTAtHMIRrdFafZppq76AiS0Ol4=
Subject key identifier:   17:EC:BC:16:4C:C5:49:FD:66:4D:91:1A:C1:F5:42:88:42:15:5A:20
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       66BEA35963464748CF59206A494870B76B39A91F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/33e84d9e-c448-447d-bb31-7640709810b5.roa
Signing time:             Mon 20 Oct 2025 05:22:10 +0000
ROA not before:           Mon 20 Oct 2025 05:22:10 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.156.224.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:be:a3:59:63:46:47:48:cf:59:20:6a:49:48:70:b7:6b:39:a9:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 05:22:10 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=97a4c8fcb877991e8dbbda3f148d601d02e124edc8d4b81c34157494368a84d7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b7:92:ec:0b:6c:67:93:ba:07:e0:5b:8f:8c:
                    e6:c3:86:3a:58:f2:05:80:da:a9:f6:9d:37:dc:69:
                    e0:b7:2f:a3:15:c7:33:ed:91:23:3b:34:a2:b0:e1:
                    26:86:be:53:c9:e5:74:24:8f:8c:6e:25:19:59:65:
                    58:7b:1e:4d:dd:6c:7a:e5:9c:8e:3a:6a:39:62:83:
                    7a:6d:a0:8e:71:e2:b7:7f:33:de:b1:bd:9e:45:38:
                    3a:b4:a9:02:ed:99:8b:19:41:20:e5:f5:28:bc:15:
                    3d:9c:94:85:c1:56:86:f6:c4:01:ab:d5:e7:df:84:
                    2f:1d:84:32:df:05:b9:7a:bb:e7:1a:78:a0:e7:a9:
                    72:27:dd:34:66:52:09:3a:94:cc:df:11:4e:7b:3b:
                    bc:bc:f1:12:76:71:57:75:2a:83:d3:4c:34:2c:48:
                    39:cc:2d:b9:16:ab:af:e1:00:31:1a:d9:77:53:d1:
                    bf:34:94:45:28:38:dd:3d:ce:98:11:d8:bf:7b:0b:
                    1b:f6:23:5e:e6:9e:43:8c:70:25:78:a1:ec:07:20:
                    d0:c3:c8:63:80:55:74:21:16:33:3a:42:c5:24:cc:
                    54:01:6c:3c:ab:e3:b7:84:fc:5a:7f:fa:87:fe:a3:
                    2f:29:33:57:95:5c:a9:65:50:b9:a3:f5:dd:c8:a8:
                    d9:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:EC:BC:16:4C:C5:49:FD:66:4D:91:1A:C1:F5:42:88:42:15:5A:20
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/33e84d9e-c448-447d-bb31-7640709810b5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.156.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         04:b8:95:c4:5b:27:22:2b:a2:fe:ef:9f:1c:fe:1f:09:d6:f1:
         0e:9f:57:c6:05:e6:5d:a4:65:b0:5e:56:78:a6:90:3a:63:51:
         65:b2:70:ec:b8:1b:d6:d3:28:9a:6a:e5:2f:bc:fc:bd:83:c3:
         0c:09:8f:15:10:92:f4:af:ad:c1:50:58:24:d0:15:6b:43:1d:
         25:09:b8:9a:e0:60:98:89:d0:60:da:f1:92:e9:ca:e7:bd:22:
         d9:e6:02:7d:e6:ca:af:a4:e8:59:ff:40:91:c3:41:3a:57:e7:
         c6:07:28:54:73:57:c2:35:67:75:da:d4:5c:96:3a:1b:bc:a6:
         0b:90:9e:de:ab:b5:ee:06:36:f8:58:bb:ca:7c:7a:3e:c2:a8:
         25:92:05:fb:be:49:65:c7:c2:b8:7a:26:2f:47:f5:bd:db:02:
         a3:a9:de:83:9b:41:71:7f:13:ef:91:73:c1:7c:a7:a3:00:89:
         f7:c9:5e:87:ea:63:91:36:0e:ad:ed:51:87:2e:22:5f:00:9f:
         30:9c:5f:a0:0c:90:d1:19:b4:15:e0:61:e9:5c:d1:2d:5b:04:
         55:f7:d6:9e:f5:d6:14:66:70:9a:86:8c:6a:a1:76:97:3b:30:
         f3:34:60:53:61:55:11:d6:85:29:59:6e:89:ed:b7:23:06:6f:
         da:54:20:29
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZr6jWWNGR0jPWSBqSUhwt2s5qR8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDUyMjEwWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5N2E0YzhmY2I4Nzc5OTFlOGRiYmRhM2YxNDhkNjAxZDAy
ZTEyNGVkYzhkNGI4MWMzNDE1NzQ5NDM2OGE4NGQ3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkt5LsC2xnk7oH4FuPjObDhjpY8gWA2qn2nTfcaeC3L6MV
xzPtkSM7NKKw4SaGvlPJ5XQkj4xuJRlZZVh7Hk3dbHrlnI46ajlig3ptoI5x4rd/
M96xvZ5FODq0qQLtmYsZQSDl9Si8FT2clIXBVob2xAGr1effhC8dhDLfBbl6u+ca
eKDnqXIn3TRmUgk6lMzfEU57O7y88RJ2cVd1KoPTTDQsSDnMLbkWq6/hADEa2XdT
0b80lEUoON09zpgR2L97Cxv2I17mnkOMcCV4oewHINDDyGOAVXQhFjM6QsUkzFQB
bDyr47eE/Fp/+of+oy8pM1eVXKllULmj9d3IqNnLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUF+y8FkzFSf1mTZEawfVCiEIVWiAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMzZTg0ZDllLWM0NDgtNDQ3ZC1iYjMxLTc2NDA3MDk4MTBiNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANsnOAwDQYJKoZIhvcNAQELBQADggEBAAS4lcRbJyIrov7vnxz+HwnW8Q6f
V8YF5l2kZbBeVnimkDpjUWWycOy4G9bTKJpq5S+8/L2DwwwJjxUQkvSvrcFQWCTQ
FWtDHSUJuJrgYJiJ0GDa8ZLpyue9ItnmAn3myq+k6Fn/QJHDQTpX58YHKFRzV8I1
Z3Xa1FyWOhu8pguQnt6rte4GNvhYu8p8ej7CqCWSBfu+SWXHwrh6Ji9H9b3bAqOp
3oObQXF/E++Rc8F8p6MAiffJXofqY5E2Dq3tUYcuIl8AnzCcX6AMkNEZtBXgYelc
0S1bBFX31p711hRmcJqGjGqhdpc7MPM0YFNhVRHWhSlZbonttyMGb9pUICk=
-----END CERTIFICATE-----