Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/687b7c75-e5ca-4381-85cc-a55bfe8a0839.roa
File:                     687b7c75-e5ca-4381-85cc-a55bfe8a0839.roa (raw, json)
Hash identifier:          DFCzBtj7Q3g1e+DAgoJ7KlFgLXSc9kXSz181UibrSck=
Subject key identifier:   8D:8E:95:F0:E4:5E:9B:D3:3A:9C:51:AD:90:D0:ED:0F:98:3F:95:0A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       714DFE96B5085E5BBF507CEA660A2A8F5EAA5811
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/687b7c75-e5ca-4381-85cc-a55bfe8a0839.roa
Signing time:             Mon 20 Oct 2025 06:00:59 +0000
ROA not before:           Mon 20 Oct 2025 06:00:59 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.157.227.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:4d:fe:96:b5:08:5e:5b:bf:50:7c:ea:66:0a:2a:8f:5e:aa:58:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 06:00:59 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=99f30d36551391842b7d50a480db0dc356ba54baa638dc7fbe150646477035da, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:77:07:0a:51:6d:2e:92:21:69:31:98:6c:62:
                    85:0b:24:38:dc:7e:cf:d5:39:94:15:5e:e6:f5:09:
                    dd:09:63:a3:d5:dc:4f:59:f8:40:fe:2d:25:d5:ab:
                    74:47:6c:0b:a9:b7:95:f2:80:fc:a4:24:be:e5:86:
                    62:d7:3c:15:83:92:88:28:70:e5:f7:1a:0b:0a:68:
                    84:0f:13:17:e5:ae:8d:72:f5:3b:b2:1d:f1:47:25:
                    b0:48:98:f3:9e:41:bf:f9:93:a3:64:1b:91:9e:47:
                    eb:12:75:2f:13:c8:bc:df:34:10:1a:68:e3:92:d6:
                    36:cb:bb:df:41:04:b1:84:c0:ed:df:06:a8:35:a7:
                    d2:bc:bd:b7:ef:b2:34:da:bb:2a:f4:2f:26:48:69:
                    07:b9:e9:41:0c:16:c7:4f:d5:15:2a:95:d9:a0:f3:
                    d7:5a:1d:8a:bb:5b:07:e6:32:20:fb:79:5b:d9:3e:
                    54:1e:97:bb:32:e2:c7:83:a6:45:08:eb:64:76:b5:
                    5b:b0:c3:79:b5:56:d3:89:76:e5:10:f3:f8:aa:63:
                    83:a2:5d:e9:4a:38:0f:ed:af:da:7f:10:9b:d9:f9:
                    a1:dc:28:5d:61:ab:1d:87:80:65:77:66:9f:48:b3:
                    d9:1b:77:f2:3d:a5:08:b7:b3:ff:b6:34:4a:4d:e2:
                    6a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:8E:95:F0:E4:5E:9B:D3:3A:9C:51:AD:90:D0:ED:0F:98:3F:95:0A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/687b7c75-e5ca-4381-85cc-a55bfe8a0839.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.157.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:48:50:f7:3e:59:42:00:c4:62:12:9e:a6:c8:b9:d9:bf:58:
         d3:e6:17:08:0e:e3:68:61:68:aa:6d:3b:44:8c:1c:66:2b:3c:
         eb:64:ed:6e:0f:f8:ba:94:e0:d9:a4:d2:1b:29:c2:3d:39:a8:
         80:c9:ff:f4:52:91:c2:59:a3:a1:9e:4f:ac:93:ab:be:41:5f:
         0b:f4:97:b7:a1:a6:ce:3e:4a:66:bc:14:d6:4a:e0:d6:6f:d0:
         f7:53:66:b0:6a:fa:61:a2:62:65:39:d0:54:c1:a1:e2:fc:81:
         2b:62:98:65:f9:7e:e4:ec:97:44:17:73:34:92:be:03:57:c5:
         98:61:7a:9d:ad:6b:dc:d8:7d:ac:88:9d:dd:68:f3:b5:75:d9:
         21:ed:2a:ed:5b:e3:16:b4:f6:e1:ad:32:68:71:f9:83:7c:94:
         73:d9:a9:d3:66:c9:a3:cc:d0:e3:56:ea:97:30:a1:d6:cc:0c:
         d7:65:d9:4d:5a:af:55:c7:9f:5a:87:35:92:15:f2:7c:fd:2a:
         59:7e:7a:a5:45:40:8c:e6:d5:f3:99:00:6c:a2:62:d7:af:9b:
         8c:50:25:bd:d3:ae:f8:74:9a:c8:93:fe:6d:f4:ec:c7:ac:91:
         24:fa:25:20:31:73:73:a9:32:3b:4c:e9:f1:f8:df:df:e2:cf:
         34:ba:ce:59
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcU3+lrUIXlu/UHzqZgoqj16qWBEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDYwMDU5WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5OWYzMGQzNjU1MTM5MTg0MmI3ZDUwYTQ4MGRiMGRjMzU2
YmE1NGJhYTYzOGRjN2ZiZTE1MDY0NjQ3NzAzNWRhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFdwcKUW0ukiFpMZhsYoULJDjcfs/VOZQVXub1Cd0JY6PV
3E9Z+ED+LSXVq3RHbAupt5XygPykJL7lhmLXPBWDkogocOX3GgsKaIQPExflro1y
9TuyHfFHJbBImPOeQb/5k6NkG5GeR+sSdS8TyLzfNBAaaOOS1jbLu99BBLGEwO3f
Bqg1p9K8vbfvsjTauyr0LyZIaQe56UEMFsdP1RUqldmg89daHYq7WwfmMiD7eVvZ
PlQel7sy4seDpkUI62R2tVuww3m1VtOJduUQ8/iqY4OiXelKOA/tr9p/EJvZ+aHc
KF1hqx2HgGV3Zp9Is9kbd/I9pQi3s/+2NEpN4mphAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjY6V8ORem9M6nFGtkNDtD5g/lQowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY4N2I3Yzc1LWU1Y2EtNDM4MS04NWNjLWE1NWJmZThhMDgzOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsneMwDQYJKoZIhvcNAQELBQADggEBABxIUPc+WUIAxGISnqbIudm/WNPm
FwgO42hhaKptO0SMHGYrPOtk7W4P+LqU4Nmk0hspwj05qIDJ//RSkcJZo6GeT6yT
q75BXwv0l7ehps4+Sma8FNZK4NZv0PdTZrBq+mGiYmU50FTBoeL8gStimGX5fuTs
l0QXczSSvgNXxZhhep2ta9zYfayInd1o87V12SHtKu1b4xa09uGtMmhx+YN8lHPZ
qdNmyaPM0ONW6pcwodbMDNdl2U1ar1XHn1qHNZIV8nz9Kll+eqVFQIzm1fOZAGyi
Ytevm4xQJb3Trvh0msiT/m307MeskST6JSAxc3OpMjtM6fH439/izzS6zlk=
-----END CERTIFICATE-----