Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7c273acd-1393-466b-8364-c701a07a1d3c.roa
File:                     7c273acd-1393-466b-8364-c701a07a1d3c.roa (raw, json)
Hash identifier:          2Atza2UOyzH22hpwkL2bGxGufUE8r1Wnq8RIWvBxiqI=
Subject key identifier:   0C:5B:AD:D1:C2:B3:51:4F:BD:62:EC:91:C0:AD:A1:DA:89:B9:02:A6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3B90F5CF766339649EF01736EDABBD26A20FCB13
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7c273acd-1393-466b-8364-c701a07a1d3c.roa
Signing time:             Mon 20 Oct 2025 02:11:42 +0000
ROA not before:           Mon 20 Oct 2025 02:11:42 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.157.168.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:90:f5:cf:76:63:39:64:9e:f0:17:36:ed:ab:bd:26:a2:0f:cb:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 02:11:42 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=610ad2719bd42bd82929f791388eae09933e5b05d2a09bc79410fff5c1b17103, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f9:d6:4f:fa:df:13:11:e0:1e:09:54:2f:d0:
                    2b:04:05:b1:9a:3d:c1:9a:d9:42:12:99:7c:08:ee:
                    06:9e:d6:8d:1f:f5:92:6a:48:6e:19:53:37:4a:69:
                    34:18:d8:9f:07:eb:ad:80:c5:3b:07:d1:2d:6e:1d:
                    2b:f0:2f:b0:1c:b3:79:0d:ce:fd:e0:d6:57:b6:c2:
                    25:06:b4:15:39:46:6a:db:ca:8f:f6:b3:d7:6c:0c:
                    61:56:8f:de:3e:4a:6c:9f:db:4d:5b:5c:d9:e1:a1:
                    2f:86:f7:f5:d6:00:42:78:f2:2b:f9:b6:f8:ab:82:
                    f6:cf:74:d7:d3:3b:8f:1b:9f:d4:b7:c2:80:41:05:
                    7d:fe:91:1f:3d:30:b3:c2:27:5d:31:38:f3:a8:8a:
                    c5:7c:55:5f:07:c9:a8:8a:e1:23:e1:30:b8:c0:f8:
                    2c:04:30:03:fd:0b:84:64:03:58:89:5b:46:0c:dd:
                    50:8b:c3:7f:af:47:82:e4:06:b2:db:0e:8b:74:ed:
                    f4:e3:aa:33:79:56:6d:a0:85:38:c0:84:02:ad:a2:
                    9b:8e:92:b7:1a:39:37:f7:00:43:05:3f:40:fd:5c:
                    c2:65:e6:2b:54:03:43:62:3f:05:af:d5:4f:0f:b8:
                    0e:79:65:33:25:51:73:7e:ee:db:37:23:70:fc:af:
                    e0:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:5B:AD:D1:C2:B3:51:4F:BD:62:EC:91:C0:AD:A1:DA:89:B9:02:A6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7c273acd-1393-466b-8364-c701a07a1d3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.157.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a2:08:99:3e:3d:4a:67:e7:65:c5:3e:a8:ca:b0:a1:7d:2c:93:
         33:69:9d:68:7f:fa:01:d8:2e:64:87:a5:c0:b5:6e:e3:85:bb:
         00:c2:3d:75:60:9f:93:48:a5:f4:09:3f:a8:e5:5d:7f:66:1e:
         1c:33:fa:ee:38:3b:71:f8:ed:41:3c:e5:ff:3a:71:52:6c:11:
         43:ff:d7:52:61:63:dc:1c:be:6d:01:d6:66:68:1a:25:94:c1:
         79:f8:83:5f:49:78:83:28:3d:45:49:03:ca:44:dc:29:be:1d:
         47:3e:6d:57:5b:89:87:af:7a:73:ec:0b:0c:d1:31:f5:a2:00:
         ca:6b:af:09:7b:15:93:5e:51:76:46:b6:a4:ef:9a:15:29:18:
         50:4e:e1:36:eb:5b:cf:54:64:64:68:62:d7:74:17:12:45:88:
         40:b8:c5:79:ad:44:a1:e8:b4:d9:3d:32:1b:e7:f7:1d:07:04:
         b6:92:1b:40:3d:cc:f2:61:5a:58:aa:75:6b:60:29:aa:b4:0b:
         cf:59:82:bb:d3:17:09:f0:d5:15:84:f0:b6:19:5c:cd:8a:d9:
         fe:6f:e3:8e:8b:ea:50:87:00:58:ea:a7:da:7c:32:00:d6:9f:
         ec:e8:6d:c5:5d:b6:bf:75:0e:b4:09:e0:69:f6:02:ba:94:96:
         3f:f8:bb:db
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUO5D1z3ZjOWSe8Bc27au9JqIPyxMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDIxMTQyWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MTBhZDI3MTliZDQyYmQ4MjkyOWY3OTEzODhlYWUwOTkz
M2U1YjA1ZDJhMDliYzc5NDEwZmZmNWMxYjE3MTAzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCw+dZP+t8TEeAeCVQv0CsEBbGaPcGa2UISmXwI7gae1o0f
9ZJqSG4ZUzdKaTQY2J8H662AxTsH0S1uHSvwL7Acs3kNzv3g1le2wiUGtBU5Rmrb
yo/2s9dsDGFWj94+Smyf201bXNnhoS+G9/XWAEJ48iv5tvirgvbPdNfTO48bn9S3
woBBBX3+kR89MLPCJ10xOPOoisV8VV8HyaiK4SPhMLjA+CwEMAP9C4RkA1iJW0YM
3VCLw3+vR4LkBrLbDot07fTjqjN5Vm2ghTjAhAKtopuOkrcaOTf3AEMFP0D9XMJl
5itUA0NiPwWv1U8PuA55ZTMlUXN+7ts3I3D8r+DpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDFut0cKzUU+9YuyRwK2h2om5AqYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdjMjczYWNkLTEzOTMtNDY2Yi04MzY0LWM3MDFhMDdhMWQzYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJsnagwDQYJKoZIhvcNAQELBQADggEBAKIImT49SmfnZcU+qMqwoX0skzNp
nWh/+gHYLmSHpcC1buOFuwDCPXVgn5NIpfQJP6jlXX9mHhwz+u44O3H47UE85f86
cVJsEUP/11JhY9wcvm0B1mZoGiWUwXn4g19JeIMoPUVJA8pE3Cm+HUc+bVdbiYev
enPsCwzRMfWiAMprrwl7FZNeUXZGtqTvmhUpGFBO4TbrW89UZGRoYtd0FxJFiEC4
xXmtRKHotNk9Mhvn9x0HBLaSG0A9zPJhWliqdWtgKaq0C89ZgrvTFwnw1RWE8LYZ
XM2K2f5v446L6lCHAFjqp9p8MgDWn+zobcVdtr91DrQJ4Gn2ArqUlj/4u9s=
-----END CERTIFICATE-----