Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7c55bb96-e035-4f4b-9757-30c7be3ac395.roa
File:                     7c55bb96-e035-4f4b-9757-30c7be3ac395.roa (raw, json)
Hash identifier:          hRK5w1/SMljZ++f31eDE+v7j0nO2s2A/rVwVAKj4onw=
Subject key identifier:   22:6B:C9:DC:E3:FA:9F:77:D2:CE:76:F5:1B:4D:2E:EA:38:6D:BF:85
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       336A800BA3A3A4114977C80E00099419A186EE5D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7c55bb96-e035-4f4b-9757-30c7be3ac395.roa
Signing time:             Mon 20 Oct 2025 05:32:20 +0000
ROA not before:           Mon 20 Oct 2025 05:32:20 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.14.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:6a:80:0b:a3:a3:a4:11:49:77:c8:0e:00:09:94:19:a1:86:ee:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 05:32:20 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=c22b180b93f1e320671243c3433ed3118b7081e9ccdd19d4ece2a02f5174cc52, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:73:ad:98:65:6a:2e:91:c9:27:83:d3:09:48:
                    40:f6:3f:de:3e:d0:0a:fb:cc:cf:30:1f:84:be:8f:
                    c8:42:bd:b7:fb:fd:43:2b:76:fb:d4:34:b5:07:6d:
                    66:36:89:fe:f3:a1:fa:c7:bc:d1:48:cc:c8:d3:4e:
                    fc:d6:ed:19:d1:87:32:46:f3:39:77:04:78:4c:64:
                    d8:f2:55:be:f4:7e:b0:17:12:1b:bb:cc:ed:8e:5d:
                    78:f6:94:f3:b0:04:78:b2:b9:13:8f:54:f2:ed:9e:
                    a3:fd:16:27:ed:3d:ab:2f:83:41:bf:a9:3f:a2:33:
                    f2:f1:3b:c1:e5:a2:44:94:47:69:e9:61:7d:d2:e8:
                    6a:1d:56:51:97:ad:4d:6a:7c:ff:b0:53:f8:db:46:
                    5d:e6:4c:87:57:db:63:a6:7d:25:bc:81:7e:ef:15:
                    f1:32:01:71:67:a6:46:fd:89:39:a7:a0:bc:29:2e:
                    fb:d1:05:27:fd:34:8e:ef:11:d9:b0:e1:26:96:9e:
                    b6:e9:c8:5d:0f:13:87:cd:ae:62:62:92:7a:9d:69:
                    48:2b:97:cb:c7:da:74:94:f6:2b:e1:41:ea:9f:8d:
                    a0:c1:6e:25:5a:a6:dc:0c:6b:78:51:01:5a:aa:59:
                    fe:74:39:05:99:71:7c:b7:07:9f:93:22:6f:5b:c6:
                    d4:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:6B:C9:DC:E3:FA:9F:77:D2:CE:76:F5:1B:4D:2E:EA:38:6D:BF:85
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7c55bb96-e035-4f4b-9757-30c7be3ac395.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c9:ea:c0:5f:51:ac:47:7e:f7:e2:98:83:1d:1b:2b:33:a3:1b:
         67:cc:30:2a:10:34:1d:0d:10:2d:4e:df:1b:83:37:8d:f0:08:
         20:95:cf:55:44:03:85:8d:79:b8:f7:50:f9:71:0a:f9:76:3d:
         44:52:fd:0b:74:45:9e:62:2e:2f:38:d2:7f:b4:44:0a:10:17:
         ea:12:97:16:cd:0b:3e:b1:83:9a:a4:5d:44:f0:3f:49:93:34:
         fe:cf:8e:51:74:df:98:bb:ea:b0:2b:79:8a:ab:3c:94:81:d2:
         e8:ab:0d:74:63:e6:5b:66:00:aa:4f:d5:28:3a:51:a6:f7:51:
         eb:fc:60:52:5c:16:cf:1d:a8:e3:0a:91:56:07:07:4a:31:8f:
         7c:ff:98:c0:39:ae:f7:3f:30:f2:0b:8a:f9:56:c6:51:14:46:
         14:64:99:3d:5e:c1:3d:68:e6:db:69:7c:98:63:35:96:d4:83:
         66:31:81:79:c8:ce:60:a5:0b:d8:3b:e3:92:58:4b:0d:19:9b:
         8f:87:ce:e0:26:c3:71:e2:ad:04:93:10:5d:a5:20:9d:0f:90:
         98:31:86:cf:27:fb:2a:e8:a4:22:72:18:0a:35:f1:b5:aa:fa:
         2d:6f:22:54:dd:b7:d5:82:3a:26:81:49:08:5e:08:da:71:25:
         dc:08:89:09
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUM2qAC6OjpBFJd8gOAAmUGaGG7l0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDUzMjIwWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BjMjJiMTgwYjkzZjFlMzIwNjcxMjQzYzM0MzNlZDMxMThi
NzA4MWU5Y2NkZDE5ZDRlY2UyYTAyZjUxNzRjYzUyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDic62YZWoukckng9MJSED2P94+0Ar7zM8wH4S+j8hCvbf7
/UMrdvvUNLUHbWY2if7zofrHvNFIzMjTTvzW7RnRhzJG8zl3BHhMZNjyVb70frAX
Ehu7zO2OXXj2lPOwBHiyuROPVPLtnqP9FiftPasvg0G/qT+iM/LxO8HlokSUR2np
YX3S6GodVlGXrU1qfP+wU/jbRl3mTIdX22OmfSW8gX7vFfEyAXFnpkb9iTmnoLwp
LvvRBSf9NI7vEdmw4SaWnrbpyF0PE4fNrmJiknqdaUgrl8vH2nSU9ivhQeqfjaDB
biVaptwMa3hRAVqqWf50OQWZcXy3B5+TIm9bxtTFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUImvJ3OP6n3fSznb1G00u6jhtv4UwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdjNTViYjk2LWUwMzUtNGY0Yi05NzU3LTMwYzdiZTNhYzM5NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFsng4wDQYJKoZIhvcNAQELBQADggEBAMnqwF9RrEd+9+KYgx0bKzOjG2fM
MCoQNB0NEC1O3xuDN43wCCCVz1VEA4WNebj3UPlxCvl2PURS/Qt0RZ5iLi840n+0
RAoQF+oSlxbNCz6xg5qkXUTwP0mTNP7PjlF035i76rAreYqrPJSB0uirDXRj5ltm
AKpP1Sg6Uab3Uev8YFJcFs8dqOMKkVYHB0oxj3z/mMA5rvc/MPILivlWxlEURhRk
mT1ewT1o5ttpfJhjNZbUg2YxgXnIzmClC9g745JYSw0Zm4+HzuAmw3HirQSTEF2l
IJ0PkJgxhs8n+yropCJyGAo18bWq+i1vIlTdt9WCOiaBSQheCNpxJdwIiQk=
-----END CERTIFICATE-----