Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8c143cc5-5c32-49e3-ac30-10114b9c6f00.roa
File:                     8c143cc5-5c32-49e3-ac30-10114b9c6f00.roa (raw, json)
Hash identifier:          S0xpsV9onb3f0dW/2tJGDfZ2dLxI275hUX3EgESH2j4=
Subject key identifier:   30:57:74:83:32:F6:92:BC:02:07:A2:36:2C:3F:C1:62:23:88:03:E6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0D1B569BD518008CBC8B6F2EEC65E6CC9F496DA0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8c143cc5-5c32-49e3-ac30-10114b9c6f00.roa
Signing time:             Mon 20 Oct 2025 00:10:09 +0000
ROA not before:           Mon 20 Oct 2025 00:10:09 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.204.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:1b:56:9b:d5:18:00:8c:bc:8b:6f:2e:ec:65:e6:cc:9f:49:6d:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 00:10:09 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=5712f771c9f69f124b0effe52d938964639a8f02206ee3722dcf17cb622327c7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:cc:e3:18:7d:f1:61:1f:e3:db:53:9e:ff:8b:
                    61:08:a8:fc:c5:45:52:37:1c:6b:04:b8:2f:a0:89:
                    3a:98:87:7f:0c:ea:bc:cc:17:63:28:2b:ad:94:7d:
                    cd:95:c6:c9:8c:84:a7:66:d7:15:45:38:bf:ca:69:
                    8a:63:e9:c4:15:6b:0c:e7:2b:d6:45:47:b1:6d:c6:
                    30:90:68:69:46:30:b9:54:9b:8d:8d:f3:af:e2:44:
                    c8:99:86:23:c6:51:97:38:20:66:c9:f9:19:51:00:
                    b1:da:a4:7c:1b:f8:28:33:78:4a:ef:e4:5e:c2:14:
                    b4:9c:83:62:e5:2f:62:88:fc:63:5d:05:34:2c:34:
                    fd:77:35:a8:9a:c5:ee:08:ed:a3:c3:91:24:3b:b1:
                    9e:4c:d9:f3:fc:a5:47:23:5d:c8:eb:27:70:dc:69:
                    06:6d:8b:af:44:ed:73:c3:78:63:5a:92:03:93:c9:
                    cc:60:d0:8a:ba:d2:e4:03:df:47:1e:cf:37:40:77:
                    bc:6c:cb:0e:ed:2b:fb:e6:28:63:d6:4b:df:53:64:
                    c2:d0:3b:5a:b3:53:fc:9b:a6:15:54:84:48:d9:eb:
                    b6:60:de:16:dd:c2:57:2e:5a:1b:25:78:d4:42:b7:
                    73:bf:14:f1:24:d5:89:1c:4e:c9:80:f1:ad:bd:a4:
                    79:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:57:74:83:32:F6:92:BC:02:07:A2:36:2C:3F:C1:62:23:88:03:E6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8c143cc5-5c32-49e3-ac30-10114b9c6f00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:e8:2a:3a:3c:03:18:98:87:91:4c:1b:2b:7f:aa:ee:ad:e3:
         ea:0d:99:fc:da:94:58:53:aa:40:65:2b:ba:a8:fd:e3:6f:27:
         78:9a:8d:26:44:a2:cb:38:78:7d:8b:52:2b:a0:38:91:a4:86:
         24:23:e7:ab:df:59:8e:ec:ed:a7:01:ef:b4:2c:5e:9b:7d:9d:
         f0:46:33:af:54:a6:be:dc:a9:c4:ef:63:b8:cd:d8:b6:67:fd:
         2c:95:89:99:e8:60:86:e9:5c:82:39:6c:d0:fc:b7:46:d6:bf:
         d7:31:33:e6:54:d1:bb:6f:f8:17:de:3e:ce:0a:66:d0:2f:dd:
         cf:9a:b4:2d:f6:bd:cb:45:56:0e:b7:e8:ff:cf:1c:45:b4:cf:
         39:0d:02:fc:dd:eb:c5:32:18:31:11:01:cc:ae:05:51:c5:58:
         7c:26:03:4e:f9:6c:6f:46:f8:6d:a5:67:38:4b:97:84:0f:82:
         ef:14:87:2b:d0:9d:dd:41:af:dc:0b:0f:6b:aa:2d:f0:1d:aa:
         85:7f:9f:e2:8e:94:58:c1:ed:66:65:5b:ee:71:b1:49:60:6f:
         a4:35:52:b5:f9:e1:a8:58:00:f5:0a:3b:4d:63:52:a8:ee:fb:
         42:c9:56:b5:ca:3e:2e:0f:54:8a:85:00:61:2b:93:58:62:6b:
         50:52:fb:81
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDRtWm9UYAIy8i28u7GXmzJ9JbaAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDAxMDA5WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NzEyZjc3MWM5ZjY5ZjEyNGIwZWZmZTUyZDkzODk2NDYz
OWE4ZjAyMjA2ZWUzNzIyZGNmMTdjYjYyMjMyN2M3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUzOMYffFhH+PbU57/i2EIqPzFRVI3HGsEuC+giTqYh38M
6rzMF2MoK62Ufc2VxsmMhKdm1xVFOL/KaYpj6cQVawznK9ZFR7FtxjCQaGlGMLlU
m42N86/iRMiZhiPGUZc4IGbJ+RlRALHapHwb+CgzeErv5F7CFLScg2LlL2KI/GNd
BTQsNP13Naiaxe4I7aPDkSQ7sZ5M2fP8pUcjXcjrJ3DcaQZti69E7XPDeGNakgOT
ycxg0Iq60uQD30cezzdAd7xsyw7tK/vmKGPWS99TZMLQO1qzU/ybphVUhEjZ67Zg
3hbdwlcuWhsleNRCt3O/FPEk1YkcTsmA8a29pHn/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMFd0gzL2krwCB6I2LD/BYiOIA+YwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhjMTQzY2M1LTVjMzItNDllMy1hYzMwLTEwMTE0YjljNmYwMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnswwDQYJKoZIhvcNAQELBQADggEBAH7oKjo8AxiYh5FMGyt/qu6t4+oN
mfzalFhTqkBlK7qo/eNvJ3iajSZEoss4eH2LUiugOJGkhiQj56vfWY7s7acB77Qs
Xpt9nfBGM69Upr7cqcTvY7jN2LZn/SyViZnoYIbpXII5bND8t0bWv9cxM+ZU0btv
+BfePs4KZtAv3c+atC32vctFVg636P/PHEW0zzkNAvzd68UyGDERAcyuBVHFWHwm
A075bG9G+G2lZzhLl4QPgu8UhyvQnd1Br9wLD2uqLfAdqoV/n+KOlFjB7WZlW+5x
sUlgb6Q1UrX54ahYAPUKO01jUqju+0LJVrXKPi4PVIqFAGErk1hia1BS+4E=
-----END CERTIFICATE-----