Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/963a20dc-9bf1-4842-9085-2c6a0559ba07.roa
File:                     963a20dc-9bf1-4842-9085-2c6a0559ba07.roa (raw, json)
Hash identifier:          PsHevdsYVEbC6VlbsQYkm17BymfnfC9TvYhDEJsfewo=
Subject key identifier:   CC:61:85:EE:35:D6:C9:D5:1C:3C:D2:0C:F8:6D:BE:81:B3:30:9C:C3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       397587EA0D08DE9253BFE98A683E2A019A5C7E9F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/963a20dc-9bf1-4842-9085-2c6a0559ba07.roa
Signing time:             Mon 20 Oct 2025 06:11:30 +0000
ROA not before:           Mon 20 Oct 2025 06:11:30 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.159.68.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:75:87:ea:0d:08:de:92:53:bf:e9:8a:68:3e:2a:01:9a:5c:7e:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 06:11:30 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=9eb487acd4d026f56a1b3a7955a2e098824ad8c48f7c373ff7fa108e84710708, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e5:f4:d6:47:6c:87:9b:cc:a9:60:c0:75:b5:
                    fc:3c:57:6a:36:93:a0:c1:2b:ae:e4:90:18:b1:fe:
                    dd:40:98:ea:0e:88:58:f9:ae:82:3c:27:76:7c:59:
                    e9:f3:dc:ad:25:0e:4b:ba:b5:4a:4b:0c:50:a4:9b:
                    a9:1d:2d:e7:2a:38:94:aa:dc:fa:67:33:46:01:0c:
                    eb:fe:8a:79:81:1c:c1:8b:b5:b0:fc:90:79:8d:e8:
                    96:35:9a:6c:f0:e7:93:97:2d:27:da:ec:08:3b:8d:
                    e7:b4:d3:56:c2:53:e2:46:63:0a:34:f3:e7:e4:e2:
                    43:1e:95:6d:d2:92:46:2b:82:7e:c9:6c:b9:a2:fd:
                    66:8b:5a:6a:66:14:97:b1:b1:2a:d3:07:74:d0:74:
                    af:17:79:cd:ba:16:85:ca:67:88:75:bc:0e:44:02:
                    f4:a8:e7:be:58:cc:24:92:25:0a:69:a5:78:63:15:
                    d0:ba:5d:cc:d9:bb:72:10:3e:2e:77:b0:0d:47:c6:
                    b7:94:59:b8:e6:05:29:54:14:c4:8c:84:c6:6f:7c:
                    ab:d9:5c:b1:44:84:13:08:c6:5f:df:8b:43:25:77:
                    28:3f:9c:5c:bf:2b:4e:ce:db:62:e7:ee:fa:6d:5d:
                    bd:f5:44:ab:3e:1c:a7:b7:7d:38:1c:cc:b2:04:c5:
                    4c:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:61:85:EE:35:D6:C9:D5:1C:3C:D2:0C:F8:6D:BE:81:B3:30:9C:C3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/963a20dc-9bf1-4842-9085-2c6a0559ba07.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.159.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:ea:e8:e6:4a:65:6f:36:c7:ea:62:5f:93:27:47:f0:74:28:
         38:76:8d:a4:11:85:ae:d2:4c:83:18:82:0c:a8:7e:61:03:72:
         31:0d:89:55:49:ea:9a:b4:26:de:4d:c8:88:c0:7e:3a:a4:8d:
         29:d7:b4:03:32:8c:c0:54:ac:d4:31:c8:1c:df:6a:46:7c:7e:
         5a:7e:ba:16:51:1f:9f:47:57:3a:da:3a:09:4b:56:4b:e9:8a:
         4e:b5:cf:33:d5:07:97:c4:d5:ef:cf:7d:6f:c3:3d:4e:54:2b:
         7b:09:86:07:cc:2a:2b:f2:a4:99:e1:1b:67:b0:32:9a:13:dd:
         b5:31:1f:4a:b0:68:bf:53:0e:f3:10:c4:bb:f4:51:1c:b1:6d:
         7e:80:b9:ca:87:9a:69:95:0d:af:df:0d:a4:03:bf:b8:7e:7f:
         f4:d4:39:65:8a:f1:17:7e:40:df:aa:d7:cd:66:14:62:90:cb:
         9f:4b:73:56:e6:68:f2:8e:3d:c6:64:fa:64:40:f8:74:8a:b0:
         80:0c:7b:58:62:10:15:fc:12:20:91:5f:89:53:ea:22:d7:bb:
         4d:b4:9e:5b:29:c7:01:3b:4c:38:db:42:f4:d1:90:bf:8c:d7:
         fb:7a:59:5a:bb:1c:08:ef:68:9a:0f:09:7a:a7:a4:44:29:21:
         f5:6f:3c:7b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOXWH6g0I3pJTv+mKaD4qAZpcfp8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDYxMTMwWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZWI0ODdhY2Q0ZDAyNmY1NmExYjNhNzk1NWEyZTA5ODgy
NGFkOGM0OGY3YzM3M2ZmN2ZhMTA4ZTg0NzEwNzA4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCt5fTWR2yHm8ypYMB1tfw8V2o2k6DBK67kkBix/t1AmOoO
iFj5roI8J3Z8Wenz3K0lDku6tUpLDFCkm6kdLecqOJSq3PpnM0YBDOv+inmBHMGL
tbD8kHmN6JY1mmzw55OXLSfa7Ag7jee001bCU+JGYwo08+fk4kMelW3SkkYrgn7J
bLmi/WaLWmpmFJexsSrTB3TQdK8Xec26FoXKZ4h1vA5EAvSo575YzCSSJQpppXhj
FdC6XczZu3IQPi53sA1HxreUWbjmBSlUFMSMhMZvfKvZXLFEhBMIxl/fi0Mldyg/
nFy/K07O22Ln7vptXb31RKs+HKe3fTgczLIExUwLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzGGF7jXWydUcPNIM+G2+gbMwnMMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk2M2EyMGRjLTliZjEtNDg0Mi05MDg1LTJjNmEwNTU5YmEwNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsn0QwDQYJKoZIhvcNAQELBQADggEBAHLq6OZKZW82x+piX5MnR/B0KDh2
jaQRha7STIMYggyofmEDcjENiVVJ6pq0Jt5NyIjAfjqkjSnXtAMyjMBUrNQxyBzf
akZ8flp+uhZRH59HVzraOglLVkvpik61zzPVB5fE1e/PfW/DPU5UK3sJhgfMKivy
pJnhG2ewMpoT3bUxH0qwaL9TDvMQxLv0URyxbX6AucqHmmmVDa/fDaQDv7h+f/TU
OWWK8Rd+QN+q181mFGKQy59Lc1bmaPKOPcZk+mRA+HSKsIAMe1hiEBX8EiCRX4lT
6iLXu020nlspxwE7TDjbQvTRkL+M1/t6WVq7HAjvaJoPCXqnpEQpIfVvPHs=
-----END CERTIFICATE-----