Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a9df0281-7869-4a36-b123-e31a9e5588f1.roa
File:                     a9df0281-7869-4a36-b123-e31a9e5588f1.roa (raw, json)
Hash identifier:          y1NN2S4nwJ+XCU0Os40pjUOPmgqiAHGVnwLrQXi9k5E=
Subject key identifier:   2A:86:89:CA:A4:F8:9B:E5:C2:8D:EF:12:83:DB:14:B9:57:E0:00:72
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       41F77DFB9917BE3DD309A9E2D1D15D88AFDD1158
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a9df0281-7869-4a36-b123-e31a9e5588f1.roa
Signing time:             Mon 20 Oct 2025 04:40:46 +0000
ROA not before:           Mon 20 Oct 2025 04:40:46 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.144.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:f7:7d:fb:99:17:be:3d:d3:09:a9:e2:d1:d1:5d:88:af:dd:11:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 04:40:46 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=fcf8c12625b5fe32d6a5923d1a403fd5c8c13ae72c9ed4de97087736c4736679, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:cb:bb:22:46:1f:ec:fe:d1:ad:bf:5b:bc:76:
                    49:74:9e:3d:db:78:c7:90:76:40:db:1e:f3:24:49:
                    b5:d3:b3:1e:2e:ab:b3:e1:01:53:2b:6c:0a:c1:f5:
                    b7:34:ce:36:74:94:1c:ce:df:d2:16:c4:04:6d:d2:
                    07:59:b6:93:60:15:66:1e:82:73:38:57:12:b8:a4:
                    b7:a5:44:d5:8d:ba:20:ca:9a:8d:ad:42:5d:4e:56:
                    c7:d9:9b:fe:fb:aa:f5:9a:35:04:52:78:72:74:89:
                    d3:1a:ae:3c:81:23:04:a5:5f:5c:be:54:b5:42:29:
                    be:07:89:7c:b2:ac:30:d3:a6:07:eb:54:d1:62:95:
                    ff:1c:5d:b6:47:80:4e:fa:12:1c:78:7b:2a:77:98:
                    45:6b:0c:f3:3d:79:a9:43:c1:f5:66:f8:f6:76:4f:
                    69:44:c9:8e:63:7b:11:b5:58:72:a0:39:9e:c3:c0:
                    38:fc:36:21:2f:ad:84:ac:ff:97:81:41:0d:d0:f3:
                    9e:8f:20:25:7b:36:ca:fe:3c:db:4d:21:aa:f7:c7:
                    97:8f:7d:c4:90:09:a9:ca:67:48:b5:3a:2a:2f:b2:
                    81:5b:83:c4:aa:4c:89:1d:eb:a1:26:a5:fd:51:f7:
                    92:63:f0:38:d5:b4:c8:aa:56:6f:5a:be:9d:32:93:
                    25:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:86:89:CA:A4:F8:9B:E5:C2:8D:EF:12:83:DB:14:B9:57:E0:00:72
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a9df0281-7869-4a36-b123-e31a9e5588f1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:cb:93:5d:5d:95:d2:72:92:1b:ac:63:1d:29:76:74:1f:97:
         0e:f4:d8:07:8b:38:5b:5b:fd:92:45:cf:6c:b4:3f:b3:6f:d3:
         65:34:4b:f8:ba:cf:49:33:44:8c:ef:84:57:fe:36:5d:ed:cd:
         c1:bb:70:a4:4a:97:71:1c:ff:32:61:75:d2:bb:57:b6:9a:1f:
         88:43:56:8e:25:43:e6:32:c4:58:5e:37:52:e7:d0:3f:f4:47:
         97:d5:9c:42:fe:b8:94:65:1f:ab:89:64:27:4a:a0:80:46:82:
         fd:6c:c4:5c:76:7f:f9:bf:ab:79:fb:cb:3f:46:16:c3:69:62:
         90:d2:39:33:f7:f8:7a:a8:55:b9:87:8d:8a:3b:7a:00:f8:7b:
         28:d4:f5:88:4c:0f:c9:d4:48:52:f5:8b:b4:fb:54:d7:bf:71:
         e3:c0:0f:47:43:26:6c:c2:e5:94:5f:e7:39:8f:04:ab:70:4b:
         ab:a7:3e:a8:c2:c2:f1:6e:4d:1b:e2:e8:26:13:e1:0b:e2:82:
         12:bb:56:19:4a:95:d6:16:a0:db:f8:88:f4:0f:29:9e:20:b9:
         cd:3c:20:a3:4b:5a:c7:5c:3d:10:d8:3d:92:b4:ac:29:70:4a:
         8d:b7:52:f6:1a:0f:a2:ff:5c:78:1a:a5:b9:7f:67:b1:dd:a0:
         51:01:26:a8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQfd9+5kXvj3TCani0dFdiK/dEVgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDQ0MDQ2WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmY2Y4YzEyNjI1YjVmZTMyZDZhNTkyM2QxYTQwM2ZkNWM4
YzEzYWU3MmM5ZWQ0ZGU5NzA4NzczNmM0NzM2Njc5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWy7siRh/s/tGtv1u8dkl0nj3beMeQdkDbHvMkSbXTsx4u
q7PhAVMrbArB9bc0zjZ0lBzO39IWxARt0gdZtpNgFWYegnM4VxK4pLelRNWNuiDK
mo2tQl1OVsfZm/77qvWaNQRSeHJ0idMarjyBIwSlX1y+VLVCKb4HiXyyrDDTpgfr
VNFilf8cXbZHgE76Ehx4eyp3mEVrDPM9ealDwfVm+PZ2T2lEyY5jexG1WHKgOZ7D
wDj8NiEvrYSs/5eBQQ3Q856PICV7Nsr+PNtNIar3x5ePfcSQCanKZ0i1OiovsoFb
g8SqTIkd66Empf1R95Jj8DjVtMiqVm9avp0ykyVVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKoaJyqT4m+XCje8Sg9sUuVfgAHIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E5ZGYwMjgxLTc4NjktNGEzNi1iMTIzLWUzMWE5ZTU1ODhmMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnpAwDQYJKoZIhvcNAQELBQADggEBAIXLk11dldJykhusYx0pdnQflw70
2AeLOFtb/ZJFz2y0P7Nv02U0S/i6z0kzRIzvhFf+Nl3tzcG7cKRKl3Ec/zJhddK7
V7aaH4hDVo4lQ+YyxFheN1Ln0D/0R5fVnEL+uJRlH6uJZCdKoIBGgv1sxFx2f/m/
q3n7yz9GFsNpYpDSOTP3+HqoVbmHjYo7egD4eyjU9YhMD8nUSFL1i7T7VNe/cePA
D0dDJmzC5ZRf5zmPBKtwS6unPqjCwvFuTRvi6CYT4QvighK7VhlKldYWoNv4iPQP
KZ4guc08IKNLWsdcPRDYPZK0rClwSo23UvYaD6L/XHgapbl/Z7HdoFEBJqg=
-----END CERTIFICATE-----