Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c1004304-0031-49a6-8e42-8971c4c167aa.roa
File:                     c1004304-0031-49a6-8e42-8971c4c167aa.roa (raw, json)
Hash identifier:          tNsQWidn6LtchWPjZwxFcBcuO2EsYFw37GNdl0s3fqs=
Subject key identifier:   03:50:FF:E0:37:61:90:D4:92:E6:35:D6:F1:36:E9:78:AD:1F:28:DD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       01185CE2AA4670B7591116EFB168B8C54F186C94
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c1004304-0031-49a6-8e42-8971c4c167aa.roa
Signing time:             Mon 20 Oct 2025 06:11:25 +0000
ROA not before:           Mon 20 Oct 2025 06:11:25 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.156.196.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:18:5c:e2:aa:46:70:b7:59:11:16:ef:b1:68:b8:c5:4f:18:6c:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 06:11:25 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=c883fa3d6ab0700ac998ffbb5f90569154858dca1d5cc96dd5f522f4889f2e52, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:0b:fc:46:51:58:73:b7:d7:cd:f9:0c:48:bb:
                    f1:75:6a:45:95:75:bd:87:7c:4b:6c:20:4d:c5:e4:
                    56:d9:9b:95:44:98:f7:ae:56:65:37:98:4a:57:90:
                    29:0d:f0:f4:64:3c:8a:5b:f4:24:56:7e:9e:b4:59:
                    25:6e:87:9f:00:52:0a:83:63:0e:ea:87:f4:9e:9f:
                    06:c0:fe:b6:89:f9:8f:8e:92:78:c1:b5:17:fa:54:
                    37:4a:c0:97:6c:5f:b4:83:e1:e8:23:7f:a8:9a:ea:
                    1d:8c:f0:fa:61:7d:ee:13:18:2b:de:c4:f7:2c:7e:
                    07:21:5b:b2:f1:42:31:7b:d1:d9:1e:fa:99:b2:c8:
                    fc:fa:23:d1:c5:f0:b4:4a:eb:e1:5c:1e:13:61:90:
                    fb:74:41:7a:f8:91:49:7e:94:e6:2c:6a:75:c1:01:
                    29:99:11:3c:1b:5c:1f:ed:77:f8:a5:32:d8:08:1c:
                    aa:74:f9:6b:9a:55:70:36:0a:16:da:82:fc:26:dd:
                    3f:49:00:d8:29:2c:fa:51:96:6f:b3:5f:3a:51:f6:
                    c5:95:f9:e4:92:65:8a:04:fc:60:fd:6a:ce:58:db:
                    cf:f5:4f:93:07:c1:3f:a3:d5:b1:69:98:bf:66:24:
                    4d:21:39:46:62:3b:7a:6f:ab:0a:93:e0:ba:d9:cd:
                    ec:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:50:FF:E0:37:61:90:D4:92:E6:35:D6:F1:36:E9:78:AD:1F:28:DD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c1004304-0031-49a6-8e42-8971c4c167aa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.156.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:47:46:52:f0:10:7b:f4:56:97:ef:ef:da:a3:d0:4b:b3:f8:
         21:72:11:16:9b:35:ab:cd:13:aa:ff:6d:60:99:47:b4:e4:17:
         13:f1:05:02:f8:8e:2e:39:9d:d8:26:b6:68:9d:b1:07:4b:3c:
         ac:31:07:ad:99:57:97:f9:32:95:bb:04:a3:b0:5f:32:0c:7b:
         5b:bd:5b:76:b0:6d:ff:41:41:37:f5:9e:1f:12:0b:05:f3:14:
         70:1b:64:5b:76:53:81:43:eb:a6:e3:ab:70:c9:75:d4:e7:ca:
         ec:a4:ea:d8:25:06:fc:a8:f8:4a:d6:64:ad:9a:d6:67:18:4a:
         b9:ac:97:9a:73:95:d4:1e:4b:45:f4:5a:af:5b:ae:c2:07:12:
         a1:f6:74:10:68:f5:fa:b0:f7:ed:dd:d2:ec:4b:e0:00:02:7b:
         b3:0e:59:17:5d:a8:fc:08:d1:96:d7:99:ae:2f:56:bc:40:89:
         4f:16:6f:a0:66:aa:a1:49:1e:b2:83:9e:8f:71:e4:7f:a6:25:
         b9:43:1e:3a:19:ea:ad:10:a3:f3:62:85:df:c9:18:88:63:7d:
         bd:6a:2f:e9:99:1f:ea:5f:bc:9b:72:ad:a6:6b:47:32:c0:62:
         d9:e2:16:25:75:58:bf:e4:5b:f8:a3:e8:4a:21:a0:d7:7b:a8:
         24:55:4f:cc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUARhc4qpGcLdZERbvsWi4xU8YbJQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDYxMTI1WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BjODgzZmEzZDZhYjA3MDBhYzk5OGZmYmI1ZjkwNTY5MTU0
ODU4ZGNhMWQ1Y2M5NmRkNWY1MjJmNDg4OWYyZTUyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD0C/xGUVhzt9fN+QxIu/F1akWVdb2HfEtsIE3F5FbZm5VE
mPeuVmU3mEpXkCkN8PRkPIpb9CRWfp60WSVuh58AUgqDYw7qh/SenwbA/raJ+Y+O
knjBtRf6VDdKwJdsX7SD4egjf6ia6h2M8Pphfe4TGCvexPcsfgchW7LxQjF70dke
+pmyyPz6I9HF8LRK6+FcHhNhkPt0QXr4kUl+lOYsanXBASmZETwbXB/td/ilMtgI
HKp0+WuaVXA2Chbagvwm3T9JANgpLPpRlm+zXzpR9sWV+eSSZYoE/GD9as5Y28/1
T5MHwT+j1bFpmL9mJE0hOUZiO3pvqwqT4LrZzeyVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUA1D/4DdhkNSS5jXW8TbpeK0fKN0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MxMDA0MzA0LTAwMzEtNDlhNi04ZTQyLTg5NzFjNGMxNjdhYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnMQwDQYJKoZIhvcNAQELBQADggEBAJBHRlLwEHv0Vpfv79qj0Euz+CFy
ERabNavNE6r/bWCZR7TkFxPxBQL4ji45ndgmtmidsQdLPKwxB62ZV5f5MpW7BKOw
XzIMe1u9W3awbf9BQTf1nh8SCwXzFHAbZFt2U4FD66bjq3DJddTnyuyk6tglBvyo
+ErWZK2a1mcYSrmsl5pzldQeS0X0Wq9brsIHEqH2dBBo9fqw9+3d0uxL4AACe7MO
WRddqPwI0ZbXma4vVrxAiU8Wb6BmqqFJHrKDno9x5H+mJblDHjoZ6q0Qo/Nihd/J
GIhjfb1qL+mZH+pfvJtyraZrRzLAYtniFiV1WL/kW/ij6EohoNd7qCRVT8w=
-----END CERTIFICATE-----