Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dcd3205c-8112-4a91-b291-19da81d854b1.roa
File:                     dcd3205c-8112-4a91-b291-19da81d854b1.roa (raw, json)
Hash identifier:          jZQoXbL8h9Nwt1epIe2TAPRpcXJOxDLVLjORhx9qbRM=
Subject key identifier:   7E:B9:95:22:06:BB:D9:B2:C3:48:C2:3C:CD:19:B7:B2:A7:18:09:7B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       23CFEC8D5B0C98C69DA230F2A5669EF76392AAEA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dcd3205c-8112-4a91-b291-19da81d854b1.roa
Signing time:             Mon 20 Oct 2025 05:41:02 +0000
ROA not before:           Mon 20 Oct 2025 05:41:02 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.159.96.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:cf:ec:8d:5b:0c:98:c6:9d:a2:30:f2:a5:66:9e:f7:63:92:aa:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 05:41:02 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=53dca3a9f46cc189a4ce297d9b0341ee4f5f48579f648b753ae92f5e092eb499, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f9:b7:37:a2:ab:94:49:2a:e7:23:8f:93:3c:
                    3d:6a:ba:36:81:d5:f8:7f:a5:ed:87:7a:80:07:e8:
                    6e:2f:fa:66:d4:06:8a:5a:8c:e4:87:3e:34:8c:c6:
                    fe:14:f8:be:c3:6b:b1:b1:f7:f0:35:c5:3c:03:71:
                    68:7b:6d:e8:a4:35:d2:62:fb:a1:d7:2f:17:03:c0:
                    5b:dc:63:7b:18:8c:93:d7:91:66:cb:c0:da:4c:73:
                    5d:9a:2d:45:de:67:c3:d7:fd:a7:3c:e3:ae:db:a9:
                    b6:85:56:8c:25:e4:6c:85:af:1b:58:ce:17:6e:7c:
                    b0:bf:f2:87:72:c9:49:86:5e:19:31:cf:38:d3:a3:
                    90:98:3f:87:0b:09:9a:30:e3:c6:72:c2:be:7c:f8:
                    c1:26:6a:7f:49:61:ad:74:f6:fd:21:92:b7:ec:6a:
                    77:19:cd:f2:c9:df:e0:74:8a:4e:1a:7f:71:bb:3f:
                    60:3c:12:3f:fe:0d:99:50:53:84:33:78:dd:a3:25:
                    2f:69:21:b4:99:1a:39:74:8a:91:7c:81:57:c3:7c:
                    44:56:67:17:38:b9:cf:9d:1e:9c:2c:18:5c:64:6e:
                    c6:dc:82:d5:3a:ee:14:0a:0d:6d:17:ee:a0:bd:79:
                    6b:9a:46:b7:a2:0c:d1:37:4a:93:f4:c5:29:9e:64:
                    da:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:B9:95:22:06:BB:D9:B2:C3:48:C2:3C:CD:19:B7:B2:A7:18:09:7B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dcd3205c-8112-4a91-b291-19da81d854b1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.159.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:78:a8:7e:b5:7c:fb:56:56:c8:05:18:a4:05:de:07:de:6c:
         c7:33:99:f0:c4:eb:ef:ed:15:bd:8c:35:fb:ff:de:ff:a9:25:
         97:16:0e:59:f2:af:a0:7b:25:60:eb:cd:cd:ec:95:f5:56:3b:
         43:9c:b3:44:1a:cf:74:be:95:80:33:b8:c7:28:4f:ec:2e:87:
         0d:24:9c:db:84:e3:47:6c:c5:9d:82:37:af:58:bc:f6:1c:a0:
         a3:d2:a7:80:04:48:aa:a9:c9:13:ec:1e:a0:6f:ad:bd:ed:57:
         5e:db:70:72:db:88:34:5e:5e:94:c3:c4:03:c6:b1:33:f8:d2:
         be:1e:a5:f4:13:be:a2:66:71:b4:cb:09:c0:92:69:64:a8:a7:
         9a:bd:55:cf:9f:1c:98:39:9a:2f:a6:bf:e2:f7:84:99:ca:71:
         23:c6:8e:a4:c4:ed:94:28:e2:db:6f:a1:01:7f:52:e4:49:f6:
         ab:d1:a4:c8:b4:65:6a:b5:4c:22:f0:0a:88:8f:aa:cb:4f:b1:
         69:da:81:4e:90:84:93:79:b6:9c:5b:0f:1f:8c:55:88:79:92:
         78:8b:53:8c:cf:01:df:e2:0f:fa:d3:d3:3a:9c:4f:10:17:1b:
         61:88:26:79:ac:34:4f:d1:fc:b7:cf:31:80:8f:a0:ea:aa:13:
         c1:f3:e2:5b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUI8/sjVsMmMadojDypWae92OSquowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDU0MTAyWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1M2RjYTNhOWY0NmNjMTg5YTRjZTI5N2Q5YjAzNDFlZTRm
NWY0ODU3OWY2NDhiNzUzYWU5MmY1ZTA5MmViNDk5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCl+bc3oquUSSrnI4+TPD1qujaB1fh/pe2HeoAH6G4v+mbU
BopajOSHPjSMxv4U+L7Da7Gx9/A1xTwDcWh7beikNdJi+6HXLxcDwFvcY3sYjJPX
kWbLwNpMc12aLUXeZ8PX/ac8467bqbaFVowl5GyFrxtYzhdufLC/8odyyUmGXhkx
zzjTo5CYP4cLCZow48Zywr58+MEman9JYa109v0hkrfsancZzfLJ3+B0ik4af3G7
P2A8Ej/+DZlQU4QzeN2jJS9pIbSZGjl0ipF8gVfDfERWZxc4uc+dHpwsGFxkbsbc
gtU67hQKDW0X7qC9eWuaRreiDNE3SpP0xSmeZNoJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfrmVIga72bLDSMI8zRm3sqcYCXswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RjZDMyMDVjLTgxMTItNGE5MS1iMjkxLTE5ZGE4MWQ4NTRiMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJsn2AwDQYJKoZIhvcNAQELBQADggEBAEN4qH61fPtWVsgFGKQF3gfebMcz
mfDE6+/tFb2MNfv/3v+pJZcWDlnyr6B7JWDrzc3slfVWO0Ocs0Qaz3S+lYAzuMco
T+wuhw0knNuE40dsxZ2CN69YvPYcoKPSp4AESKqpyRPsHqBvrb3tV17bcHLbiDRe
XpTDxAPGsTP40r4epfQTvqJmcbTLCcCSaWSop5q9Vc+fHJg5mi+mv+L3hJnKcSPG
jqTE7ZQo4ttvoQF/UuRJ9qvRpMi0ZWq1TCLwCoiPqstPsWnagU6QhJN5tpxbDx+M
VYh5kniLU4zPAd/iD/rT0zqcTxAXG2GIJnmsNE/R/LfPMYCPoOqqE8Hz4ls=
-----END CERTIFICATE-----