Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e5aa29be-51ed-4cda-b5b7-e559e718415f.roa
File:                     e5aa29be-51ed-4cda-b5b7-e559e718415f.roa (raw, json)
Hash identifier:          EMmQM5IIL5H3Db5PMbYopHHSckmAGS5++H2/k9EHNas=
Subject key identifier:   FC:91:FB:B2:20:62:DD:7A:A5:45:7E:4A:A4:E0:D8:2F:5D:28:0B:C3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4845C8D56FA50515FCFFFD59539EC4FA3B2A5EC8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e5aa29be-51ed-4cda-b5b7-e559e718415f.roa
Signing time:             Mon 20 Oct 2025 06:21:34 +0000
ROA not before:           Mon 20 Oct 2025 06:21:34 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.157.102.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:45:c8:d5:6f:a5:05:15:fc:ff:fd:59:53:9e:c4:fa:3b:2a:5e:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 06:21:34 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=65fb332147e8b24051483ec2f10bd4b9374411636497d75aaccb6f686a9a06ad, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:93:d9:da:93:b2:53:dd:d5:bf:a2:41:47:ea:
                    40:1c:4e:a2:45:93:7e:de:a8:bf:68:7e:3c:2e:36:
                    08:8d:4d:12:c2:04:da:99:ea:ea:6d:ab:36:b3:96:
                    2f:de:5c:df:fb:07:25:84:d4:fe:c0:ca:31:ff:47:
                    b5:44:26:bc:f6:3d:03:8c:c5:26:12:dc:d3:9c:82:
                    3a:00:24:52:13:c8:d4:0a:bc:60:be:a6:b5:91:3d:
                    80:e6:9d:e4:3f:f9:e3:84:75:6a:65:61:cd:8d:d5:
                    d4:90:7e:84:e7:a4:43:c0:ce:7d:88:a5:74:db:b8:
                    f5:96:15:95:eb:f5:aa:e8:c2:49:42:4d:9c:65:a1:
                    27:44:e0:59:bd:dc:51:80:f6:9b:c6:24:f3:b1:e1:
                    e0:8b:80:8d:51:41:d1:f7:f2:12:9b:81:fd:dc:84:
                    24:57:fc:03:f2:22:1b:62:e1:75:2c:bb:de:6d:de:
                    fd:d9:a0:ca:e7:42:58:19:9c:70:45:f4:ad:42:e0:
                    87:7c:88:d7:a2:b7:87:5f:ce:9d:67:01:8b:6e:72:
                    50:40:b1:03:45:b2:4f:83:f2:3c:45:52:d8:84:ea:
                    90:71:89:f2:5e:bd:9b:9e:75:29:29:73:78:9c:d4:
                    18:55:f5:56:e9:dd:0b:28:a4:6f:24:10:0c:59:5d:
                    b1:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:91:FB:B2:20:62:DD:7A:A5:45:7E:4A:A4:E0:D8:2F:5D:28:0B:C3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e5aa29be-51ed-4cda-b5b7-e559e718415f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.157.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:0e:c0:59:f6:97:46:0c:85:0f:65:3f:62:7a:5b:27:0e:28:
         27:5d:66:b9:c2:c0:c5:9c:58:c5:5a:34:ac:17:58:58:3b:b2:
         55:eb:f2:e9:72:da:f7:db:31:25:c4:85:c0:e4:f3:15:e9:35:
         74:0b:8f:8b:58:46:69:1e:f0:76:69:f2:bd:57:5e:05:de:c4:
         b7:3b:79:35:fe:88:7e:f2:a9:6e:c8:b5:e4:1c:91:cb:f0:87:
         f8:6e:d8:63:b5:ca:1d:d8:e3:ea:0a:3e:6b:05:40:d3:b8:eb:
         45:52:77:8d:e4:c6:b9:52:8e:37:15:ba:5f:be:2e:2f:6f:67:
         60:65:67:74:16:60:9d:a0:36:fd:36:7a:4c:5f:02:1a:94:d4:
         70:72:63:4e:de:51:46:2f:e1:1d:4e:6a:0f:78:08:7a:51:0a:
         54:92:af:22:1f:ca:b4:86:43:80:10:4b:44:3f:32:4b:c7:55:
         f2:22:1f:a6:0b:75:26:9b:75:68:33:b9:60:8d:00:dd:29:e9:
         b3:fe:56:ae:47:24:64:cd:f4:97:03:67:15:e6:fe:73:c5:9c:
         e8:02:39:e2:dc:c2:df:bc:0f:c9:f1:e1:2f:d5:fe:fa:47:43:
         36:6e:ec:73:d9:04:90:62:13:98:da:ac:ef:c4:25:96:a5:44:
         d3:2c:78:f8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSEXI1W+lBRX8//1ZU57E+jsqXsgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDYyMTM0WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NWZiMzMyMTQ3ZThiMjQwNTE0ODNlYzJmMTBiZDRiOTM3
NDQxMTYzNjQ5N2Q3NWFhY2NiNmY2ODZhOWEwNmFkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuk9nak7JT3dW/okFH6kAcTqJFk37eqL9ofjwuNgiNTRLC
BNqZ6uptqzazli/eXN/7ByWE1P7AyjH/R7VEJrz2PQOMxSYS3NOcgjoAJFITyNQK
vGC+prWRPYDmneQ/+eOEdWplYc2N1dSQfoTnpEPAzn2IpXTbuPWWFZXr9arowklC
TZxloSdE4Fm93FGA9pvGJPOx4eCLgI1RQdH38hKbgf3chCRX/APyIhti4XUsu95t
3v3ZoMrnQlgZnHBF9K1C4Id8iNeit4dfzp1nAYtuclBAsQNFsk+D8jxFUtiE6pBx
ifJevZuedSkpc3ic1BhV9Vbp3QsopG8kEAxZXbGHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/JH7siBi3XqlRX5KpODYL10oC8MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U1YWEyOWJlLTUxZWQtNGNkYS1iNWI3LWU1NTllNzE4NDE1Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnWYwDQYJKoZIhvcNAQELBQADggEBAAgOwFn2l0YMhQ9lP2J6WycOKCdd
ZrnCwMWcWMVaNKwXWFg7slXr8uly2vfbMSXEhcDk8xXpNXQLj4tYRmke8HZp8r1X
XgXexLc7eTX+iH7yqW7IteQckcvwh/hu2GO1yh3Y4+oKPmsFQNO460VSd43kxrlS
jjcVul++Li9vZ2BlZ3QWYJ2gNv02ekxfAhqU1HByY07eUUYv4R1Oag94CHpRClSS
ryIfyrSGQ4AQS0Q/MkvHVfIiH6YLdSabdWgzuWCNAN0p6bP+Vq5HJGTN9JcDZxXm
/nPFnOgCOeLcwt+8D8nx4S/V/vpHQzZu7HPZBJBiE5jarO/EJZalRNMsePg=
-----END CERTIFICATE-----