Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec7886da-c248-4bb8-8fd8-c0f19292ebae.roa
File:                     ec7886da-c248-4bb8-8fd8-c0f19292ebae.roa (raw, json)
Hash identifier:          TsSDCAHlL6cofm6MMkASO6AY4HkFy6Vzcd3fqiOHS+Y=
Subject key identifier:   81:31:CA:0B:4E:7B:1F:AA:F8:29:A8:BB:94:95:19:ED:47:F9:60:10
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       195354795838D500F3699A809A273F67BBAE3F7F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec7886da-c248-4bb8-8fd8-c0f19292ebae.roa
Signing time:             Mon 20 Oct 2025 04:20:10 +0000
ROA not before:           Mon 20 Oct 2025 04:20:10 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.157.98.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:53:54:79:58:38:d5:00:f3:69:9a:80:9a:27:3f:67:bb:ae:3f:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 04:20:10 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=22a15b873e49e00c5c35db96eca21461b52c23000928feb2332834d67e49bd10, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:8b:d6:82:c7:72:37:3b:9c:ce:aa:6f:93:11:
                    4e:3f:f4:3d:f1:86:92:c6:08:cd:b7:c8:2d:62:27:
                    9f:1d:52:6a:61:ea:86:01:49:f2:4e:62:a8:0d:52:
                    44:89:10:a0:5b:f3:02:de:47:1e:77:35:20:eb:d2:
                    c6:e0:af:9a:57:59:b8:8f:31:76:90:49:6e:41:2a:
                    9e:76:48:f9:0b:40:3c:05:de:a1:90:7e:41:f5:4c:
                    a2:d7:2a:b7:a2:ac:be:33:d9:83:ef:0d:cb:c2:98:
                    62:d8:8f:f5:14:26:9c:6a:7c:1a:43:4a:5c:c9:aa:
                    e2:92:31:07:e8:7d:2c:a7:fa:63:62:2a:38:d8:0b:
                    7c:41:d0:e8:98:6f:2e:b7:6f:40:92:74:6c:3a:17:
                    7a:2d:ba:47:3b:d4:e2:84:0d:59:28:b8:94:cd:d5:
                    d4:79:42:05:a6:31:70:b1:82:30:8c:79:3b:20:82:
                    9d:56:5a:de:7f:3a:0f:e1:8a:18:8e:68:cd:78:97:
                    bc:fe:b4:2d:14:e2:f8:a8:e0:55:04:2d:77:f5:3b:
                    43:db:3f:66:0e:e0:f7:4e:0b:b2:53:78:5e:4b:a5:
                    ac:ef:45:d4:d5:9d:e5:e1:98:85:18:36:1d:61:d6:
                    cd:06:96:2b:21:5a:f8:b2:27:cc:89:54:74:44:e1:
                    5d:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:31:CA:0B:4E:7B:1F:AA:F8:29:A8:BB:94:95:19:ED:47:F9:60:10
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec7886da-c248-4bb8-8fd8-c0f19292ebae.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.157.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:29:d5:be:f8:36:9b:0e:5c:90:aa:3f:47:fe:51:7e:7b:d9:
         99:7c:f1:22:5f:fa:81:8d:25:66:c7:93:a2:63:41:24:22:e9:
         c9:e1:83:b0:c3:a7:b7:19:1d:14:92:d1:3d:0b:b7:7f:13:fb:
         d3:fe:76:30:1b:f7:aa:4c:d2:6c:49:b0:ad:94:84:31:94:ff:
         7b:80:cc:c8:cb:31:1d:8e:f9:08:af:b7:d6:3f:8b:da:d4:4c:
         8b:7a:e8:35:dc:04:98:7e:a3:e5:2b:e1:3a:e2:ef:2e:72:8b:
         b6:c3:1b:79:a4:b0:4a:2a:c9:fc:3a:da:0e:b4:d4:1f:7b:98:
         35:a5:6b:2b:d2:82:90:ff:ee:f2:ff:5b:f9:a7:18:e2:5d:74:
         75:38:e9:5b:e5:99:91:ca:81:d6:7a:95:86:ce:69:2a:50:50:
         b0:d2:50:56:65:f2:08:05:38:1e:2b:55:6e:8f:3d:5a:71:14:
         be:37:68:3e:33:65:e6:97:2b:21:0d:eb:54:f7:b4:93:c6:8b:
         6f:47:8f:e0:41:8e:89:8b:46:2e:89:c1:ff:79:cd:c6:33:70:
         a7:a3:a9:ba:c7:fc:c1:9f:a4:7c:10:a1:c5:27:b3:b7:55:37:
         99:3c:30:00:fa:e9:ef:7a:cd:ee:69:72:bf:18:bd:29:db:1a:
         26:ca:0d:ae
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGVNUeVg41QDzaZqAmic/Z7uuP38wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDQyMDEwWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMmExNWI4NzNlNDllMDBjNWMzNWRiOTZlY2EyMTQ2MWI1
MmMyMzAwMDkyOGZlYjIzMzI4MzRkNjdlNDliZDEwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCOi9aCx3I3O5zOqm+TEU4/9D3xhpLGCM23yC1iJ58dUmph
6oYBSfJOYqgNUkSJEKBb8wLeRx53NSDr0sbgr5pXWbiPMXaQSW5BKp52SPkLQDwF
3qGQfkH1TKLXKreirL4z2YPvDcvCmGLYj/UUJpxqfBpDSlzJquKSMQfofSyn+mNi
KjjYC3xB0OiYby63b0CSdGw6F3otukc71OKEDVkouJTN1dR5QgWmMXCxgjCMeTsg
gp1WWt5/Og/hihiOaM14l7z+tC0U4vio4FUELXf1O0PbP2YO4PdOC7JTeF5Lpazv
RdTVneXhmIUYNh1h1s0GlishWviyJ8yJVHRE4V2VAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgTHKC057H6r4Kai7lJUZ7Uf5YBAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VjNzg4NmRhLWMyNDgtNGJiOC04ZmQ4LWMwZjE5MjkyZWJhZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnWIwDQYJKoZIhvcNAQELBQADggEBADIp1b74NpsOXJCqP0f+UX572Zl8
8SJf+oGNJWbHk6JjQSQi6cnhg7DDp7cZHRSS0T0Lt38T+9P+djAb96pM0mxJsK2U
hDGU/3uAzMjLMR2O+Qivt9Y/i9rUTIt66DXcBJh+o+Ur4Tri7y5yi7bDG3mksEoq
yfw62g601B97mDWlayvSgpD/7vL/W/mnGOJddHU46VvlmZHKgdZ6lYbOaSpQULDS
UFZl8ggFOB4rVW6PPVpxFL43aD4zZeaXKyEN61T3tJPGi29Hj+BBjomLRi6Jwf95
zcYzcKejqbrH/MGfpHwQocUns7dVN5k8MAD66e96ze5pcr8YvSnbGibKDa4=
-----END CERTIFICATE-----