Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f61ad3a2-8113-430a-89b7-a0efe4946d85.roa
File:                     f61ad3a2-8113-430a-89b7-a0efe4946d85.roa (raw, json)
Hash identifier:          Gpm7PMLIqQDBO+Oa9Ejd+yM2JmNE6N/cluIdKv6jUBQ=
Subject key identifier:   18:48:15:1D:97:18:C8:0B:36:B2:94:81:C6:27:8A:E5:6E:E9:00:48
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       44A65EB6836681D04E1508524C4B68051D7215C4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f61ad3a2-8113-430a-89b7-a0efe4946d85.roa
Signing time:             Mon 20 Oct 2025 00:50:53 +0000
ROA not before:           Mon 20 Oct 2025 00:50:53 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.157.88.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:a6:5e:b6:83:66:81:d0:4e:15:08:52:4c:4b:68:05:1d:72:15:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 00:50:53 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=8b1932b9a1d7c54333b59b0d4e4e499318e045db23dffed9aaf6580348c4f98f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c4:8e:44:6f:39:ed:3f:62:15:41:d6:a2:4f:
                    bc:54:b6:15:22:e3:61:d0:e2:79:61:67:44:e3:d5:
                    a8:28:88:75:03:2a:87:35:3f:cc:11:5d:01:c8:2a:
                    bd:f8:eb:c7:af:4e:3b:d0:d0:95:e1:f6:7a:0d:f2:
                    1f:33:7f:5b:a5:b4:f1:ae:01:31:57:25:6b:13:71:
                    d6:19:80:be:55:89:9e:5e:7f:e8:f2:1b:e5:34:fd:
                    91:9d:bb:e5:a6:aa:44:56:12:1e:58:05:d3:54:34:
                    6e:72:41:45:0d:a6:78:b9:1a:23:fc:e9:7b:d1:ac:
                    fc:c3:73:66:c3:8a:f3:df:53:7d:78:ed:15:a6:d8:
                    ee:49:89:08:e6:f6:ad:cd:2c:7b:14:58:94:f3:43:
                    a8:f8:23:af:7b:7d:45:b7:56:3a:a1:5b:95:77:83:
                    6b:f7:75:1f:c3:e2:e5:12:96:90:be:48:74:e4:8d:
                    39:75:02:74:a4:50:fd:ff:4f:99:04:21:7a:fd:25:
                    14:84:63:d6:6e:69:3e:b5:c9:07:be:3b:e5:05:4f:
                    3e:be:86:2d:7d:c9:bf:00:5b:28:18:66:92:93:39:
                    a1:e4:89:13:62:c2:07:07:61:6a:cf:93:19:55:6f:
                    43:63:5c:57:ae:b0:4e:9e:da:fa:ab:6c:0a:47:72:
                    c3:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:48:15:1D:97:18:C8:0B:36:B2:94:81:C6:27:8A:E5:6E:E9:00:48
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f61ad3a2-8113-430a-89b7-a0efe4946d85.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.157.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c0:02:8b:c3:27:74:06:5d:55:92:29:2a:d6:75:ac:3f:03:d6:
         9f:58:d5:80:86:bd:a8:74:e3:2b:52:2d:2d:34:7a:a7:74:d0:
         fb:6b:b6:ae:2f:cc:e8:7a:93:88:e0:54:95:43:36:93:38:16:
         12:02:04:42:f4:e7:5c:75:88:26:03:b7:f9:96:9d:76:4c:e8:
         6a:b1:d9:b0:21:c7:6a:3e:31:ae:79:1d:c4:0e:23:26:c0:bc:
         5f:02:74:03:58:71:23:c8:5b:b9:b0:27:cb:5a:4e:ce:1a:5c:
         fa:3d:e7:bb:76:cb:45:b4:e9:b7:59:99:4c:0a:36:5c:0a:26:
         7f:82:98:a0:b7:11:2c:6d:83:73:44:06:dd:22:0a:f1:2c:c3:
         98:06:3d:fe:50:fa:be:3d:35:4b:a8:3d:f0:ea:a1:8a:e6:1f:
         c9:a4:4b:7c:10:c1:7d:6d:9e:f1:ef:36:15:a1:7b:be:20:d0:
         01:dd:2a:79:fe:34:bc:16:67:c8:63:0c:08:e2:75:bc:a5:26:
         65:9f:4b:c3:ef:f0:47:4a:6c:0e:bf:42:86:83:56:19:e1:9c:
         55:26:6e:1f:a4:29:ef:f7:9b:7d:7d:42:22:b2:27:64:19:8a:
         f3:f8:13:10:03:d1:17:f3:94:f1:17:3d:0d:0b:cb:1f:a5:7f:
         62:5b:dc:63
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURKZetoNmgdBOFQhSTEtoBR1yFcQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDA1MDUzWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YjE5MzJiOWExZDdjNTQzMzNiNTliMGQ0ZTRlNDk5MzE4
ZTA0NWRiMjNkZmZlZDlhYWY2NTgwMzQ4YzRmOThmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCaxI5EbzntP2IVQdaiT7xUthUi42HQ4nlhZ0Tj1agoiHUD
Koc1P8wRXQHIKr3468evTjvQ0JXh9noN8h8zf1ultPGuATFXJWsTcdYZgL5ViZ5e
f+jyG+U0/ZGdu+WmqkRWEh5YBdNUNG5yQUUNpni5GiP86XvRrPzDc2bDivPfU314
7RWm2O5JiQjm9q3NLHsUWJTzQ6j4I697fUW3VjqhW5V3g2v3dR/D4uUSlpC+SHTk
jTl1AnSkUP3/T5kEIXr9JRSEY9ZuaT61yQe+O+UFTz6+hi19yb8AWygYZpKTOaHk
iRNiwgcHYWrPkxlVb0NjXFeusE6e2vqrbApHcsNvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGEgVHZcYyAs2spSBxieK5W7pAEgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y2MWFkM2EyLTgxMTMtNDMwYS04OWI3LWEwZWZlNDk0NmQ4NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJsnVgwDQYJKoZIhvcNAQELBQADggEBAMACi8MndAZdVZIpKtZ1rD8D1p9Y
1YCGvah04ytSLS00eqd00Ptrtq4vzOh6k4jgVJVDNpM4FhICBEL051x1iCYDt/mW
nXZM6Gqx2bAhx2o+Ma55HcQOIybAvF8CdANYcSPIW7mwJ8taTs4aXPo957t2y0W0
6bdZmUwKNlwKJn+CmKC3ESxtg3NEBt0iCvEsw5gGPf5Q+r49NUuoPfDqoYrmH8mk
S3wQwX1tnvHvNhWhe74g0AHdKnn+NLwWZ8hjDAjidbylJmWfS8Pv8EdKbA6/QoaD
VhnhnFUmbh+kKe/3m319QiKyJ2QZivP4ExAD0RfzlPEXPQ0Lyx+lf2Jb3GM=
-----END CERTIFICATE-----