Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/02b28606-7b70-458e-80e0-21c5c26ac832.roa
File:                     02b28606-7b70-458e-80e0-21c5c26ac832.roa (raw, json)
Hash identifier:          FJRbQedebFQgsj4a52QGnlmvoj+v5YxqUmvItvCn2i4=
Subject key identifier:   09:5A:B6:9B:DE:26:C5:05:94:B5:29:4E:98:51:4C:FC:91:A9:EA:D5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3250788B737A7B9B61D21325047B8114FDA43C77
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/02b28606-7b70-458e-80e0-21c5c26ac832.roa
Signing time:             Mon 20 Oct 2025 03:11:24 +0000
ROA not before:           Mon 20 Oct 2025 03:11:24 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.156.16.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:50:78:8b:73:7a:7b:9b:61:d2:13:25:04:7b:81:14:fd:a4:3c:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 03:11:24 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=562b39dcb959d16b2534cc64efad4604a7e2ad8ff62a605e7163c296c3ca2f4d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:67:6c:09:52:92:7a:a7:49:bb:b3:87:63:b4:
                    3e:0b:6b:cf:4d:12:ad:2e:83:ac:32:87:f4:cb:0b:
                    54:89:8c:c3:43:fb:24:5b:74:b9:56:ae:b4:94:b2:
                    af:14:1a:cb:49:0f:5e:7a:ed:69:77:99:27:e7:91:
                    3a:f2:66:61:13:22:77:2a:a0:a6:bc:e6:84:fe:82:
                    b5:b1:a2:0a:02:9c:9f:f6:56:6e:d2:3d:06:28:f8:
                    37:89:76:82:bf:a5:ba:ef:15:7c:c8:01:d9:75:68:
                    e6:80:8b:42:5a:41:5d:6d:71:9c:d7:eb:e2:11:86:
                    c2:29:51:28:6b:b6:b0:e1:3d:3f:83:81:25:21:a7:
                    35:53:c7:96:eb:c3:86:71:8a:8d:a9:7e:a6:99:86:
                    e4:27:3d:f6:5a:82:28:83:45:d2:dc:57:51:e1:af:
                    23:5e:29:27:b8:a9:17:e6:bc:72:92:1d:02:02:d4:
                    0c:2e:54:47:a6:61:99:91:ab:e3:34:a4:ba:11:b8:
                    b7:aa:e6:13:1d:89:a8:52:85:7d:d8:33:42:91:4f:
                    19:12:9e:f1:2a:b3:8c:1a:dc:86:13:8c:a4:09:6d:
                    be:87:5a:01:0e:bf:44:14:5e:cf:59:fd:08:8d:f9:
                    7b:dc:ff:96:de:63:e1:12:c5:18:82:ff:17:a7:7d:
                    80:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:5A:B6:9B:DE:26:C5:05:94:B5:29:4E:98:51:4C:FC:91:A9:EA:D5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/02b28606-7b70-458e-80e0-21c5c26ac832.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.156.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         48:a4:9f:c1:1a:f4:69:a1:bd:ad:38:90:16:86:5e:91:3d:77:
         05:4d:38:8f:a3:f3:7d:db:e8:fb:84:c1:82:7c:7c:e5:70:6b:
         5a:23:ff:af:5f:02:9b:54:db:61:b9:a5:86:c6:e7:98:7f:31:
         d6:37:3e:b4:2b:55:d9:ad:fb:53:07:2a:95:94:af:e9:e3:2d:
         24:b3:96:41:bb:20:2b:39:96:ed:1f:0d:3f:c5:ee:38:72:f3:
         f8:19:0c:c6:27:d9:ef:47:56:3a:01:d0:bd:a8:75:0e:9f:0e:
         79:27:af:76:d5:44:48:ff:17:6a:e7:a0:34:84:54:eb:30:73:
         15:53:35:b5:24:d1:95:e7:25:4a:e6:d3:42:c0:48:03:e5:d6:
         91:69:6b:43:9d:85:3c:95:2d:a3:5c:a0:4c:38:d4:23:c4:09:
         ef:51:30:60:ea:59:10:b3:fa:d3:2b:3b:f2:38:db:e9:97:b4:
         5a:0d:56:a5:55:18:4d:05:49:2a:f0:04:a3:39:6a:06:2b:fd:
         3a:b1:74:f2:78:73:d1:fc:6d:ea:c3:ca:fd:84:0a:8c:97:bb:
         cd:45:19:02:46:1e:ec:37:42:50:cc:b8:de:48:ee:87:3e:72:
         57:30:e2:18:98:bc:d7:0e:80:58:64:92:70:cd:a4:03:86:e8:
         ff:15:f8:08
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMlB4i3N6e5th0hMlBHuBFP2kPHcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDMxMTI0WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NjJiMzlkY2I5NTlkMTZiMjUzNGNjNjRlZmFkNDYwNGE3
ZTJhZDhmZjYyYTYwNWU3MTYzYzI5NmMzY2EyZjRkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSZ2wJUpJ6p0m7s4djtD4La89NEq0ug6wyh/TLC1SJjMND
+yRbdLlWrrSUsq8UGstJD1567Wl3mSfnkTryZmETIncqoKa85oT+grWxogoCnJ/2
Vm7SPQYo+DeJdoK/pbrvFXzIAdl1aOaAi0JaQV1tcZzX6+IRhsIpUShrtrDhPT+D
gSUhpzVTx5brw4Zxio2pfqaZhuQnPfZagiiDRdLcV1HhryNeKSe4qRfmvHKSHQIC
1AwuVEemYZmRq+M0pLoRuLeq5hMdiahShX3YM0KRTxkSnvEqs4wa3IYTjKQJbb6H
WgEOv0QUXs9Z/QiN+Xvc/5beY+ESxRiC/xenfYB3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCVq2m94mxQWUtSlOmFFM/JGp6tUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAyYjI4NjA2LTdiNzAtNDU4ZS04MGUwLTIxYzVjMjZhYzgzMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARsnBAwDQYJKoZIhvcNAQELBQADggEBAEikn8Ea9Gmhva04kBaGXpE9dwVN
OI+j833b6PuEwYJ8fOVwa1oj/69fAptU22G5pYbG55h/MdY3PrQrVdmt+1MHKpWU
r+njLSSzlkG7ICs5lu0fDT/F7jhy8/gZDMYn2e9HVjoB0L2odQ6fDnknr3bVREj/
F2rnoDSEVOswcxVTNbUk0ZXnJUrm00LASAPl1pFpa0OdhTyVLaNcoEw41CPECe9R
MGDqWRCz+tMrO/I42+mXtFoNVqVVGE0FSSrwBKM5agYr/TqxdPJ4c9H8berDyv2E
CoyXu81FGQJGHuw3QlDMuN5I7oc+clcw4hiYvNcOgFhkknDNpAOG6P8V+Ag=
-----END CERTIFICATE-----