Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/08c15296-82ec-44fa-a593-b02f0af3779e.roa
File:                     08c15296-82ec-44fa-a593-b02f0af3779e.roa (raw, json)
Hash identifier:          gkOs3ut4pcFv69K5FFUjE4SvEXlNA45oGQrEZE0qPAU=
Subject key identifier:   A0:29:F7:1A:B0:EF:10:60:D4:BC:9A:C0:0F:B3:34:67:A8:5D:D0:FB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4117F76FFA526624340EC142D8381E7E9E127C2D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/08c15296-82ec-44fa-a593-b02f0af3779e.roa
Signing time:             Mon 20 Oct 2025 06:11:24 +0000
ROA not before:           Mon 20 Oct 2025 06:11:24 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.156.114.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:17:f7:6f:fa:52:66:24:34:0e:c1:42:d8:38:1e:7e:9e:12:7c:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 06:11:24 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=eeff78a27eb7cf1cf4cd510b93887fa87e34d6cda2fb0dd4cf876c77bff55013, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:67:e8:2b:8b:03:70:04:1e:25:a4:d0:40:b3:
                    f6:5e:e8:41:ee:6c:36:f1:aa:01:ca:05:8a:26:da:
                    11:32:27:b7:88:ab:fa:06:22:a1:1e:79:bb:97:72:
                    ec:bd:c1:10:8e:ea:f3:2a:92:ec:a3:ab:b1:8a:62:
                    29:d1:d0:20:49:a5:d7:0b:aa:93:1d:71:a1:97:76:
                    93:9d:2a:48:0d:85:63:7a:97:15:38:35:5d:f8:2a:
                    5d:d8:2f:2d:48:79:b7:4c:9a:ba:bf:2e:97:dc:a7:
                    a4:a6:46:ab:98:72:72:a7:0b:53:21:9e:5a:06:3a:
                    a1:0d:36:91:b6:75:80:b3:ca:11:d9:c6:5e:29:55:
                    b5:df:ff:69:f1:07:37:79:8d:48:4c:c5:f4:22:40:
                    cc:84:d3:33:0b:ac:5b:f3:c8:4e:fa:cd:b6:86:ad:
                    a4:38:00:59:0c:3f:bc:9a:44:1f:76:60:9e:15:f7:
                    25:fe:01:0d:19:86:a4:be:d2:25:5f:47:82:63:80:
                    a7:c3:c2:b9:76:56:4b:60:77:2c:a1:8a:e2:b8:2e:
                    0c:60:96:49:e9:6b:74:ca:2b:e9:54:77:32:00:1c:
                    1b:e5:b4:e5:bb:d0:51:1f:f9:b4:a0:2b:13:c7:13:
                    84:d4:b7:15:9c:ec:f7:41:f6:87:d5:a1:f9:10:0e:
                    9d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:29:F7:1A:B0:EF:10:60:D4:BC:9A:C0:0F:B3:34:67:A8:5D:D0:FB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/08c15296-82ec-44fa-a593-b02f0af3779e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.156.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bb:32:36:6f:ee:d1:1d:cf:08:5b:56:7e:ab:47:15:3a:08:55:
         44:50:24:50:28:eb:5b:a1:29:8d:db:05:a3:e7:b9:0a:08:57:
         24:ca:73:80:df:df:19:db:e8:01:dd:b9:89:2f:bb:89:53:0f:
         a8:a1:ef:a7:fc:e4:4b:7c:12:38:73:55:95:7b:21:2f:e4:ba:
         59:6e:59:b7:33:fc:24:bf:03:9a:e2:44:54:42:c0:e0:64:21:
         39:26:f6:21:02:17:35:59:1b:af:91:51:60:7d:b8:a2:32:ba:
         db:66:62:13:8c:36:63:bc:0d:de:2d:20:16:87:c4:58:3b:4f:
         bf:e0:d7:00:73:f7:13:4c:90:be:8d:3d:08:0e:f0:8c:e1:d0:
         3d:d2:4b:0c:20:13:4c:ac:3a:2e:a1:47:87:d9:eb:e8:bc:7c:
         86:2a:89:ef:5c:fb:52:98:c7:79:04:38:94:6b:f0:a1:da:97:
         c4:96:ef:fb:0e:6a:97:ea:9a:96:ed:7b:cd:b1:fb:3c:40:f9:
         a7:c3:c4:fb:12:70:db:d1:f5:72:20:47:c8:9d:d3:d6:91:61:
         1a:75:01:f2:cc:22:b3:ab:cb:51:ff:ec:2f:2d:0d:ad:f1:cd:
         0f:eb:7e:97:fa:44:dc:7f:bf:fe:85:af:dc:f7:cb:40:21:99:
         10:c1:a3:61
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQRf3b/pSZiQ0DsFC2Dgefp4SfC0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDYxMTI0WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZWZmNzhhMjdlYjdjZjFjZjRjZDUxMGI5Mzg4N2ZhODdl
MzRkNmNkYTJmYjBkZDRjZjg3NmM3N2JmZjU1MDEzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWZ+griwNwBB4lpNBAs/Ze6EHubDbxqgHKBYom2hEyJ7eI
q/oGIqEeebuXcuy9wRCO6vMqkuyjq7GKYinR0CBJpdcLqpMdcaGXdpOdKkgNhWN6
lxU4NV34Kl3YLy1IebdMmrq/Lpfcp6SmRquYcnKnC1MhnloGOqENNpG2dYCzyhHZ
xl4pVbXf/2nxBzd5jUhMxfQiQMyE0zMLrFvzyE76zbaGraQ4AFkMP7yaRB92YJ4V
9yX+AQ0ZhqS+0iVfR4JjgKfDwrl2VktgdyyhiuK4Lgxglknpa3TKK+lUdzIAHBvl
tOW70FEf+bSgKxPHE4TUtxWc7PdB9ofVofkQDp2nAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoCn3GrDvEGDUvJrAD7M0Z6hd0PswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA4YzE1Mjk2LTgyZWMtNDRmYS1hNTkzLWIwMmYwYWYzNzc5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFsnHIwDQYJKoZIhvcNAQELBQADggEBALsyNm/u0R3PCFtWfqtHFToIVURQ
JFAo61uhKY3bBaPnuQoIVyTKc4Df3xnb6AHduYkvu4lTD6ih76f85Et8EjhzVZV7
IS/kulluWbcz/CS/A5riRFRCwOBkITkm9iECFzVZG6+RUWB9uKIyuttmYhOMNmO8
Dd4tIBaHxFg7T7/g1wBz9xNMkL6NPQgO8Izh0D3SSwwgE0ysOi6hR4fZ6+i8fIYq
ie9c+1KYx3kEOJRr8KHal8SW7/sOapfqmpbte82x+zxA+afDxPsScNvR9XIgR8id
09aRYRp1AfLMIrOry1H/7C8tDa3xzQ/rfpf6RNx/v/6Fr9z3y0AhmRDBo2E=
-----END CERTIFICATE-----