Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/096ec724-c885-447f-b083-ae290e107973.roa
File:                     096ec724-c885-447f-b083-ae290e107973.roa (raw, json)
Hash identifier:          tQLAOqCG0jfH0rbqKNRlHuYyXMkc66iLqBXdcX52wio=
Subject key identifier:   2B:4F:CA:42:55:8C:CE:DE:9E:3C:B3:3A:73:58:63:59:76:04:AB:D7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       24AA33E63DA01606BF194D0F9F662F983F142237
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/096ec724-c885-447f-b083-ae290e107973.roa
Signing time:             Mon 20 Oct 2025 05:02:18 +0000
ROA not before:           Mon 20 Oct 2025 05:02:18 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.157.133.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:aa:33:e6:3d:a0:16:06:bf:19:4d:0f:9f:66:2f:98:3f:14:22:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 05:02:18 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=ffc0ab589b7b8d38c5776ca298a3ea6584569ff7c8f1d1fb1f3333e3e7476c05, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d4:48:e1:a9:87:ee:b2:0c:68:c6:76:5c:d4:
                    a7:55:bc:b8:14:44:96:a1:7d:d3:52:0c:f8:83:0b:
                    24:dd:fc:95:0d:39:c7:34:d0:58:4f:7e:89:b0:3a:
                    25:ab:e2:51:ec:a4:c8:f1:46:9b:03:45:41:71:e4:
                    28:78:f4:83:5e:ca:1f:78:de:c9:9b:0b:9c:21:f0:
                    05:47:1f:74:4a:f8:6a:6d:90:68:8a:fb:63:fd:56:
                    9a:b3:7e:34:fa:e3:01:dd:74:79:9f:92:92:62:de:
                    fe:47:e7:81:e0:c9:ae:4b:ca:0b:bf:8f:23:1d:f6:
                    86:41:38:b8:da:6e:4b:0d:ba:03:28:a6:fa:03:26:
                    c4:0f:31:9b:72:de:64:91:db:5a:98:9f:68:c2:d5:
                    ff:f2:b7:8e:73:6f:55:12:6c:38:61:1c:d8:d7:83:
                    d9:66:42:9b:bc:9e:a2:41:94:ea:71:c4:81:30:d2:
                    08:6b:7d:16:18:96:b8:44:2e:90:2e:5e:e4:d0:39:
                    77:27:9c:cd:33:63:df:f5:38:a5:47:85:a8:24:68:
                    48:8d:f7:5f:8a:29:81:91:67:d6:39:b1:38:3b:59:
                    22:e8:90:d9:93:5f:02:dd:c4:08:f3:0c:f4:a0:a6:
                    46:fe:fd:c7:26:aa:9d:84:71:5f:74:b0:f5:d8:86:
                    23:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:4F:CA:42:55:8C:CE:DE:9E:3C:B3:3A:73:58:63:59:76:04:AB:D7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/096ec724-c885-447f-b083-ae290e107973.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.157.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:ae:bc:f9:0e:fd:f3:68:af:36:b6:29:fc:69:75:8a:b7:28:
         81:32:87:aa:d0:77:a3:a5:5c:1d:7d:c1:53:95:14:b3:be:b5:
         b2:bd:98:60:35:f7:76:b0:b4:d5:7d:0e:e4:e2:01:c6:61:c6:
         1e:be:cf:79:36:2d:cc:80:4e:38:74:6d:a9:88:62:b9:aa:b8:
         e6:19:b6:83:d8:eb:fe:1b:ae:79:ba:44:c2:27:fc:3a:b7:0c:
         ee:a8:cf:a3:3c:a2:1d:7e:1b:c9:1a:9c:28:0e:a5:56:35:0d:
         c8:50:c7:e3:d0:33:3c:17:6a:dd:19:ef:b5:ba:c7:d2:c9:fc:
         67:ce:05:39:36:cc:72:13:3c:fa:ae:90:c4:4a:92:af:0b:f1:
         25:cb:c9:13:57:11:fe:8f:00:16:1e:eb:23:12:80:a3:73:82:
         75:60:c5:37:4e:53:91:d7:58:78:85:ba:41:bd:74:06:35:6a:
         70:db:26:4d:69:4e:c1:31:62:57:44:ea:e0:71:3e:51:d7:a0:
         5a:1e:fb:d7:96:3e:1a:0d:20:0c:9d:b6:b9:e8:d5:20:39:8a:
         32:b9:2e:fb:a6:d4:90:37:8c:ea:33:82:a0:e3:5c:ef:4d:a0:
         68:66:c2:e3:30:b1:a7:4f:b0:1d:66:02:b2:c4:a6:92:9e:b8:
         85:b7:a6:85
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJKoz5j2gFga/GU0Pn2YvmD8UIjcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDUwMjE4WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZmMwYWI1ODliN2I4ZDM4YzU3NzZjYTI5OGEzZWE2NTg0
NTY5ZmY3YzhmMWQxZmIxZjMzMzNlM2U3NDc2YzA1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDB1EjhqYfusgxoxnZc1KdVvLgURJahfdNSDPiDCyTd/JUN
Occ00FhPfomwOiWr4lHspMjxRpsDRUFx5Ch49INeyh943smbC5wh8AVHH3RK+Gpt
kGiK+2P9VpqzfjT64wHddHmfkpJi3v5H54Hgya5Lygu/jyMd9oZBOLjabksNugMo
pvoDJsQPMZty3mSR21qYn2jC1f/yt45zb1USbDhhHNjXg9lmQpu8nqJBlOpxxIEw
0ghrfRYYlrhELpAuXuTQOXcnnM0zY9/1OKVHhagkaEiN91+KKYGRZ9Y5sTg7WSLo
kNmTXwLdxAjzDPSgpkb+/ccmqp2EcV90sPXYhiPlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUK0/KQlWMzt6ePLM6c1hjWXYEq9cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA5NmVjNzI0LWM4ODUtNDQ3Zi1iMDgzLWFlMjkwZTEwNzk3My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnYUwDQYJKoZIhvcNAQELBQADggEBAMeuvPkO/fNorza2KfxpdYq3KIEy
h6rQd6OlXB19wVOVFLO+tbK9mGA193awtNV9DuTiAcZhxh6+z3k2LcyATjh0bamI
YrmquOYZtoPY6/4brnm6RMIn/Dq3DO6oz6M8oh1+G8kanCgOpVY1DchQx+PQMzwX
at0Z77W6x9LJ/GfOBTk2zHITPPqukMRKkq8L8SXLyRNXEf6PABYe6yMSgKNzgnVg
xTdOU5HXWHiFukG9dAY1anDbJk1pTsExYldE6uBxPlHXoFoe+9eWPhoNIAydtrno
1SA5ijK5Lvum1JA3jOozgqDjXO9NoGhmwuMwsadPsB1mArLEppKeuIW3poU=
-----END CERTIFICATE-----