Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0b2ec4ef-cf21-483d-9fcf-7f370345e8b8.roa
File:                     0b2ec4ef-cf21-483d-9fcf-7f370345e8b8.roa (raw, json)
Hash identifier:          3aVM8s5fibhK95M0iFLc7oL/n0g86hjcN4RgQq1pGMA=
Subject key identifier:   07:24:9E:78:78:32:C4:59:2C:08:25:99:E0:3D:E2:50:15:7D:30:D8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       13502BE4DE79FB0967646AC468D99CA3AFECD5E3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0b2ec4ef-cf21-483d-9fcf-7f370345e8b8.roa
Signing time:             Mon 20 Oct 2025 02:31:48 +0000
ROA not before:           Mon 20 Oct 2025 02:31:48 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.159.168.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:50:2b:e4:de:79:fb:09:67:64:6a:c4:68:d9:9c:a3:af:ec:d5:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 02:31:48 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=77955d29f8fd3dcb32bbae932f5ecf677f9630e4104f4e376c4616d2c300a709, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d7:ba:1f:0c:76:25:7b:57:5e:07:b4:28:5b:
                    05:b7:9a:88:d0:ce:c6:64:91:77:23:27:90:25:5b:
                    46:34:23:c5:4e:ca:4b:d9:81:b6:c4:74:99:2a:37:
                    98:94:5b:0a:ad:ea:66:15:2c:f7:97:d2:2a:e2:65:
                    10:4a:02:89:21:2d:53:8e:65:49:98:1b:1a:4b:46:
                    21:2a:ee:f4:b0:c8:89:aa:98:cb:ef:2b:a3:09:cc:
                    c2:11:2d:b6:90:56:a7:42:0d:60:50:26:9f:af:ef:
                    10:59:64:51:ad:02:88:5f:9c:19:46:40:a6:d1:ed:
                    72:9e:a1:26:d1:3e:e2:78:a7:8e:61:f0:b1:99:8b:
                    a9:a3:88:d7:57:95:63:8a:da:3d:19:20:37:c7:0c:
                    d0:e1:54:45:62:a1:41:0e:20:a7:5a:f4:0d:6f:5f:
                    09:ba:22:a5:9f:fc:a9:45:35:8b:50:d9:ce:8c:fc:
                    47:dd:9e:95:3a:d9:99:10:40:5a:62:f3:62:73:e7:
                    f6:7b:dd:dd:34:17:cc:71:4b:e4:8b:88:dd:b9:69:
                    d5:f2:17:94:d1:3c:cf:59:3f:73:4e:be:74:52:cd:
                    52:ed:c9:6e:45:14:4e:6c:17:c5:ca:d4:e7:75:a5:
                    49:55:e5:ca:eb:8c:32:d5:54:89:2d:0d:ae:23:db:
                    eb:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:24:9E:78:78:32:C4:59:2C:08:25:99:E0:3D:E2:50:15:7D:30:D8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0b2ec4ef-cf21-483d-9fcf-7f370345e8b8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.159.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         99:21:db:b2:c1:7f:b3:08:fe:9f:89:ef:27:18:c9:3b:2e:27:
         10:31:fc:20:c9:fe:61:16:f2:2d:3a:22:53:2c:da:2f:23:c4:
         eb:2f:2f:fd:42:d2:fc:d0:c4:c5:2c:ac:53:87:c0:5c:74:d0:
         9d:50:f9:86:de:7b:43:b4:38:64:c1:01:79:49:71:ef:5d:99:
         71:4c:9a:17:99:31:4f:06:32:fc:de:83:4f:b2:2f:f4:37:5a:
         b2:05:69:92:5f:c9:24:04:6e:45:27:77:b2:72:7d:f7:28:b8:
         19:c7:ed:e9:f1:da:e9:8e:bf:bf:cb:bb:53:96:64:cd:64:c6:
         40:21:34:41:ab:f5:71:18:df:0e:b2:37:21:eb:62:cf:2e:48:
         7d:d4:1b:e2:1e:ca:f0:52:ec:74:22:d5:ed:af:14:ec:7a:4a:
         3e:5d:bb:56:61:59:e5:98:22:ca:97:f4:2f:c6:52:43:1a:a7:
         a8:64:71:66:dc:d8:76:a2:6c:36:4f:1e:f0:5c:bc:ca:11:06:
         44:31:67:ab:fb:66:31:03:e8:64:5b:64:d7:3e:14:9c:4e:a3:
         f9:15:7b:18:35:31:85:bc:d8:41:7a:67:73:49:7f:46:a9:99:
         d4:29:74:d1:fb:0b:ee:af:c7:77:60:aa:c4:2e:6c:21:79:5a:
         38:27:6b:78
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUE1Ar5N55+wlnZGrEaNmco6/s1eMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDIzMTQ4WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3Nzk1NWQyOWY4ZmQzZGNiMzJiYmFlOTMyZjVlY2Y2Nzdm
OTYzMGU0MTA0ZjRlMzc2YzQ2MTZkMmMzMDBhNzA5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDI17ofDHYle1deB7QoWwW3mojQzsZkkXcjJ5AlW0Y0I8VO
ykvZgbbEdJkqN5iUWwqt6mYVLPeX0iriZRBKAokhLVOOZUmYGxpLRiEq7vSwyImq
mMvvK6MJzMIRLbaQVqdCDWBQJp+v7xBZZFGtAohfnBlGQKbR7XKeoSbRPuJ4p45h
8LGZi6mjiNdXlWOK2j0ZIDfHDNDhVEVioUEOIKda9A1vXwm6IqWf/KlFNYtQ2c6M
/EfdnpU62ZkQQFpi82Jz5/Z73d00F8xxS+SLiN25adXyF5TRPM9ZP3NOvnRSzVLt
yW5FFE5sF8XK1Od1pUlV5crrjDLVVIktDa4j2+vTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUBySeeHgyxFksCCWZ4D3iUBV9MNgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBiMmVjNGVmLWNmMjEtNDgzZC05ZmNmLTdmMzcwMzQ1ZThiOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANsn6gwDQYJKoZIhvcNAQELBQADggEBAJkh27LBf7MI/p+J7ycYyTsuJxAx
/CDJ/mEW8i06IlMs2i8jxOsvL/1C0vzQxMUsrFOHwFx00J1Q+Ybee0O0OGTBAXlJ
ce9dmXFMmheZMU8GMvzeg0+yL/Q3WrIFaZJfySQEbkUnd7JyffcouBnH7enx2umO
v7/Lu1OWZM1kxkAhNEGr9XEY3w6yNyHrYs8uSH3UG+IeyvBS7HQi1e2vFOx6Sj5d
u1ZhWeWYIsqX9C/GUkMap6hkcWbc2HaibDZPHvBcvMoRBkQxZ6v7ZjED6GRbZNc+
FJxOo/kVexg1MYW82EF6Z3NJf0apmdQpdNH7C+6vx3dgqsQubCF5Wjgna3g=
-----END CERTIFICATE-----