Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0bfbcd84-c86b-44e3-bfa9-d2c6c3facca8.roa
File:                     0bfbcd84-c86b-44e3-bfa9-d2c6c3facca8.roa (raw, json)
Hash identifier:          BQjp376mx3ToU3R+l6Ug5KTTpeDPV5rqQ5agIitTtDs=
Subject key identifier:   60:32:3F:37:4E:A3:6A:6D:AB:86:E3:5C:93:C3:72:37:A7:84:48:CC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       63725F447108F145D91EE4655003FC6D6D4AA650
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0bfbcd84-c86b-44e3-bfa9-d2c6c3facca8.roa
Signing time:             Mon 20 Oct 2025 05:20:07 +0000
ROA not before:           Mon 20 Oct 2025 05:20:07 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.159.223.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:72:5f:44:71:08:f1:45:d9:1e:e4:65:50:03:fc:6d:6d:4a:a6:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 05:20:07 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=b4e7be6b9653d3629512e1fc345fa02b9db01593951e8d07a1635565326d508f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:11:ff:e7:d2:a0:11:26:b9:78:05:d4:e8:bf:
                    8b:13:ee:cc:77:6c:f8:e8:5f:63:71:df:d4:e2:4f:
                    c5:30:c7:f9:da:40:4f:bc:f5:2f:bd:96:05:80:9a:
                    aa:be:e1:c6:ca:0e:78:d6:84:c5:18:e4:96:4a:b1:
                    da:37:34:ee:22:37:6d:47:82:41:20:cd:48:5f:9d:
                    21:c9:f0:08:28:e0:78:84:d9:fa:08:04:50:f0:1b:
                    0f:d8:38:39:f0:36:ee:36:3d:80:6b:a2:ac:3d:25:
                    8a:ac:aa:26:db:50:6f:65:de:90:22:63:35:eb:2c:
                    86:77:0f:e8:26:2c:de:1c:12:26:c5:b9:a6:f9:28:
                    7b:26:96:d1:60:c1:25:ff:17:ea:b8:b3:3b:9c:52:
                    65:7f:6c:01:6e:bd:ff:0f:18:d8:ce:67:99:a7:e4:
                    f6:61:49:c7:77:9f:e6:9a:30:e2:a0:b3:0c:01:96:
                    47:fa:c7:14:9b:cd:60:d6:ee:d4:b6:e0:1a:62:c0:
                    8a:7b:bc:53:fb:4b:e2:79:ef:d7:43:66:f9:aa:48:
                    98:aa:63:8d:de:d3:6d:f2:19:7c:1a:6b:e6:9d:cb:
                    eb:f4:57:a8:d1:ba:05:1c:17:a5:7c:ad:ef:b0:b5:
                    ac:a4:57:ea:79:c0:a7:e1:f9:ef:02:e6:8c:c7:e8:
                    02:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:32:3F:37:4E:A3:6A:6D:AB:86:E3:5C:93:C3:72:37:A7:84:48:CC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0bfbcd84-c86b-44e3-bfa9-d2c6c3facca8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.159.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:1e:43:12:85:7f:36:af:5c:2b:03:a1:3b:be:ee:9a:78:31:
         59:99:3f:f0:a2:5f:e3:85:bb:38:e4:81:35:be:3a:b3:a1:25:
         c9:d6:38:c0:b9:50:04:5a:45:20:ee:d2:1f:23:86:f9:48:57:
         64:22:be:58:de:89:16:17:24:38:0b:62:2b:f8:8f:d5:00:21:
         88:ff:24:8c:d9:54:c8:80:16:71:4b:74:e5:f4:23:3e:5c:d7:
         3b:b7:56:7d:ca:5c:1d:99:0e:6f:8f:b1:25:81:c1:22:a0:f4:
         79:19:94:ec:24:6a:42:24:b4:fc:9e:d1:66:0b:f8:ef:64:1f:
         cd:28:f5:00:0e:f9:b1:e5:7a:6f:91:b8:1b:01:90:41:c6:21:
         61:a7:13:01:c4:71:03:e3:c9:ab:e4:5f:3e:bd:1f:aa:19:05:
         b7:b9:bf:50:1c:7b:87:f4:5b:0f:eb:45:b4:b5:d2:c5:6e:ad:
         07:44:b0:88:6f:83:2d:d1:29:6e:ec:da:3d:82:d0:29:a5:7b:
         64:ce:53:44:42:cf:34:70:73:3a:df:e1:ec:2a:d3:b7:76:63:
         a2:d4:3d:22:c4:66:ca:be:36:04:99:b7:3f:c6:41:46:17:27:
         2c:8d:91:bb:b0:d6:b4:7d:bd:7f:87:d2:ce:61:c7:5b:2a:1d:
         b4:2e:bb:1d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY3JfRHEI8UXZHuRlUAP8bW1KplAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDUyMDA3WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNGU3YmU2Yjk2NTNkMzYyOTUxMmUxZmMzNDVmYTAyYjlk
YjAxNTkzOTUxZThkMDdhMTYzNTU2NTMyNmQ1MDhmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwEf/n0qARJrl4BdTov4sT7sx3bPjoX2Nx39TiT8Uwx/na
QE+89S+9lgWAmqq+4cbKDnjWhMUY5JZKsdo3NO4iN21HgkEgzUhfnSHJ8Ago4HiE
2foIBFDwGw/YODnwNu42PYBroqw9JYqsqibbUG9l3pAiYzXrLIZ3D+gmLN4cEibF
uab5KHsmltFgwSX/F+q4szucUmV/bAFuvf8PGNjOZ5mn5PZhScd3n+aaMOKgswwB
lkf6xxSbzWDW7tS24BpiwIp7vFP7S+J579dDZvmqSJiqY43e023yGXwaa+ady+v0
V6jRugUcF6V8re+wtaykV+p5wKfh+e8C5ozH6AI7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYDI/N06jam2rhuNck8NyN6eESMwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBiZmJjZDg0LWM4NmItNDRlMy1iZmE5LWQyYzZjM2ZhY2NhOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsn98wDQYJKoZIhvcNAQELBQADggEBAEceQxKFfzavXCsDoTu+7pp4MVmZ
P/CiX+OFuzjkgTW+OrOhJcnWOMC5UARaRSDu0h8jhvlIV2QivljeiRYXJDgLYiv4
j9UAIYj/JIzZVMiAFnFLdOX0Iz5c1zu3Vn3KXB2ZDm+PsSWBwSKg9HkZlOwkakIk
tPye0WYL+O9kH80o9QAO+bHlem+RuBsBkEHGIWGnEwHEcQPjyavkXz69H6oZBbe5
v1Ace4f0Ww/rRbS10sVurQdEsIhvgy3RKW7s2j2C0Cmle2TOU0RCzzRwczrf4ewq
07d2Y6LUPSLEZsq+NgSZtz/GQUYXJyyNkbuw1rR9vX+H0s5hx1sqHbQuux0=
-----END CERTIFICATE-----