Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0f52a47d-5cf9-4bc5-85f1-ede32b71ea28.roa
File:                     0f52a47d-5cf9-4bc5-85f1-ede32b71ea28.roa (raw, json)
Hash identifier:          rmyXdLXIYdLwRercGL2sf1jXyQMqFv2cmDuN/269oaI=
Subject key identifier:   DC:BB:7F:E2:EC:8D:B4:DE:6E:C9:AD:E3:F5:75:E0:5E:BB:42:1B:AC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       23FC506C8D8EF12A0BD1A30C3852CA76FFBCA255
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0f52a47d-5cf9-4bc5-85f1-ede32b71ea28.roa
Signing time:             Mon 20 Oct 2025 05:51:29 +0000
ROA not before:           Mon 20 Oct 2025 05:51:29 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.159.200.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:fc:50:6c:8d:8e:f1:2a:0b:d1:a3:0c:38:52:ca:76:ff:bc:a2:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 05:51:29 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=93b9891dba234aff65d16220014438f6d2e2c484cf9abb55ed20a0d017bc0a94, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f9:2c:ec:ec:ac:f7:ea:fd:bb:a9:0c:85:9b:
                    09:62:42:bf:f5:ce:b1:03:d2:4a:30:16:e5:41:9f:
                    28:16:a8:e0:51:1d:19:ba:91:54:03:90:bb:1b:96:
                    e6:9b:b2:9a:8c:02:cd:c8:17:5b:d5:d4:11:dd:e7:
                    91:91:70:38:7e:08:ca:2b:b2:49:7b:1b:ce:00:b6:
                    14:14:c1:f6:e1:ec:2e:2c:41:e1:0d:99:3e:03:74:
                    25:b0:bc:5b:cb:72:d1:e7:1f:93:8d:9a:8e:e1:98:
                    e5:11:b2:29:c0:cf:04:f9:a6:51:b6:58:d2:2e:79:
                    6d:12:ff:73:e6:58:bb:d8:05:e8:b9:8f:46:8d:eb:
                    52:19:5f:9d:43:fb:b7:66:a8:49:7d:cb:51:a7:55:
                    46:1e:25:33:f8:8d:84:1d:b3:58:9e:92:aa:a6:02:
                    8e:c1:56:c1:15:a7:49:6e:9f:47:ed:bb:52:0b:27:
                    9a:e5:cb:78:b0:85:f0:8e:c4:6a:08:70:12:b6:8e:
                    22:0c:0e:17:06:5c:84:b5:a0:aa:2e:03:a4:e0:19:
                    81:94:4a:7e:7c:75:1d:58:e6:6d:3c:64:8f:d3:5a:
                    5d:e7:36:a6:69:6a:0b:38:12:a9:08:25:25:44:28:
                    c3:43:31:0f:17:ca:d7:47:50:44:c2:9e:80:93:b0:
                    c3:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:BB:7F:E2:EC:8D:B4:DE:6E:C9:AD:E3:F5:75:E0:5E:BB:42:1B:AC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0f52a47d-5cf9-4bc5-85f1-ede32b71ea28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.159.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:f4:2a:e7:3f:6f:42:15:34:64:16:92:8e:cc:47:c6:38:22:
         6a:41:c5:65:dc:51:a8:5a:d2:2f:af:ce:3a:6e:96:b2:30:36:
         59:e4:63:47:92:bc:9f:de:e2:48:ad:99:95:04:92:95:de:20:
         a0:3f:b0:5c:3e:5d:0e:e8:f6:87:de:0f:c8:05:e3:09:d1:3b:
         bc:da:33:25:60:53:ea:26:78:15:dc:14:5e:ea:35:58:ab:c1:
         8f:8c:58:25:4e:bb:e1:c2:fc:8f:fb:fe:ad:74:07:b2:29:c9:
         79:69:ac:c7:56:7e:74:dd:5f:51:fa:53:94:b1:c5:a8:2c:cc:
         09:e8:c9:68:40:00:0f:45:6e:bf:d0:6f:14:56:d1:8b:db:9e:
         f2:41:45:b0:5b:7c:70:7d:e2:a7:f1:a5:da:a0:70:89:14:0b:
         11:a4:30:e3:3a:97:eb:f0:88:bd:03:25:12:82:80:7a:c0:52:
         08:64:79:76:56:d3:2e:51:6f:d9:1a:2a:8c:75:bd:65:c4:6a:
         c6:2f:c9:79:b4:1a:5a:da:72:9c:c3:c6:70:67:d1:0e:cf:8b:
         24:9a:dc:78:11:8c:d3:15:1c:10:76:e6:a3:80:94:e2:c2:d2:
         ae:e0:90:61:e5:65:21:58:03:04:28:3c:ec:2d:81:2a:2f:47:
         fd:31:3f:5e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUI/xQbI2O8SoL0aMMOFLKdv+8olUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDU1MTI5WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5M2I5ODkxZGJhMjM0YWZmNjVkMTYyMjAwMTQ0MzhmNmQy
ZTJjNDg0Y2Y5YWJiNTVlZDIwYTBkMDE3YmMwYTk0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCi+Szs7Kz36v27qQyFmwliQr/1zrED0kowFuVBnygWqOBR
HRm6kVQDkLsbluabspqMAs3IF1vV1BHd55GRcDh+CMorskl7G84AthQUwfbh7C4s
QeENmT4DdCWwvFvLctHnH5ONmo7hmOURsinAzwT5plG2WNIueW0S/3PmWLvYBei5
j0aN61IZX51D+7dmqEl9y1GnVUYeJTP4jYQds1iekqqmAo7BVsEVp0lun0ftu1IL
J5rly3iwhfCOxGoIcBK2jiIMDhcGXIS1oKouA6TgGYGUSn58dR1Y5m08ZI/TWl3n
NqZpags4EqkIJSVEKMNDMQ8XytdHUETCnoCTsMMVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3Lt/4uyNtN5uya3j9XXgXrtCG6wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBmNTJhNDdkLTVjZjktNGJjNS04NWYxLWVkZTMyYjcxZWEyOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsn8gwDQYJKoZIhvcNAQELBQADggEBANL0Kuc/b0IVNGQWko7MR8Y4ImpB
xWXcUaha0i+vzjpulrIwNlnkY0eSvJ/e4kitmZUEkpXeIKA/sFw+XQ7o9ofeD8gF
4wnRO7zaMyVgU+omeBXcFF7qNVirwY+MWCVOu+HC/I/7/q10B7IpyXlprMdWfnTd
X1H6U5SxxagszAnoyWhAAA9Fbr/QbxRW0YvbnvJBRbBbfHB94qfxpdqgcIkUCxGk
MOM6l+vwiL0DJRKCgHrAUghkeXZW0y5Rb9kaKox1vWXEasYvyXm0GlracpzDxnBn
0Q7PiySa3HgRjNMVHBB25qOAlOLC0q7gkGHlZSFYAwQoPOwtgSovR/0xP14=
-----END CERTIFICATE-----