Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1a3f4c9a-24e9-4f0d-a234-fcac235cbf9a.roa
File:                     1a3f4c9a-24e9-4f0d-a234-fcac235cbf9a.roa (raw, json)
Hash identifier:          WNsRmhC/r8r3xVCW+EY7H6mp7f4pW/5bqdijC3Mwlbk=
Subject key identifier:   E7:F4:B0:EC:1A:F2:0A:C1:FF:53:89:FD:C3:C0:66:CD:27:43:87:2A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3F5624B1F70269887CA52225804E2F5C5F51ED61
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1a3f4c9a-24e9-4f0d-a234-fcac235cbf9a.roa
Signing time:             Mon 20 Oct 2025 06:00:07 +0000
ROA not before:           Mon 20 Oct 2025 06:00:07 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.157.14.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:56:24:b1:f7:02:69:88:7c:a5:22:25:80:4e:2f:5c:5f:51:ed:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 06:00:07 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=aae0bb8c2684ba3a89397903c44f306c7874a429cba2c7ffd60b76246b934cdb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:17:0a:65:1a:4a:39:a0:b2:3f:f1:59:a6:bb:
                    52:c6:88:82:85:4b:e9:c0:1f:d4:fd:da:68:e8:b1:
                    60:d4:a6:42:ba:3d:df:0b:45:43:10:39:ba:6c:0b:
                    09:20:38:67:c8:2a:83:10:bf:73:cc:f1:ae:da:bf:
                    6f:e2:04:f7:4e:77:2e:97:b5:46:e2:0c:d7:6c:74:
                    9f:fa:31:af:9d:0c:e2:1e:ed:41:43:ab:a1:59:89:
                    59:8e:15:fb:7d:f4:1b:3d:e0:0f:d2:a4:6f:10:09:
                    00:03:22:01:57:ec:b1:7a:11:7f:94:a0:17:ef:23:
                    3e:17:0e:c6:32:23:cd:44:02:0d:67:a2:d7:c5:3c:
                    07:1f:9b:c2:ce:d9:45:b6:b7:5e:31:ed:b8:27:cc:
                    eb:f1:df:14:21:92:18:e9:0a:de:42:4b:4a:ea:3e:
                    66:6a:e0:74:4a:5b:8a:2b:2c:9a:c7:c5:6d:ab:6c:
                    de:66:61:b4:38:3a:e3:7c:8e:1b:20:d6:be:36:77:
                    f8:a9:6c:3a:fa:16:0a:f8:26:49:96:c5:87:2f:41:
                    a3:d6:e2:80:91:d1:f7:d3:a3:89:17:7b:fe:d8:cc:
                    5f:4b:0b:f0:2b:80:a5:89:f5:44:72:2f:4c:32:89:
                    d0:86:3a:ed:bc:82:4d:d1:d0:16:02:16:14:b5:28:
                    a5:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:F4:B0:EC:1A:F2:0A:C1:FF:53:89:FD:C3:C0:66:CD:27:43:87:2A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1a3f4c9a-24e9-4f0d-a234-fcac235cbf9a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.157.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:9a:8e:40:9c:2b:86:25:f9:8c:f4:45:f1:2d:72:52:cc:54:
         32:0b:7b:17:8a:78:a6:40:47:f3:75:1c:4e:9f:09:7d:6f:04:
         e6:7d:fc:0e:89:98:a3:ae:12:cb:b1:8a:c6:1e:94:ed:3a:ad:
         04:e2:eb:7b:0c:15:25:38:52:80:d6:25:8a:81:ed:ee:c7:d6:
         36:3d:16:77:38:1f:13:7f:be:ec:58:20:99:08:53:a5:b5:61:
         9b:91:bd:bb:a8:61:58:0c:6a:ef:0b:bf:10:9e:9e:c1:fa:43:
         3a:03:61:30:4c:1e:06:b2:64:60:3a:04:78:83:6b:78:a2:d0:
         34:e3:0b:fd:95:d1:0e:ba:1a:1b:9b:a8:a1:ff:4e:3c:67:26:
         53:97:3d:88:e4:82:bc:43:40:a4:b7:e6:e1:91:4b:c7:f1:9c:
         c1:d5:c0:4a:32:0d:45:8e:8e:cd:2d:45:7e:04:4a:e3:a9:2a:
         c6:59:1a:a5:15:36:2c:25:da:87:2b:80:a8:40:af:cc:1a:16:
         e0:17:b9:13:4b:f5:be:1d:ce:29:1e:ec:1c:a5:f2:4f:f5:55:
         e5:32:b3:6b:a4:55:f6:80:0b:53:67:21:e1:e0:0d:dd:67:83:
         a0:20:41:82:37:c4:a1:55:f6:ee:9c:fc:ea:54:02:c9:8d:c9:
         ca:ab:73:5a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUP1YksfcCaYh8pSIlgE4vXF9R7WEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDYwMDA3WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYWUwYmI4YzI2ODRiYTNhODkzOTc5MDNjNDRmMzA2Yzc4
NzRhNDI5Y2JhMmM3ZmZkNjBiNzYyNDZiOTM0Y2RiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrFwplGko5oLI/8Vmmu1LGiIKFS+nAH9T92mjosWDUpkK6
Pd8LRUMQObpsCwkgOGfIKoMQv3PM8a7av2/iBPdOdy6XtUbiDNdsdJ/6Ma+dDOIe
7UFDq6FZiVmOFft99Bs94A/SpG8QCQADIgFX7LF6EX+UoBfvIz4XDsYyI81EAg1n
otfFPAcfm8LO2UW2t14x7bgnzOvx3xQhkhjpCt5CS0rqPmZq4HRKW4orLJrHxW2r
bN5mYbQ4OuN8jhsg1r42d/ipbDr6Fgr4JkmWxYcvQaPW4oCR0ffTo4kXe/7YzF9L
C/ArgKWJ9URyL0wyidCGOu28gk3R0BYCFhS1KKUTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5/Sw7BryCsH/U4n9w8BmzSdDhyowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFhM2Y0YzlhLTI0ZTktNGYwZC1hMjM0LWZjYWMyMzVjYmY5YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFsnQ4wDQYJKoZIhvcNAQELBQADggEBAFGajkCcK4Yl+Yz0RfEtclLMVDIL
exeKeKZAR/N1HE6fCX1vBOZ9/A6JmKOuEsuxisYelO06rQTi63sMFSU4UoDWJYqB
7e7H1jY9Fnc4HxN/vuxYIJkIU6W1YZuRvbuoYVgMau8LvxCensH6QzoDYTBMHgay
ZGA6BHiDa3ii0DTjC/2V0Q66GhubqKH/TjxnJlOXPYjkgrxDQKS35uGRS8fxnMHV
wEoyDUWOjs0tRX4ESuOpKsZZGqUVNiwl2ocrgKhAr8waFuAXuRNL9b4dzike7Byl
8k/1VeUys2ukVfaAC1NnIeHgDd1ng6AgQYI3xKFV9u6c/OpUAsmNycqrc1o=
-----END CERTIFICATE-----