Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1cfe272e-45d0-489c-a8d7-6f59c93ca88d.roa
File:                     1cfe272e-45d0-489c-a8d7-6f59c93ca88d.roa (raw, json)
Hash identifier:          KeEbjpZrXr1pLfxH2ftWYqrDmCdVtTl1KxcFi4t8xTE=
Subject key identifier:   C1:84:2B:EA:1F:2B:CD:37:FC:CD:38:64:23:97:26:63:DF:34:A4:9B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1EAE1F2E92F7FB3B53848DF14BA0E8B0981B9B7A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1cfe272e-45d0-489c-a8d7-6f59c93ca88d.roa
Signing time:             Mon 20 Oct 2025 06:20:59 +0000
ROA not before:           Mon 20 Oct 2025 06:20:59 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.159.112.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:ae:1f:2e:92:f7:fb:3b:53:84:8d:f1:4b:a0:e8:b0:98:1b:9b:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 06:20:59 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=65f9999d3747990166545aef0a847b77b907f3b11ba1ea16a82f33af2bbafe84, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:72:8c:0d:c8:f2:3c:ce:0e:2c:a4:3f:b8:a4:
                    8f:43:91:03:79:90:cf:16:c3:19:bb:4e:32:15:36:
                    72:cc:ce:59:e0:d7:0d:36:d4:4a:2c:0f:be:22:d0:
                    27:89:8f:51:97:d3:a8:a7:41:41:a1:6a:76:b0:fd:
                    10:c0:3c:0b:35:68:c4:7f:36:1d:20:b5:42:22:fa:
                    ab:04:52:b2:2a:5a:53:28:5d:cf:8a:6a:c7:2d:4b:
                    2b:e5:b2:42:ea:d9:cd:08:6e:3b:10:8c:d5:d5:44:
                    d1:78:a6:8e:4d:90:c1:50:a4:c6:d5:5d:b0:aa:46:
                    c8:74:49:7e:62:8b:fe:e0:09:2f:b6:24:6b:de:e8:
                    0c:cd:2d:3c:65:73:3e:ad:3b:98:f4:31:84:b9:e8:
                    1d:c0:e3:7f:22:98:46:01:02:85:ca:55:33:7b:90:
                    f8:10:cc:f5:43:6a:a7:8d:ae:4b:13:bb:32:63:27:
                    ad:92:35:62:05:e8:6b:12:ac:91:84:7e:f7:cb:1e:
                    d1:0a:2a:9f:1d:2c:36:56:83:40:10:fe:ea:82:f7:
                    2e:2e:93:64:32:6a:81:31:10:f3:9f:4d:85:7d:73:
                    21:9a:46:0b:c9:df:ec:d4:1d:cc:61:87:2a:99:bf:
                    3d:94:7d:f8:af:cc:0d:66:92:8b:1e:cc:52:ef:84:
                    8e:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:84:2B:EA:1F:2B:CD:37:FC:CD:38:64:23:97:26:63:DF:34:A4:9B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1cfe272e-45d0-489c-a8d7-6f59c93ca88d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.159.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:d7:14:91:34:94:c3:45:34:78:ed:e8:b5:82:ba:ed:62:8b:
         87:f0:d7:36:1a:d6:ca:df:3c:7b:63:2c:0e:21:22:5c:1b:65:
         69:2a:6a:aa:0f:ec:c6:a9:ae:f2:b6:6e:8c:db:a2:4b:33:a0:
         53:b2:22:2e:74:7d:88:ea:00:1b:82:fe:4b:7c:f0:5d:79:20:
         fb:5e:c1:dd:4a:18:a7:c7:88:7e:51:f0:a8:c0:21:11:ba:1b:
         d6:ed:4f:2d:16:8f:17:f5:dc:fd:f2:36:de:32:00:1f:3a:cf:
         83:60:f3:82:2d:82:eb:af:66:2d:37:8d:4d:2f:e6:2c:46:d4:
         76:82:cd:27:34:e3:3a:ab:3f:b6:c8:e7:3d:1b:2c:17:66:25:
         f6:77:9a:db:db:df:2d:78:05:91:ad:aa:5b:45:38:57:f3:d5:
         86:c2:06:a2:f5:35:15:5c:7d:0f:28:6e:af:33:f8:51:65:05:
         39:7a:e6:71:c6:d4:02:11:73:30:ad:ae:da:3f:79:01:45:3d:
         08:5d:8c:28:d0:b3:6d:5e:78:a1:61:1f:fa:97:09:e3:d3:85:
         9f:d6:0a:32:d3:e6:ac:e8:33:95:a2:35:b8:be:26:25:a1:6a:
         9f:13:f5:68:12:72:b0:f4:35:d4:73:cb:e3:9a:8c:b1:ff:e2:
         de:32:52:0b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHq4fLpL3+ztThI3xS6DosJgbm3owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDYyMDU5WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NWY5OTk5ZDM3NDc5OTAxNjY1NDVhZWYwYTg0N2I3N2I5
MDdmM2IxMWJhMWVhMTZhODJmMzNhZjJiYmFmZTg0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRcowNyPI8zg4spD+4pI9DkQN5kM8Wwxm7TjIVNnLMzlng
1w021EosD74i0CeJj1GX06inQUGhanaw/RDAPAs1aMR/Nh0gtUIi+qsEUrIqWlMo
Xc+KasctSyvlskLq2c0IbjsQjNXVRNF4po5NkMFQpMbVXbCqRsh0SX5ii/7gCS+2
JGve6AzNLTxlcz6tO5j0MYS56B3A438imEYBAoXKVTN7kPgQzPVDaqeNrksTuzJj
J62SNWIF6GsSrJGEfvfLHtEKKp8dLDZWg0AQ/uqC9y4uk2QyaoExEPOfTYV9cyGa
RgvJ3+zUHcxhhyqZvz2UffivzA1mkosezFLvhI5JAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwYQr6h8rzTf8zThkI5cmY980pJswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFjZmUyNzJlLTQ1ZDAtNDg5Yy1hOGQ3LTZmNTljOTNjYTg4ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsn3AwDQYJKoZIhvcNAQELBQADggEBABnXFJE0lMNFNHjt6LWCuu1ii4fw
1zYa1srfPHtjLA4hIlwbZWkqaqoP7MaprvK2bozbokszoFOyIi50fYjqABuC/kt8
8F15IPtewd1KGKfHiH5R8KjAIRG6G9btTy0Wjxf13P3yNt4yAB86z4Ng84Itguuv
Zi03jU0v5ixG1HaCzSc04zqrP7bI5z0bLBdmJfZ3mtvb3y14BZGtqltFOFfz1YbC
BqL1NRVcfQ8obq8z+FFlBTl65nHG1AIRczCtrto/eQFFPQhdjCjQs21eeKFhH/qX
CePThZ/WCjLT5qzoM5WiNbi+JiWhap8T9WgScrD0NdRzy+OajLH/4t4yUgs=
-----END CERTIFICATE-----