Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1d77390d-ed05-4dec-9dc1-fe5c62409bc5.roa
File:                     1d77390d-ed05-4dec-9dc1-fe5c62409bc5.roa (raw, json)
Hash identifier:          j5zzq8Esz+p+4ryebFNx1DsC6/dDhXY+q1Qr46RjbGQ=
Subject key identifier:   D9:01:DC:0D:E9:64:91:4A:97:21:E7:43:51:3B:07:C9:00:8D:7F:D8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       01E6E9C8DB269DFFEF63EF2C896B4CF71B7D25B6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1d77390d-ed05-4dec-9dc1-fe5c62409bc5.roa
Signing time:             Mon 20 Oct 2025 00:52:16 +0000
ROA not before:           Mon 20 Oct 2025 00:52:16 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.157.201.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:e6:e9:c8:db:26:9d:ff:ef:63:ef:2c:89:6b:4c:f7:1b:7d:25:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 00:52:16 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=5a2f3268431ff5ec11c83222a38e2f496a7e6362b9b698fa8b37a6199c03d3cb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:3e:2c:94:dd:9f:99:50:6d:35:a3:3b:dd:47:
                    39:fe:be:59:3a:d6:ab:d6:c2:2f:12:72:a9:db:3f:
                    d3:ee:5a:b9:e2:41:8a:93:cb:e7:20:97:24:89:5b:
                    9f:52:5f:ae:f6:d4:f1:db:38:3e:a3:95:c7:99:0a:
                    dc:70:5f:69:08:c3:51:db:40:22:22:01:e9:24:aa:
                    2e:a8:2c:f1:83:bd:4c:34:f6:6f:56:63:87:6c:20:
                    7c:30:d3:f7:14:45:5c:38:a8:a4:0a:0f:04:71:2d:
                    d1:48:5f:44:35:d2:b0:50:95:cf:b1:70:a4:45:69:
                    a0:a6:e1:b7:65:c8:70:aa:bf:07:ff:15:70:6c:46:
                    de:15:fb:8c:ea:37:b1:2c:1c:01:f0:d9:02:a5:09:
                    62:3c:c9:f2:96:20:a0:ab:d1:fe:0f:0a:81:0b:a3:
                    cc:03:63:84:c1:4d:e2:7a:dd:d2:26:40:a0:ac:d2:
                    57:56:90:9d:9c:81:89:b4:31:e3:35:f0:51:46:fa:
                    d2:d6:74:1c:8a:b5:5c:1f:d5:e8:7d:ff:ec:f2:7b:
                    3c:74:c2:dc:ee:9b:42:47:7b:ee:28:2a:be:52:fd:
                    2b:89:c1:0d:9e:0e:9d:6e:ed:84:07:95:0d:75:e7:
                    e9:31:26:b1:26:c2:9e:05:f5:36:f1:ad:60:fd:79:
                    71:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:01:DC:0D:E9:64:91:4A:97:21:E7:43:51:3B:07:C9:00:8D:7F:D8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1d77390d-ed05-4dec-9dc1-fe5c62409bc5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.157.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:7c:7a:4f:ea:9f:30:5f:55:85:99:05:e2:85:91:a6:46:1f:
         30:17:35:74:d8:dc:92:7a:1e:40:46:f3:15:43:24:9e:fe:c7:
         83:33:11:11:d6:e2:5f:cc:5b:62:4f:8c:b3:81:7a:6e:0c:2a:
         f2:5f:a8:4b:b3:79:a3:cc:73:5a:3c:83:67:7c:22:9c:08:d1:
         b3:4a:33:15:d1:28:90:8b:26:a1:1c:86:2a:08:f1:38:ca:a0:
         77:37:b6:f7:09:5a:08:43:90:44:69:88:3d:a7:7c:1f:de:af:
         c9:16:08:75:0d:52:1a:69:62:23:93:7b:22:23:ae:a0:27:97:
         7d:1c:64:1f:53:8a:19:28:79:e2:3a:2f:da:d6:35:4b:fb:a6:
         ec:f5:ff:60:bb:b0:81:f8:df:ed:09:ad:aa:4b:10:c8:29:e6:
         b4:fa:00:bc:55:ff:8e:a3:0e:df:02:f2:b5:cd:eb:55:41:55:
         04:23:4b:b4:b0:bb:92:7c:b4:0e:16:99:2d:71:9e:5d:ec:de:
         af:6a:e0:0a:68:e3:e5:32:e2:3f:50:ce:d6:5e:cb:04:28:f3:
         81:1a:30:da:02:6d:db:90:86:01:cc:66:a7:1e:de:f2:8b:8b:
         bd:59:7e:ef:58:59:c5:aa:00:69:65:6f:08:94:73:27:08:ef:
         1b:ab:5a:f7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAebpyNsmnf/vY+8siWtM9xt9JbYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDA1MjE2WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YTJmMzI2ODQzMWZmNWVjMTFjODMyMjJhMzhlMmY0OTZh
N2U2MzYyYjliNjk4ZmE4YjM3YTYxOTljMDNkM2NiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/PiyU3Z+ZUG01ozvdRzn+vlk61qvWwi8ScqnbP9PuWrni
QYqTy+cglySJW59SX6721PHbOD6jlceZCtxwX2kIw1HbQCIiAekkqi6oLPGDvUw0
9m9WY4dsIHww0/cURVw4qKQKDwRxLdFIX0Q10rBQlc+xcKRFaaCm4bdlyHCqvwf/
FXBsRt4V+4zqN7EsHAHw2QKlCWI8yfKWIKCr0f4PCoELo8wDY4TBTeJ63dImQKCs
0ldWkJ2cgYm0MeM18FFG+tLWdByKtVwf1eh9/+zyezx0wtzum0JHe+4oKr5S/SuJ
wQ2eDp1u7YQHlQ115+kxJrEmwp4F9TbxrWD9eXFVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2QHcDelkkUqXIedDUTsHyQCNf9gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFkNzczOTBkLWVkMDUtNGRlYy05ZGMxLWZlNWM2MjQwOWJjNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnckwDQYJKoZIhvcNAQELBQADggEBAB98ek/qnzBfVYWZBeKFkaZGHzAX
NXTY3JJ6HkBG8xVDJJ7+x4MzERHW4l/MW2JPjLOBem4MKvJfqEuzeaPMc1o8g2d8
IpwI0bNKMxXRKJCLJqEchioI8TjKoHc3tvcJWghDkERpiD2nfB/er8kWCHUNUhpp
YiOTeyIjrqAnl30cZB9TihkoeeI6L9rWNUv7puz1/2C7sIH43+0JrapLEMgp5rT6
ALxV/46jDt8C8rXN61VBVQQjS7Swu5J8tA4WmS1xnl3s3q9q4Apo4+Uy4j9QztZe
ywQo84EaMNoCbduQhgHMZqce3vKLi71Zfu9YWcWqAGllbwiUcycI7xurWvc=
-----END CERTIFICATE-----