Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1dd420fb-535f-4335-92b7-a467ac0c3a76.roa
File:                     1dd420fb-535f-4335-92b7-a467ac0c3a76.roa (raw, json)
Hash identifier:          M/7z4fbBwXI4r4zB+hIxEhWbJXAIgIBCIeBrpvVk+1U=
Subject key identifier:   10:EF:F9:CA:7B:0B:AD:28:9C:16:F4:0B:C4:3E:68:B0:A7:9F:FB:CC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2E7D1DE322B724FAF6FE7F7677D5D1B36FFB37A5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1dd420fb-535f-4335-92b7-a467ac0c3a76.roa
Signing time:             Mon 20 Oct 2025 06:10:08 +0000
ROA not before:           Mon 20 Oct 2025 06:10:08 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.166.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:7d:1d:e3:22:b7:24:fa:f6:fe:7f:76:77:d5:d1:b3:6f:fb:37:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 06:10:08 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=a486568bc4a271f0eb5dae15b5b112edf9763a5ad8c824a3c43e9f687d05b1f3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:69:47:04:eb:25:80:67:74:4c:8e:74:fb:37:
                    1f:79:31:53:bb:de:06:7f:6e:1a:9f:90:6e:1c:80:
                    4d:fa:b2:a8:bc:27:ba:57:fc:b9:b4:6b:5f:41:8c:
                    c9:16:01:b1:f5:90:7e:df:68:c5:7d:f4:47:49:d9:
                    a2:b6:5b:ee:5c:b7:d4:da:c9:0a:90:eb:ad:e2:0c:
                    5c:5a:27:a9:2a:3a:18:a3:dd:a2:46:11:30:df:d7:
                    0e:83:93:d5:3a:a6:d7:f6:4a:ec:53:dd:40:c3:f3:
                    6a:ae:13:42:b5:e2:0f:35:0e:75:f0:61:fb:d4:c4:
                    47:c4:51:02:b1:d7:c7:22:f7:ff:f0:5e:d2:f0:c3:
                    db:17:b5:6f:80:ff:33:22:5d:f7:80:96:32:fd:26:
                    28:05:e2:97:00:a1:88:ef:6a:58:a1:16:50:1d:73:
                    5e:c3:0a:e2:af:fe:50:e9:24:94:8d:a1:37:db:0b:
                    96:1b:1c:2a:d8:e9:75:ee:0a:65:13:6a:c4:5a:87:
                    0e:1c:69:46:a5:e4:fd:55:6d:d6:7c:97:be:67:89:
                    a0:08:60:20:e9:39:e1:5e:9c:1c:12:d6:3e:81:5d:
                    a6:92:91:69:cc:67:0c:07:ea:22:ac:d3:9b:61:d9:
                    1c:99:ee:57:73:3a:cc:25:de:1b:2c:f3:2d:db:dd:
                    8a:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:EF:F9:CA:7B:0B:AD:28:9C:16:F4:0B:C4:3E:68:B0:A7:9F:FB:CC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1dd420fb-535f-4335-92b7-a467ac0c3a76.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:ea:7c:58:12:a5:b7:e8:6e:78:aa:70:00:49:d7:39:b6:13:
         66:33:e6:39:d3:ff:f8:ec:eb:5c:00:f2:5f:93:e3:87:b6:13:
         89:4d:49:63:13:78:85:ab:96:e4:b7:7c:fd:df:d0:f4:5a:91:
         af:f6:ab:e0:3b:67:0d:6c:7b:2a:33:12:7b:77:41:a3:f7:0a:
         c5:04:a2:f0:fa:d4:9e:2c:f0:7a:77:c2:0f:89:ff:5a:b7:4e:
         3c:3c:4b:34:7e:4c:eb:4e:79:e8:af:12:4e:6b:29:75:1a:cd:
         9d:08:19:f4:3e:f6:11:61:54:d2:3f:b8:20:63:56:39:70:b5:
         2e:65:29:41:cd:50:76:67:6f:5c:e2:98:3d:54:00:ec:99:6b:
         90:76:5b:7f:cf:ed:d6:da:97:b5:fa:b9:32:0c:d0:e3:c6:a0:
         b5:d6:8c:f9:dc:d0:26:50:8a:d0:b0:dd:25:66:7b:ac:25:05:
         da:03:4a:05:21:6f:64:9c:c2:b2:4d:6b:e6:3b:4a:d3:e3:85:
         95:c9:4b:01:3d:c9:5d:62:12:18:7a:23:53:6f:81:ec:9f:fe:
         9c:6d:40:fa:3e:19:73:f3:0f:6d:4c:11:df:09:b7:28:5f:7e:
         31:e1:28:a8:0b:44:4a:44:d9:7e:27:f8:8a:4a:74:78:da:4e:
         84:28:bd:56
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULn0d4yK3JPr2/n92d9XRs2/7N6UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDYxMDA4WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNDg2NTY4YmM0YTI3MWYwZWI1ZGFlMTViNWIxMTJlZGY5
NzYzYTVhZDhjODI0YTNjNDNlOWY2ODdkMDViMWYzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7aUcE6yWAZ3RMjnT7Nx95MVO73gZ/bhqfkG4cgE36sqi8
J7pX/Lm0a19BjMkWAbH1kH7faMV99EdJ2aK2W+5ct9TayQqQ663iDFxaJ6kqOhij
3aJGETDf1w6Dk9U6ptf2SuxT3UDD82quE0K14g81DnXwYfvUxEfEUQKx18ci9//w
XtLww9sXtW+A/zMiXfeAljL9JigF4pcAoYjvalihFlAdc17DCuKv/lDpJJSNoTfb
C5YbHCrY6XXuCmUTasRahw4caUal5P1VbdZ8l75niaAIYCDpOeFenBwS1j6BXaaS
kWnMZwwH6iKs05th2RyZ7ldzOswl3hss8y3b3YrzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEO/5ynsLrSicFvQLxD5osKef+8wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFkZDQyMGZiLTUzNWYtNDMzNS05MmI3LWE0NjdhYzBjM2E3Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnqYwDQYJKoZIhvcNAQELBQADggEBAA3qfFgSpbfobniqcABJ1zm2E2Yz
5jnT//js61wA8l+T44e2E4lNSWMTeIWrluS3fP3f0PRaka/2q+A7Zw1seyozEnt3
QaP3CsUEovD61J4s8Hp3wg+J/1q3Tjw8SzR+TOtOeeivEk5rKXUazZ0IGfQ+9hFh
VNI/uCBjVjlwtS5lKUHNUHZnb1zimD1UAOyZa5B2W3/P7dbal7X6uTIM0OPGoLXW
jPnc0CZQitCw3SVme6wlBdoDSgUhb2ScwrJNa+Y7StPjhZXJSwE9yV1iEhh6I1Nv
geyf/pxtQPo+GXPzD21MEd8JtyhffjHhKKgLREpE2X4n+IpKdHjaToQovVY=
-----END CERTIFICATE-----