Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1f640322-9a92-4bcb-aaa0-d82164c62f1a.roa
File:                     1f640322-9a92-4bcb-aaa0-d82164c62f1a.roa (raw, json)
Hash identifier:          jxp7jtYV27RjYdQJocSP+vNXIg2aslPduyFSC7NIuGI=
Subject key identifier:   CE:E3:FA:99:F4:29:BD:28:1F:83:11:8E:AB:41:BF:7F:EB:F1:8A:F1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       51C17760D7FD81484FCC16E6009FEB4C0AE71652
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1f640322-9a92-4bcb-aaa0-d82164c62f1a.roa
Signing time:             Mon 20 Oct 2025 02:00:48 +0000
ROA not before:           Mon 20 Oct 2025 02:00:48 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.120.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:c1:77:60:d7:fd:81:48:4f:cc:16:e6:00:9f:eb:4c:0a:e7:16:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 02:00:48 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=224d33946c900cd7b2b06f204f2f52f59ac1867c64bcfcfbc409155f48449607, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:38:96:37:15:97:22:b0:ba:77:07:23:bc:d3:
                    59:69:62:b1:56:67:eb:99:9c:86:ef:47:8d:52:90:
                    45:b4:4b:18:0f:be:a7:e5:3e:63:9f:b4:4b:60:39:
                    d4:5b:c4:86:00:da:aa:fa:6c:56:39:30:08:05:a4:
                    86:c4:00:34:f2:65:2f:73:53:b5:5c:34:71:e8:31:
                    87:28:c0:2a:30:96:82:35:0b:8d:c6:db:02:ed:ce:
                    73:51:93:ac:db:db:9e:16:cc:24:50:66:e8:7a:75:
                    fe:63:f6:19:50:c1:44:7f:40:2a:ee:52:73:e4:f5:
                    39:3a:df:5d:3f:53:ea:c2:14:00:33:19:af:79:e9:
                    7d:3e:22:26:72:dd:ed:eb:8e:20:63:4f:50:54:60:
                    74:ae:05:2b:97:23:97:1b:5d:d1:22:0e:15:6e:c4:
                    a8:5e:7f:43:4f:56:17:ab:08:fc:0e:52:a2:ff:61:
                    bb:dc:b1:ef:9b:6e:db:84:9f:b8:e0:f7:1d:30:cd:
                    a5:c6:73:62:e3:d4:6b:94:60:a7:14:14:22:ee:d3:
                    0b:51:d3:24:c8:75:33:bc:94:76:10:7c:9d:86:58:
                    60:2d:84:e7:31:08:2e:bb:90:94:cf:ea:25:d5:3a:
                    d7:55:f1:36:07:65:45:e4:82:1c:24:3b:42:1d:96:
                    fa:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:E3:FA:99:F4:29:BD:28:1F:83:11:8E:AB:41:BF:7F:EB:F1:8A:F1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1f640322-9a92-4bcb-aaa0-d82164c62f1a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:b1:18:2e:94:8d:0b:9f:58:00:04:ed:d2:ab:9d:9b:24:ed:
         4c:b3:2b:78:9f:86:07:71:c3:82:12:97:db:d3:33:a5:a6:01:
         49:e2:78:95:56:43:18:3f:f2:6f:f7:44:b4:ae:7d:38:51:ca:
         40:c1:bb:7d:f7:89:4d:ee:b7:57:44:50:cc:4e:8d:6b:a5:fa:
         43:6f:e0:92:86:27:c8:6c:9f:ad:36:e1:ba:2e:ca:42:cc:17:
         1e:42:db:de:d6:52:e3:bb:79:39:8e:b3:a6:d8:ee:da:0a:67:
         3c:06:07:f9:98:81:12:60:a2:3c:92:a3:66:3c:3e:7a:d9:e3:
         2b:02:e5:3e:34:6a:be:75:fe:28:53:42:cb:bf:25:3d:c8:8f:
         7b:17:1d:7c:12:b4:48:dd:b7:21:2c:7d:ba:95:91:6f:5c:bf:
         0e:c0:91:44:68:4e:a8:1f:d5:cd:a6:5b:5a:4a:1a:68:62:4a:
         7b:72:de:d0:a6:16:52:07:e5:34:80:8b:7f:df:9b:f3:e5:76:
         b4:7f:cf:62:c4:3e:ab:4f:84:a5:14:3f:0e:58:38:5f:d3:e8:
         30:8d:30:13:df:b4:e8:c7:8d:6a:4b:db:be:9e:4b:1d:16:d0:
         17:0d:81:15:27:92:e0:3e:0e:da:1b:53:6c:77:53:e3:71:e2:
         59:a3:96:f4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUcF3YNf9gUhPzBbmAJ/rTArnFlIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDIwMDQ4WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMjRkMzM5NDZjOTAwY2Q3YjJiMDZmMjA0ZjJmNTJmNTlh
YzE4NjdjNjRiY2ZjZmJjNDA5MTU1ZjQ4NDQ5NjA3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMOJY3FZcisLp3ByO801lpYrFWZ+uZnIbvR41SkEW0SxgP
vqflPmOftEtgOdRbxIYA2qr6bFY5MAgFpIbEADTyZS9zU7VcNHHoMYcowCowloI1
C43G2wLtznNRk6zb254WzCRQZuh6df5j9hlQwUR/QCruUnPk9Tk6310/U+rCFAAz
Ga956X0+IiZy3e3rjiBjT1BUYHSuBSuXI5cbXdEiDhVuxKhef0NPVherCPwOUqL/
Ybvcse+bbtuEn7jg9x0wzaXGc2Lj1GuUYKcUFCLu0wtR0yTIdTO8lHYQfJ2GWGAt
hOcxCC67kJTP6iXVOtdV8TYHZUXkghwkO0IdlvrFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzuP6mfQpvSgfgxGOq0G/f+vxivEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFmNjQwMzIyLTlhOTItNGJjYi1hYWEwLWQ4MjE2NGM2MmYxYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnngwDQYJKoZIhvcNAQELBQADggEBAECxGC6UjQufWAAE7dKrnZsk7Uyz
K3ifhgdxw4ISl9vTM6WmAUnieJVWQxg/8m/3RLSufThRykDBu333iU3ut1dEUMxO
jWul+kNv4JKGJ8hsn6024bouykLMFx5C297WUuO7eTmOs6bY7toKZzwGB/mYgRJg
ojySo2Y8PnrZ4ysC5T40ar51/ihTQsu/JT3Ij3sXHXwStEjdtyEsfbqVkW9cvw7A
kURoTqgf1c2mW1pKGmhiSnty3tCmFlIH5TSAi3/fm/PldrR/z2LEPqtPhKUUPw5Y
OF/T6DCNMBPftOjHjWpL276eSx0W0BcNgRUnkuA+DtobU2x3U+Nx4lmjlvQ=
-----END CERTIFICATE-----