Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1f66f7e4-4f8f-4900-bbac-2d9eff095f91.roa
File:                     1f66f7e4-4f8f-4900-bbac-2d9eff095f91.roa (raw, json)
Hash identifier:          muTRapIgLwRki5Y6k0Dqx3mYznrZGHOBSYxaKY7fobg=
Subject key identifier:   16:1F:51:48:DD:C4:F7:A1:63:1C:D9:04:A1:33:95:9D:EB:38:DB:A9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1E3D827EF02DCF91BF606D20FF912D39D65FCC39
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1f66f7e4-4f8f-4900-bbac-2d9eff095f91.roa
Signing time:             Mon 20 Oct 2025 06:01:36 +0000
ROA not before:           Mon 20 Oct 2025 06:01:36 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.156.96.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:3d:82:7e:f0:2d:cf:91:bf:60:6d:20:ff:91:2d:39:d6:5f:cc:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 06:01:36 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=f53c700fa39981da027aacd76895026bbe6216cfbcb4a3c596a78b2433faa6e4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:db:64:93:79:6b:bc:79:63:6d:a8:62:97:eb:
                    7b:c2:8b:94:8c:d2:83:d0:9f:fb:b5:4b:43:a3:2a:
                    aa:59:8b:73:cf:b6:9c:3b:5c:28:87:28:9d:40:2f:
                    8c:8d:61:4d:49:cc:fa:dc:11:3a:37:9b:6e:c9:e9:
                    f8:50:f8:b3:e3:78:ce:79:af:36:89:09:3c:ee:6f:
                    66:1f:29:5d:31:f0:56:0f:79:3c:c5:91:c9:f1:78:
                    1d:3f:ee:07:86:1a:b3:75:b4:e3:48:df:1a:1e:fe:
                    b3:81:8e:fb:d7:b6:1b:9c:f3:2b:84:ee:9d:c6:f9:
                    7a:2e:ec:29:95:c5:1d:c1:6d:28:10:2d:dd:cd:3c:
                    50:c9:f8:eb:1b:c4:eb:db:83:6c:8f:d1:0c:5f:36:
                    8e:e8:28:31:81:a6:88:a6:03:c2:2a:74:86:81:96:
                    28:39:8f:d2:75:95:97:a1:f2:88:50:e6:f0:3c:d7:
                    52:de:fc:2c:8f:81:da:46:4f:95:df:9d:80:99:a4:
                    88:62:07:68:d1:4d:e0:66:48:28:55:ac:9e:86:df:
                    96:98:0e:42:de:52:cc:78:4d:e5:92:b4:e5:56:cd:
                    2b:50:01:48:ea:fc:34:4c:99:87:91:01:93:db:bb:
                    23:e1:53:e6:91:f2:70:16:57:62:b9:0a:be:d1:4f:
                    ef:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:1F:51:48:DD:C4:F7:A1:63:1C:D9:04:A1:33:95:9D:EB:38:DB:A9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1f66f7e4-4f8f-4900-bbac-2d9eff095f91.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.156.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         16:44:22:c9:19:9b:30:05:a2:22:73:2b:6b:f1:df:94:a4:aa:
         0c:2d:91:24:72:69:d2:da:69:04:39:1c:de:79:3a:62:ce:24:
         b6:07:ae:be:4e:99:45:e3:fa:3a:4b:68:0c:57:da:00:6f:16:
         00:29:a2:b4:de:c4:30:f6:0d:31:4f:3e:f4:d8:cc:ef:42:4e:
         3a:82:d7:69:f0:e7:f7:fb:2e:00:ff:d4:e3:43:2a:72:a7:d7:
         cb:f4:a3:2a:84:0f:05:b7:42:ea:67:55:de:0f:1c:08:54:4b:
         8e:65:98:c3:cf:13:1a:fb:e6:13:a9:bd:f0:2e:bc:a2:12:44:
         34:a2:12:0d:dd:60:42:3a:ed:6e:81:66:3b:bc:1e:c9:f0:3a:
         fd:19:22:92:c8:e3:d5:28:e8:94:92:91:cb:c0:d7:db:9a:61:
         16:f8:18:bf:de:a8:cb:af:38:e3:3d:f0:27:19:d9:76:78:45:
         8a:de:29:91:8e:b7:a9:3b:d0:08:c3:f0:02:32:97:05:98:50:
         50:63:f2:f9:17:ae:5d:f8:9b:55:ce:62:81:43:ec:d0:28:cf:
         01:1a:8b:1f:ee:65:fc:88:03:02:e0:75:9f:92:77:9f:be:8a:
         fc:74:90:21:3f:06:25:77:e6:f1:02:9d:d8:4e:35:b7:bd:f3:
         55:6e:10:b3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHj2CfvAtz5G/YG0g/5EtOdZfzDkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDYwMTM2WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNTNjNzAwZmEzOTk4MWRhMDI3YWFjZDc2ODk1MDI2YmJl
NjIxNmNmYmNiNGEzYzU5NmE3OGIyNDMzZmFhNmU0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDl22STeWu8eWNtqGKX63vCi5SM0oPQn/u1S0OjKqpZi3PP
tpw7XCiHKJ1AL4yNYU1JzPrcETo3m27J6fhQ+LPjeM55rzaJCTzub2YfKV0x8FYP
eTzFkcnxeB0/7geGGrN1tONI3xoe/rOBjvvXthuc8yuE7p3G+Xou7CmVxR3BbSgQ
Ld3NPFDJ+OsbxOvbg2yP0QxfNo7oKDGBpoimA8IqdIaBlig5j9J1lZeh8ohQ5vA8
11Le/CyPgdpGT5XfnYCZpIhiB2jRTeBmSChVrJ6G35aYDkLeUsx4TeWStOVWzStQ
AUjq/DRMmYeRAZPbuyPhU+aR8nAWV2K5Cr7RT+/7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFh9RSN3E96FjHNkEoTOVnes426kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFmNjZmN2U0LTRmOGYtNDkwMC1iYmFjLTJkOWVmZjA5NWY5MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARsnGAwDQYJKoZIhvcNAQELBQADggEBABZEIskZmzAFoiJzK2vx35Skqgwt
kSRyadLaaQQ5HN55OmLOJLYHrr5OmUXj+jpLaAxX2gBvFgAporTexDD2DTFPPvTY
zO9CTjqC12nw5/f7LgD/1ONDKnKn18v0oyqEDwW3QupnVd4PHAhUS45lmMPPExr7
5hOpvfAuvKISRDSiEg3dYEI67W6BZju8HsnwOv0ZIpLI49Uo6JSSkcvA19uaYRb4
GL/eqMuvOOM98CcZ2XZ4RYreKZGOt6k70AjD8AIylwWYUFBj8vkXrl34m1XOYoFD
7NAozwEaix/uZfyIAwLgdZ+Sd5++ivx0kCE/BiV35vECndhONbe981VuELM=
-----END CERTIFICATE-----