Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21a443e4-610d-45f5-b99c-9654287f502c.roa
File:                     21a443e4-610d-45f5-b99c-9654287f502c.roa (raw, json)
Hash identifier:          tIEW6yQgRtC3DNEaKiJILE3X5vhh+lq/xCMcu2GiMkI=
Subject key identifier:   62:10:E3:B7:EB:1D:A2:D6:B4:C1:ED:7E:96:66:34:42:AC:E3:06:96
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       34C00F75887B1027A8CD16ED8ADFECBB250DC8CC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21a443e4-610d-45f5-b99c-9654287f502c.roa
Signing time:             Mon 20 Oct 2025 05:00:08 +0000
ROA not before:           Mon 20 Oct 2025 05:00:08 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.157.144.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:c0:0f:75:88:7b:10:27:a8:cd:16:ed:8a:df:ec:bb:25:0d:c8:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 05:00:08 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=fa62040e3dcd659be5bf4b8694c87e6c5f1f61d2953234ec5b572771dfeeedf1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:e5:54:fc:8a:d9:62:41:c3:64:5e:26:aa:26:
                    f6:fa:8d:8b:c7:4d:b7:20:d6:4c:c7:67:07:d0:22:
                    8e:79:44:cb:c6:06:a9:56:03:0f:66:9e:ac:97:7a:
                    ad:a4:fc:c7:ae:49:8c:9f:d7:55:7c:76:46:63:c7:
                    ba:1a:c5:47:63:a1:a0:fe:96:29:a9:c5:24:e0:f5:
                    17:ac:a5:93:5e:c0:66:3a:4d:ed:51:91:36:77:5b:
                    06:e3:d6:f3:64:4d:06:39:f4:26:67:7a:a5:aa:e4:
                    6b:64:71:9f:f2:cc:dc:1b:18:75:9c:3a:63:be:10:
                    60:69:84:58:17:c7:57:73:9f:41:62:e8:45:2b:2a:
                    f4:64:c5:7e:59:c1:a2:6b:c5:04:84:e1:fd:a4:6b:
                    e5:6a:9a:ff:d2:cb:c5:88:82:cc:0d:e9:13:59:a6:
                    14:34:72:66:b4:dc:67:43:ca:e2:9b:2d:31:3a:72:
                    54:28:c4:2c:e0:15:84:06:2a:cc:a7:68:c7:20:95:
                    b7:3a:ff:59:9f:b1:40:40:00:b6:cd:c9:00:81:70:
                    0e:96:bb:03:10:78:10:4d:c8:00:ee:b4:6c:cc:7a:
                    1e:73:ce:59:30:a6:d0:a3:d0:27:20:c5:4b:73:70:
                    6e:36:ba:8d:c4:4a:13:5e:99:95:a0:00:9a:b5:30:
                    fc:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:10:E3:B7:EB:1D:A2:D6:B4:C1:ED:7E:96:66:34:42:AC:E3:06:96
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/21a443e4-610d-45f5-b99c-9654287f502c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.157.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:0a:4e:e6:93:d9:35:1c:12:e2:9e:c7:0a:93:c7:83:2f:90:
         c4:fa:ed:e6:3a:bc:4f:05:34:83:1e:60:9b:f3:72:e1:24:c4:
         a6:5f:e8:2e:e7:bd:c2:31:1f:2f:77:64:03:e8:97:79:7f:2a:
         71:7c:7d:f4:bd:23:b2:92:c9:20:41:a0:a5:ea:1a:38:fd:f5:
         57:4c:6f:c8:f6:67:5a:25:13:7c:fe:fa:80:29:6c:d4:0d:51:
         3c:fb:72:cf:aa:57:56:90:4d:b8:67:6d:a9:de:10:b3:9d:cd:
         8b:e2:55:18:73:95:53:33:2a:82:45:21:87:60:d5:a5:eb:b1:
         2a:34:41:25:97:49:64:a5:19:82:a1:52:4d:79:9a:fd:5f:66:
         1a:60:c3:59:9d:f6:cf:af:f5:ca:33:43:70:36:1c:5a:33:46:
         05:44:6c:0d:58:ec:f1:83:2b:ad:57:b5:b3:2e:0f:88:4e:73:
         50:2b:30:97:3b:f9:54:2c:00:81:98:28:2f:eb:b2:55:f4:1d:
         2d:d7:86:56:af:37:10:dc:b3:65:6f:79:81:b9:b7:57:3b:19:
         fb:22:6d:50:74:ef:7a:2f:e4:df:9f:99:6d:15:f1:ea:28:47:
         40:63:62:c2:8e:75:09:b4:14:c7:86:b6:27:f1:9e:d8:7b:84:
         38:0d:b0:d3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNMAPdYh7ECeozRbtit/suyUNyMwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDUwMDA4WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmYTYyMDQwZTNkY2Q2NTliZTViZjRiODY5NGM4N2U2YzVm
MWY2MWQyOTUzMjM0ZWM1YjU3Mjc3MWRmZWVlZGYxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQ5VT8itliQcNkXiaqJvb6jYvHTbcg1kzHZwfQIo55RMvG
BqlWAw9mnqyXeq2k/MeuSYyf11V8dkZjx7oaxUdjoaD+limpxSTg9RespZNewGY6
Te1RkTZ3Wwbj1vNkTQY59CZneqWq5GtkcZ/yzNwbGHWcOmO+EGBphFgXx1dzn0Fi
6EUrKvRkxX5ZwaJrxQSE4f2ka+Vqmv/Sy8WIgswN6RNZphQ0cma03GdDyuKbLTE6
clQoxCzgFYQGKsynaMcglbc6/1mfsUBAALbNyQCBcA6WuwMQeBBNyADutGzMeh5z
zlkwptCj0CcgxUtzcG42uo3EShNemZWgAJq1MPx3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYhDjt+sdota0we1+lmY0QqzjBpYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIxYTQ0M2U0LTYxMGQtNDVmNS1iOTljLTk2NTQyODdmNTAyYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJsnZAwDQYJKoZIhvcNAQELBQADggEBAGQKTuaT2TUcEuKexwqTx4MvkMT6
7eY6vE8FNIMeYJvzcuEkxKZf6C7nvcIxHy93ZAPol3l/KnF8ffS9I7KSySBBoKXq
Gjj99VdMb8j2Z1olE3z++oApbNQNUTz7cs+qV1aQTbhnbaneELOdzYviVRhzlVMz
KoJFIYdg1aXrsSo0QSWXSWSlGYKhUk15mv1fZhpgw1md9s+v9cozQ3A2HFozRgVE
bA1Y7PGDK61XtbMuD4hOc1ArMJc7+VQsAIGYKC/rslX0HS3XhlavNxDcs2VveYG5
t1c7GfsibVB073ov5N+fmW0V8eooR0BjYsKOdQm0FMeGtifxnth7hDgNsNM=
-----END CERTIFICATE-----