Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28e947b7-f583-4e2d-9c4e-9ff47cf53017.roa
File:                     28e947b7-f583-4e2d-9c4e-9ff47cf53017.roa (raw, json)
Hash identifier:          wtKbAa5oPz7dLrzEIlbk+QUFiUhMWucaIP5E4EIQCj0=
Subject key identifier:   1C:94:0B:96:8A:81:94:49:AB:38:EE:BE:C6:6B:45:25:AA:FD:D7:8C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6593AB4C9189F9E97D7719191A9AD36685E4D908
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28e947b7-f583-4e2d-9c4e-9ff47cf53017.roa
Signing time:             Mon 20 Oct 2025 01:20:48 +0000
ROA not before:           Mon 20 Oct 2025 01:20:48 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.124.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:93:ab:4c:91:89:f9:e9:7d:77:19:19:1a:9a:d3:66:85:e4:d9:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 01:20:48 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=d02b7f4ef8a70e0c7ad7fba05ed9d8e4b4bbde11b16fd6e4a75fb5ad7f5baf0f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a2:f2:5a:90:46:56:fd:ba:fb:e4:fe:b9:f2:
                    c6:04:62:01:4f:6b:ed:d4:9d:a4:38:be:d7:87:4c:
                    34:ee:37:c4:be:80:1f:bc:3d:0f:80:f1:dc:33:2c:
                    89:13:73:cd:29:38:c3:6c:14:40:a8:f0:81:c0:69:
                    3d:c4:71:53:e8:43:54:f6:f2:9d:0c:6f:ee:d2:f3:
                    f6:39:b8:26:e2:03:96:fe:b4:06:68:f3:ce:4e:e8:
                    b2:60:c3:a9:73:8c:06:ec:ab:56:56:4d:c4:7f:2d:
                    3f:53:25:45:e8:05:21:29:60:c2:11:d3:57:3a:b0:
                    6a:0a:9b:02:9c:28:83:5e:29:21:f5:97:ed:f0:6d:
                    72:83:cc:af:ea:95:6a:91:36:3a:70:ab:65:4f:55:
                    ce:83:f4:ae:2a:86:2b:46:6c:73:11:f8:86:20:8f:
                    aa:1b:29:71:9b:b2:a1:0a:70:1c:8c:e1:65:8d:5b:
                    f5:02:33:b0:15:c1:13:a3:9a:2e:b3:8e:d6:e3:c2:
                    9a:da:e1:f1:e8:33:73:0d:76:a7:f2:cf:a9:74:51:
                    18:b3:7c:8f:22:bc:31:13:25:58:76:11:7e:dd:d8:
                    ce:7b:fa:f1:c1:c0:af:c1:9c:21:9b:43:d1:f5:58:
                    7c:30:d4:c5:97:03:2b:3e:7c:cd:7b:e3:dc:99:7c:
                    1a:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:94:0B:96:8A:81:94:49:AB:38:EE:BE:C6:6B:45:25:AA:FD:D7:8C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28e947b7-f583-4e2d-9c4e-9ff47cf53017.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:fb:30:8a:5e:03:3a:ae:c6:88:44:11:5b:96:26:c5:9e:3d:
         73:14:f2:2d:4b:e0:8f:f6:21:35:6c:8a:ac:73:3c:95:0a:f2:
         bf:9e:27:1a:cd:42:a8:97:3d:3f:04:46:da:e7:8f:7f:b0:d4:
         fb:a8:f8:56:6b:a5:b8:73:3b:07:55:ae:95:e6:42:9a:6f:d0:
         fc:94:e7:37:33:55:1f:3d:cf:fc:2c:62:eb:c5:30:f9:10:63:
         21:11:18:8e:a7:0e:31:02:b8:74:2c:75:59:77:40:57:da:f3:
         75:38:dc:60:64:63:71:e1:08:43:ed:94:bb:e2:f3:d9:27:2d:
         19:fb:ed:fb:ed:91:a4:bd:af:4d:6c:7c:c7:47:15:9f:b8:e8:
         b9:42:b0:cc:7e:7d:63:28:3b:23:15:c8:73:76:38:24:bb:89:
         24:16:dd:84:27:37:27:a2:67:96:f1:07:71:7d:c1:71:5a:76:
         ad:e0:f3:d3:d5:7a:2c:a5:89:e2:13:cc:06:87:2d:0b:53:23:
         00:10:d1:85:63:80:45:45:2d:fc:70:0b:03:15:10:24:a0:c9:
         b0:92:99:15:5d:5c:86:69:1c:33:9d:2c:26:94:cf:81:59:84:
         25:76:eb:a0:4e:f4:8c:ef:2d:46:bd:66:f1:61:3d:28:13:25:
         1a:94:a9:44
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZZOrTJGJ+el9dxkZGprTZoXk2QgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDEyMDQ4WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMDJiN2Y0ZWY4YTcwZTBjN2FkN2ZiYTA1ZWQ5ZDhlNGI0
YmJkZTExYjE2ZmQ2ZTRhNzVmYjVhZDdmNWJhZjBmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1ovJakEZW/br75P658sYEYgFPa+3UnaQ4vteHTDTuN8S+
gB+8PQ+A8dwzLIkTc80pOMNsFECo8IHAaT3EcVPoQ1T28p0Mb+7S8/Y5uCbiA5b+
tAZo885O6LJgw6lzjAbsq1ZWTcR/LT9TJUXoBSEpYMIR01c6sGoKmwKcKINeKSH1
l+3wbXKDzK/qlWqRNjpwq2VPVc6D9K4qhitGbHMR+IYgj6obKXGbsqEKcByM4WWN
W/UCM7AVwROjmi6zjtbjwpra4fHoM3MNdqfyz6l0URizfI8ivDETJVh2EX7d2M57
+vHBwK/BnCGbQ9H1WHww1MWXAys+fM1749yZfBqVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHJQLloqBlEmrOO6+xmtFJar914wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI4ZTk0N2I3LWY1ODMtNGUyZC05YzRlLTlmZjQ3Y2Y1MzAxNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJsnnwwDQYJKoZIhvcNAQELBQADggEBAFL7MIpeAzquxohEEVuWJsWePXMU
8i1L4I/2ITVsiqxzPJUK8r+eJxrNQqiXPT8ERtrnj3+w1Puo+FZrpbhzOwdVrpXm
Qppv0PyU5zczVR89z/wsYuvFMPkQYyERGI6nDjECuHQsdVl3QFfa83U43GBkY3Hh
CEPtlLvi89knLRn77fvtkaS9r01sfMdHFZ+46LlCsMx+fWMoOyMVyHN2OCS7iSQW
3YQnNyeiZ5bxB3F9wXFadq3g89PVeiylieITzAaHLQtTIwAQ0YVjgEVFLfxwCwMV
ECSgybCSmRVdXIZpHDOdLCaUz4FZhCV266BO9IzvLUa9ZvFhPSgTJRqUqUQ=
-----END CERTIFICATE-----