Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2b526d47-4bef-4a0d-936a-3441d3d729e1.roa
File:                     2b526d47-4bef-4a0d-936a-3441d3d729e1.roa (raw, json)
Hash identifier:          hxszB3K/IAakR34uL7KimY+xwg2UGhWnTw/1TMxCxtc=
Subject key identifier:   F1:26:EA:3E:87:65:6B:B1:CB:45:22:03:56:65:F3:5A:0D:76:5C:C9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       33801FCBCB8080EAB22B3716BAF4152000EB0D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2b526d47-4bef-4a0d-936a-3441d3d729e1.roa
Signing time:             Mon 20 Oct 2025 00:52:13 +0000
ROA not before:           Mon 20 Oct 2025 00:52:13 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.156.171.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:80:1f:cb:cb:80:80:ea:b2:2b:37:16:ba:f4:15:20:00:eb:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 00:52:13 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=54d4a7c96580d1fb0be0a2b38cb132cf1ab65adb2978ef3f0810dee604e0067a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:5c:d3:3e:c3:1c:54:5a:37:be:1a:93:2c:31:
                    a7:6c:4b:f6:d1:fd:2b:f1:c9:e6:8e:1a:00:24:f3:
                    57:0f:4a:94:68:99:cb:9e:e2:36:0e:5c:ea:78:bd:
                    ae:ef:8f:25:95:d5:60:e6:b9:c4:16:c1:cb:44:dc:
                    f0:4a:74:ee:42:b6:c9:7b:39:a8:6e:e9:64:2e:3d:
                    8d:ae:9b:b8:29:91:02:ff:13:a0:68:a4:67:35:e0:
                    d9:6c:84:1e:cd:8c:b7:97:c8:ac:ba:72:6b:27:c7:
                    e6:ab:23:0d:bd:b1:c7:a1:93:26:5e:31:ad:82:02:
                    de:7c:2f:a8:00:45:84:97:11:74:eb:8d:9b:74:7a:
                    d1:66:16:3e:a9:24:84:cd:c0:fe:1f:83:98:cc:fb:
                    80:67:cf:5b:50:bc:14:8a:eb:b5:89:53:8f:90:31:
                    70:84:d2:77:83:25:e9:7b:55:0f:50:3e:62:92:c5:
                    09:78:76:d4:14:da:6f:f0:9d:22:ae:8d:ac:45:35:
                    f8:39:a1:60:b1:a0:8c:a8:1d:b6:2e:08:35:59:3b:
                    3d:67:9f:1a:2c:46:ed:46:83:85:22:e1:ea:3b:7d:
                    13:17:1a:1b:23:df:c8:e8:3b:dd:e4:25:7a:95:f0:
                    e5:00:ad:3e:67:1b:54:49:44:66:c7:15:97:26:7a:
                    5e:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:26:EA:3E:87:65:6B:B1:CB:45:22:03:56:65:F3:5A:0D:76:5C:C9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2b526d47-4bef-4a0d-936a-3441d3d729e1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.156.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:d8:4d:4b:9c:0b:5e:d1:42:1a:b4:cd:9b:9c:ce:5d:67:d3:
         26:79:70:cb:d0:05:b7:97:3a:92:36:8a:e8:8e:ec:fa:8e:9a:
         aa:47:ad:9b:f4:19:78:e5:3e:57:93:10:02:d8:e3:af:66:7a:
         08:34:bb:60:a4:fb:1e:28:6f:89:e7:7a:d6:47:c4:15:0e:06:
         40:be:ce:ad:fe:c3:3f:aa:4b:d6:59:56:e3:0b:e0:16:01:59:
         57:48:e9:da:ef:ed:98:3e:81:05:de:49:10:d6:e7:29:f2:5c:
         fd:94:e7:58:1a:6b:8a:56:bd:79:e6:24:34:73:e8:4f:9c:ae:
         40:4c:cd:95:c0:78:a7:10:6c:11:27:36:81:30:78:ca:e8:d4:
         78:64:20:46:b0:db:3f:42:2e:3f:00:ea:aa:3b:b3:82:fa:81:
         28:63:d8:ae:a4:44:80:20:d0:89:c6:c8:50:4f:c3:39:89:2c:
         e5:bd:0a:b1:51:59:79:bc:ce:be:46:ae:d2:26:c8:2d:d4:86:
         3e:6f:10:05:41:34:13:88:75:9c:a2:92:6e:66:72:fe:68:62:
         a7:e9:ea:cb:09:be:47:b6:15:72:21:a9:0d:55:c6:c6:c7:37:
         16:fe:e6:e7:ff:c6:32:99:14:de:b6:31:d2:9a:49:8a:b5:f4:
         cc:d4:1b:c2
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITM4Afy8uAgOqyKzcWuvQVIADrDTANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzI2ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAxOGQ0MmJlMzU4ZWIz
NzEwN2RiZThjYjcxZDBhNzAeFw0yNTEwMjAwMDUyMTNaFw0yNTExMjQyMzU5NTla
MHoxSTBHBgNVBAUTQDU0ZDRhN2M5NjU4MGQxZmIwYmUwYTJiMzhjYjEzMmNmMWFi
NjVhZGIyOTc4ZWYzZjA4MTBkZWU2MDRlMDA2N2ExLTArBgNVBAMTJGIyNWM5NzBm
LWQ4MTMtNDQ1Yy1iZmUyLTYyNjY4NTE4Yzg3ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMVc0z7DHFRaN74akywxp2xL9tH9K/HJ5o4aACTzVw9KlGiZ
y57iNg5c6ni9ru+PJZXVYOa5xBbBy0Tc8Ep07kK2yXs5qG7pZC49ja6buCmRAv8T
oGikZzXg2WyEHs2Mt5fIrLpyayfH5qsjDb2xx6GTJl4xrYIC3nwvqABFhJcRdOuN
m3R60WYWPqkkhM3A/h+DmMz7gGfPW1C8FIrrtYlTj5AxcITSd4Ml6XtVD1A+YpLF
CXh21BTab/CdIq6NrEU1+DmhYLGgjKgdti4INVk7PWefGixG7UaDhSLh6jt9Exca
GyPfyOg73eQlepXw5QCtPmcbVElEZscVlyZ6XtkCAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBTxJuo+h2VrsctFIgNWZfNaDXZcyTAfBgNVHSMEGDAWgBQQXdeNVXhAq0Nd
vRUhII8p+kk/rjAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzFiYTMwMmI4LThk
YWItNDkxZC1iOWVkLWQ3YzkyZDAzMGQ4Mi82ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAx
OGQ0MmJlMzU4ZWIzNzEwN2RiZThjYjcxZDBhNy5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8yMGFhMzI5Yi1mYzUyLTRjNjEtYmY1My0wOTcy
NWMwNDI5NDIvMmI1MjZkNDctNGJlZi00YTBkLTkzNmEtMzQ0MWQzZDcyOWUxLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMt
MDk3MjVjMDQyOTQyL19xeDNSSjhCalVLLU5ZNnpjUWZiNk10eDBLYy5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAGycqzANBgkqhkiG9w0BAQsFAAOCAQEACdhNS5wLXtFCGrTNm5zOXWfTJnlw
y9AFt5c6kjaK6I7s+o6aqketm/QZeOU+V5MQAtjjr2Z6CDS7YKT7Hihvied61kfE
FQ4GQL7Orf7DP6pL1llW4wvgFgFZV0jp2u/tmD6BBd5JENbnKfJc/ZTnWBprila9
eeYkNHPoT5yuQEzNlcB4pxBsESc2gTB4yujUeGQgRrDbP0IuPwDqqjuzgvqBKGPY
rqREgCDQicbIUE/DOYks5b0KsVFZebzOvkau0ibILdSGPm8QBUE0E4h1nKKSbmZy
/mhip+nqywm+R7YVciGpDVXGxsc3Fv7m5//GMpkU3rYx0ppJirX0zNQbwg==
-----END CERTIFICATE-----