Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3c024a47-7c98-464a-8556-eaf88725802b.roa
File:                     3c024a47-7c98-464a-8556-eaf88725802b.roa (raw, json)
Hash identifier:          zj4g2gpRfkGWgIHkxl4oSdWB0FoW+9c6v2arb8bL8J4=
Subject key identifier:   78:D3:B9:D1:38:9E:B2:58:00:83:55:9B:B2:17:AD:DD:91:EA:7D:74
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       56B2942C6850D60ACF88D1A183DCBF5099B08002
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3c024a47-7c98-464a-8556-eaf88725802b.roa
Signing time:             Fri 17 Oct 2025 00:11:20 +0000
ROA not before:           Fri 17 Oct 2025 00:11:20 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        107.22.158.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:b2:94:2c:68:50:d6:0a:cf:88:d1:a1:83:dc:bf:50:99:b0:80:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 17 00:11:20 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=b8f1e3fca63ffc314eab2de6f946b4c303133fa7878b6d3e4e4081d03c0b817c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:b8:c7:7f:31:be:1f:c0:a6:71:b5:9b:6f:08:
                    2b:c3:c1:79:d5:3b:1b:fe:14:b8:40:c7:1b:7e:0d:
                    d3:f8:7c:30:4f:fe:7c:e3:c6:1a:1c:38:40:3b:8c:
                    a9:f2:f9:1f:5e:9a:de:7d:5f:d6:80:27:ed:73:4f:
                    89:6e:85:f5:89:bc:4e:e5:eb:78:8b:b8:a0:4b:ac:
                    77:ac:aa:51:a5:5c:eb:03:e7:18:ea:15:fb:c4:db:
                    d3:7c:12:ed:52:56:8e:0f:a0:c4:6e:73:74:fe:09:
                    36:57:4e:0c:ac:17:53:4a:a5:b4:c4:97:30:a9:66:
                    0f:17:dc:b5:8b:9d:ca:1d:6b:70:a3:dd:4a:c5:63:
                    46:28:de:55:43:68:38:9d:16:90:f2:bd:d6:e4:8f:
                    f8:46:9d:6e:ee:ab:fe:89:24:73:d6:5d:1d:82:42:
                    16:49:a6:c6:6e:c9:7d:1c:bc:81:ae:57:f7:de:1f:
                    cb:0a:e5:3d:ad:35:49:0f:21:a9:f5:f2:9d:3f:2c:
                    58:95:fa:6a:cc:8b:59:e0:02:8d:3e:1a:f9:78:a0:
                    8e:c4:9a:12:ce:ef:bf:f1:dc:09:82:63:b9:21:15:
                    68:81:ed:97:78:fd:cb:7b:9a:9f:e7:39:3d:bc:70:
                    3a:4d:f7:83:74:43:84:e4:81:1f:6b:dd:1f:3d:fe:
                    1f:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:D3:B9:D1:38:9E:B2:58:00:83:55:9B:B2:17:AD:DD:91:EA:7D:74
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3c024a47-7c98-464a-8556-eaf88725802b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.22.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:3e:51:1f:1b:a8:e0:fb:7d:5d:06:4f:0f:29:f8:66:c7:8e:
         81:56:99:5e:15:35:ef:3d:73:bf:9e:57:7e:64:51:5c:c5:3f:
         a0:3a:6f:8d:7a:07:de:52:cc:19:71:f0:6a:9a:65:f2:6b:cd:
         e7:ab:17:96:7b:b5:43:bd:f9:e3:dd:cb:bc:35:6d:55:38:bb:
         9e:42:df:50:7d:44:3a:26:5a:fd:2e:fc:03:1d:13:9b:27:f0:
         e6:be:19:09:29:2a:d5:93:50:d3:09:34:cc:3f:38:9e:d9:8e:
         d0:2e:12:38:a2:aa:ff:2d:11:51:24:b2:47:50:e0:7f:9b:e9:
         00:ae:7c:21:11:43:9f:23:1b:9e:4b:7c:6f:22:25:70:19:e4:
         e8:9c:76:f9:c7:74:03:88:f8:18:10:a2:c5:bb:e4:a2:38:c0:
         85:28:00:8e:db:49:01:93:fc:9f:d3:5e:d0:d2:f5:25:b1:85:
         95:e6:4d:37:68:be:2d:47:27:19:1e:2a:43:d1:5f:22:db:da:
         b4:49:47:01:9b:41:43:90:ec:a2:ea:cb:46:56:36:50:8d:f7:
         fc:0f:c9:9a:c3:c3:fc:69:cd:c4:84:e7:e1:35:4e:af:91:6b:
         ab:70:d2:bd:ed:b9:75:ee:1c:f9:39:fa:b7:16:ae:0a:e4:fe:
         fa:c9:ed:ce
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVrKULGhQ1grPiNGhg9y/UJmwgAIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDE3MDAxMTIwWhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiOGYxZTNmY2E2M2ZmYzMxNGVhYjJkZTZmOTQ2YjRjMzAz
MTMzZmE3ODc4YjZkM2U0ZTQwODFkMDNjMGI4MTdjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwuMd/Mb4fwKZxtZtvCCvDwXnVOxv+FLhAxxt+DdP4fDBP
/nzjxhocOEA7jKny+R9emt59X9aAJ+1zT4luhfWJvE7l63iLuKBLrHesqlGlXOsD
5xjqFfvE29N8Eu1SVo4PoMRuc3T+CTZXTgysF1NKpbTElzCpZg8X3LWLncoda3Cj
3UrFY0Yo3lVDaDidFpDyvdbkj/hGnW7uq/6JJHPWXR2CQhZJpsZuyX0cvIGuV/fe
H8sK5T2tNUkPIan18p0/LFiV+mrMi1ngAo0+Gvl4oI7EmhLO77/x3AmCY7khFWiB
7Zd4/ct7mp/nOT28cDpN94N0Q4TkgR9r3R89/h81AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeNO50TieslgAg1Wbshet3ZHqfXQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNjMDI0YTQ3LTdjOTgtNDY0YS04NTU2LWVhZjg4NzI1ODAyYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABrFp4wDQYJKoZIhvcNAQELBQADggEBABA+UR8bqOD7fV0GTw8p+GbHjoFW
mV4VNe89c7+eV35kUVzFP6A6b416B95SzBlx8GqaZfJrzeerF5Z7tUO9+ePdy7w1
bVU4u55C31B9RDomWv0u/AMdE5sn8Oa+GQkpKtWTUNMJNMw/OJ7ZjtAuEjiiqv8t
EVEkskdQ4H+b6QCufCERQ58jG55LfG8iJXAZ5OicdvnHdAOI+BgQosW75KI4wIUo
AI7bSQGT/J/TXtDS9SWxhZXmTTdovi1HJxkeKkPRXyLb2rRJRwGbQUOQ7KLqy0ZW
NlCN9/wPyZrDw/xpzcSE5+E1Tq+Ra6tw0r3tuXXuHPk5+rcWrgrk/vrJ7c4=
-----END CERTIFICATE-----