Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5b4fc23e-25db-4ec4-807a-1c4c9d1b4cf0.roa
File:                     5b4fc23e-25db-4ec4-807a-1c4c9d1b4cf0.roa (raw, json)
Hash identifier:          rSRNis7WiIZHShHVHiMeklkTg2Lyc2zETH+m5Z+GyY0=
Subject key identifier:   75:5D:3B:9B:8E:9F:D2:52:92:51:94:A2:7F:3F:B9:A9:F5:D4:71:0E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2A61A917378CF325E0CC92994BB90823DAE6A331
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5b4fc23e-25db-4ec4-807a-1c4c9d1b4cf0.roa
Signing time:             Mon 20 Oct 2025 04:20:50 +0000
ROA not before:           Mon 20 Oct 2025 04:20:50 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.156.240.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:61:a9:17:37:8c:f3:25:e0:cc:92:99:4b:b9:08:23:da:e6:a3:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 04:20:50 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=9eff114b1b62104dcf92358ea1f66dfa7cec121b03dd4d382e4166620b78fd55, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:2b:1a:67:bf:22:28:9e:a2:bb:c1:5b:a6:2c:
                    fb:5a:95:ce:f6:ec:4d:e5:8b:74:24:5e:02:ae:05:
                    a4:e8:da:31:18:0a:17:10:e0:fe:be:a6:15:ae:88:
                    98:bd:c5:29:ed:89:83:74:db:9d:28:1f:06:6d:06:
                    db:1a:a2:d9:45:26:c2:c8:31:ee:77:88:e4:55:9c:
                    ad:b2:c4:66:ac:c0:9f:22:04:4a:17:35:cb:57:65:
                    af:da:fc:c5:37:9c:8a:44:02:b7:a4:f8:a0:64:b2:
                    77:8a:7c:7c:ff:ca:b2:92:79:4a:e4:de:5e:35:50:
                    6d:ce:03:4c:a7:87:cf:d3:17:e1:e9:ea:8a:64:1a:
                    c2:06:8d:8a:a0:6e:a6:07:ca:33:7a:e1:31:76:36:
                    e3:2b:87:a5:0c:c0:c9:7d:bd:2a:16:2d:61:ef:5f:
                    96:7d:ef:be:6f:ca:01:fc:c7:90:2c:22:7a:da:38:
                    d2:b9:4a:ce:25:32:ba:5e:10:21:1a:bf:ec:62:a0:
                    11:b5:bb:33:bc:ac:2f:0a:04:97:75:01:68:5b:0d:
                    54:6c:aa:ad:ea:15:ce:4d:24:74:d1:d1:0f:88:ca:
                    3d:e1:e5:b0:4d:da:e8:07:d0:7c:7f:32:08:80:2b:
                    b3:f8:0a:04:f2:d9:2e:13:d3:1d:3a:c0:b9:e7:75:
                    f7:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:5D:3B:9B:8E:9F:D2:52:92:51:94:A2:7F:3F:B9:A9:F5:D4:71:0E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5b4fc23e-25db-4ec4-807a-1c4c9d1b4cf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.156.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         46:98:b5:e0:b4:dc:e2:ed:34:08:d9:13:95:40:53:9a:3e:6e:
         e8:f8:7c:dd:2e:00:77:4c:82:b0:ad:50:50:76:ed:6e:97:f6:
         df:49:5b:97:33:83:8b:53:56:83:43:7a:df:9c:28:21:61:c1:
         b5:52:9c:d5:4f:c6:15:c4:f9:93:43:48:25:b8:df:78:6f:ee:
         d0:ed:27:83:b9:75:59:a7:13:d5:e4:35:51:cf:d3:e0:4a:d5:
         13:23:e1:72:a2:3b:57:c3:04:bb:d4:c9:64:ec:9b:3d:92:ee:
         6f:e8:73:25:a0:70:cb:15:f0:69:11:22:78:1f:3c:15:87:0b:
         17:01:36:43:a0:84:61:da:a7:e4:56:af:42:33:f0:fb:94:da:
         ea:c7:0d:0c:3d:9f:03:b2:ea:71:2d:e0:05:4f:9d:fd:d8:28:
         00:97:22:17:39:eb:c2:e3:e9:ac:e1:df:41:c9:13:75:7b:8e:
         81:5e:28:7e:0f:9b:3f:41:0e:c9:aa:68:3b:25:90:54:6a:ff:
         18:d9:b8:0a:25:e0:73:5a:5c:67:e4:8e:95:be:8e:01:75:75:
         60:ed:2c:41:58:66:7a:5a:72:ce:2f:33:ce:12:62:33:09:be:
         a2:44:d1:dd:8f:ce:9b:54:4c:93:56:1d:ea:c9:e8:09:29:37:
         6b:b5:9e:21
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKmGpFzeM8yXgzJKZS7kII9rmozEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDQyMDUwWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZWZmMTE0YjFiNjIxMDRkY2Y5MjM1OGVhMWY2NmRmYTdj
ZWMxMjFiMDNkZDRkMzgyZTQxNjY2MjBiNzhmZDU1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJKxpnvyIonqK7wVumLPtalc727E3li3QkXgKuBaTo2jEY
ChcQ4P6+phWuiJi9xSntiYN0250oHwZtBtsaotlFJsLIMe53iORVnK2yxGaswJ8i
BEoXNctXZa/a/MU3nIpEArek+KBksneKfHz/yrKSeUrk3l41UG3OA0ynh8/TF+Hp
6opkGsIGjYqgbqYHyjN64TF2NuMrh6UMwMl9vSoWLWHvX5Z9775vygH8x5AsInra
ONK5Ss4lMrpeECEav+xioBG1uzO8rC8KBJd1AWhbDVRsqq3qFc5NJHTR0Q+Iyj3h
5bBN2ugH0Hx/MgiAK7P4CgTy2S4T0x06wLnndfe9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdV07m46f0lKSUZSifz+5qfXUcQ4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzViNGZjMjNlLTI1ZGItNGVjNC04MDdhLTFjNGM5ZDFiNGNmMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARsnPAwDQYJKoZIhvcNAQELBQADggEBAEaYteC03OLtNAjZE5VAU5o+buj4
fN0uAHdMgrCtUFB27W6X9t9JW5czg4tTVoNDet+cKCFhwbVSnNVPxhXE+ZNDSCW4
33hv7tDtJ4O5dVmnE9XkNVHP0+BK1RMj4XKiO1fDBLvUyWTsmz2S7m/ocyWgcMsV
8GkRIngfPBWHCxcBNkOghGHap+RWr0Iz8PuU2urHDQw9nwOy6nEt4AVPnf3YKACX
Ihc568Lj6azh30HJE3V7joFeKH4Pmz9BDsmqaDslkFRq/xjZuAol4HNaXGfkjpW+
jgF1dWDtLEFYZnpacs4vM84SYjMJvqJE0d2PzptUTJNWHerJ6AkpN2u1niE=
-----END CERTIFICATE-----