Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8052cce2-9048-4c41-be7a-90ece02d345c.roa
File:                     8052cce2-9048-4c41-be7a-90ece02d345c.roa (raw, json)
Hash identifier:          uoWSNQUOUA7BkkgAQQOq3cuTbY2ZAxEmkfUnjtFbN+g=
Subject key identifier:   B2:D6:4B:07:3B:8B:81:51:43:A9:C7:7E:52:E9:9C:96:18:AC:47:5A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       39B0C27DB71E66CA1203C19E646102DC524C8A23
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8052cce2-9048-4c41-be7a-90ece02d345c.roa
Signing time:             Mon 20 Oct 2025 02:22:15 +0000
ROA not before:           Mon 20 Oct 2025 02:22:15 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.159.32.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:b0:c2:7d:b7:1e:66:ca:12:03:c1:9e:64:61:02:dc:52:4c:8a:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 02:22:15 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=300a821981afd41f0886c1e2cbe7ee1809d4f744c86128ff2de029ef5976352d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a0:bd:72:f8:33:e1:cd:1f:a8:b2:98:a6:30:
                    49:a6:0c:15:93:ed:00:27:df:67:50:aa:c2:9f:dd:
                    b6:6f:53:df:b6:25:fd:67:21:50:49:fb:3e:bf:c0:
                    ca:ee:bc:fd:36:09:01:b8:a6:8a:06:0f:26:5f:b7:
                    a9:f5:58:d7:91:c7:f1:f6:b5:5e:62:eb:2b:99:e6:
                    a8:fc:da:93:e6:0e:08:23:b9:ef:cd:cd:66:c9:33:
                    76:e0:82:68:e3:03:9c:d7:73:bb:08:b2:a8:cb:fa:
                    2a:c2:c0:f3:63:82:ce:bc:7e:a2:8f:16:bb:76:04:
                    a6:a1:6d:59:20:68:9e:2e:0f:11:67:2a:4e:20:02:
                    ce:d7:89:40:e8:f8:c0:15:2d:31:a1:a4:e0:34:73:
                    f3:ad:20:89:b6:f0:d1:51:22:44:0d:9c:d0:a1:e4:
                    47:56:2d:ff:36:7b:ca:f5:1e:fb:22:dc:79:81:c5:
                    84:da:a4:26:52:07:28:ea:a8:a0:07:af:a4:10:a3:
                    70:47:87:e2:f0:18:c3:5c:39:b3:47:85:42:a4:f4:
                    82:db:8c:41:aa:68:32:75:2d:97:14:eb:e1:e7:44:
                    5a:8b:fa:48:22:13:0f:f1:80:78:d6:a4:ca:be:8f:
                    18:5a:10:1e:06:d7:e5:5b:6c:31:61:3c:5d:45:95:
                    e1:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:D6:4B:07:3B:8B:81:51:43:A9:C7:7E:52:E9:9C:96:18:AC:47:5A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8052cce2-9048-4c41-be7a-90ece02d345c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.159.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5b:1c:9d:c9:0d:25:ea:03:bc:c7:1f:a0:4c:4a:ca:66:fa:5c:
         06:83:d4:9f:14:93:5c:21:50:6a:8e:70:39:78:af:c1:6a:45:
         b4:d6:45:ea:f0:6a:3f:d8:64:af:39:69:33:f6:89:53:19:d7:
         db:2f:a6:e1:6f:4f:cc:cf:b6:b3:6d:6e:76:9b:e3:ac:2e:94:
         89:50:96:1a:82:41:a0:91:32:4f:31:10:cf:8d:b9:03:33:9e:
         db:5b:b2:1e:48:42:9d:1f:4a:a1:4d:64:0a:04:0b:c2:49:b5:
         f6:ea:e4:32:af:6b:d2:2d:6d:08:eb:54:ce:92:23:8f:7a:ce:
         ce:74:9e:41:d8:d4:81:50:6e:f2:f1:50:8a:f9:8f:5e:62:e5:
         14:7a:e1:5c:83:d1:57:99:26:70:0e:99:45:11:2f:23:d6:94:
         f5:0f:44:15:3e:7d:2e:8d:77:77:b0:45:eb:c7:cf:3e:98:f9:
         4d:35:5b:31:3b:ad:2f:24:ab:82:22:dd:0a:67:ee:ed:4d:26:
         e6:16:24:b1:40:8a:e7:72:21:59:89:55:a2:67:8a:9c:33:ac:
         5f:dc:08:3b:9d:fe:d1:c3:cb:8a:af:65:54:1c:11:8b:64:59:
         c5:86:79:36:d1:57:d8:5b:de:03:4c:4e:7b:d6:f5:42:93:9b:
         99:ba:a2:69
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUObDCfbceZsoSA8GeZGEC3FJMiiMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDIyMjE1WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMDBhODIxOTgxYWZkNDFmMDg4NmMxZTJjYmU3ZWUxODA5
ZDRmNzQ0Yzg2MTI4ZmYyZGUwMjllZjU5NzYzNTJkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0oL1y+DPhzR+ospimMEmmDBWT7QAn32dQqsKf3bZvU9+2
Jf1nIVBJ+z6/wMruvP02CQG4pooGDyZft6n1WNeRx/H2tV5i6yuZ5qj82pPmDggj
ue/NzWbJM3bggmjjA5zXc7sIsqjL+irCwPNjgs68fqKPFrt2BKahbVkgaJ4uDxFn
Kk4gAs7XiUDo+MAVLTGhpOA0c/OtIIm28NFRIkQNnNCh5EdWLf82e8r1Hvsi3HmB
xYTapCZSByjqqKAHr6QQo3BHh+LwGMNcObNHhUKk9ILbjEGqaDJ1LZcU6+HnRFqL
+kgiEw/xgHjWpMq+jxhaEB4G1+VbbDFhPF1FleH3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUstZLBzuLgVFDqcd+UumclhisR1owHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgwNTJjY2UyLTkwNDgtNGM0MS1iZTdhLTkwZWNlMDJkMzQ1Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARsnyAwDQYJKoZIhvcNAQELBQADggEBAFscnckNJeoDvMcfoExKymb6XAaD
1J8Uk1whUGqOcDl4r8FqRbTWRerwaj/YZK85aTP2iVMZ19svpuFvT8zPtrNtbnab
46wulIlQlhqCQaCRMk8xEM+NuQMznttbsh5IQp0fSqFNZAoEC8JJtfbq5DKva9It
bQjrVM6SI496zs50nkHY1IFQbvLxUIr5j15i5RR64VyD0VeZJnAOmUURLyPWlPUP
RBU+fS6Nd3ewRevHzz6Y+U01WzE7rS8kq4Ii3Qpn7u1NJuYWJLFAiudyIVmJVaJn
ipwzrF/cCDud/tHDy4qvZVQcEYtkWcWGeTbRV9hb3gNMTnvW9UKTm5m6omk=
-----END CERTIFICATE-----