Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/81e6c083-5cfe-4a2a-8b2c-0983012c53ee.roa
File:                     81e6c083-5cfe-4a2a-8b2c-0983012c53ee.roa (raw, json)
Hash identifier:          cIyX1wyiIWM1TicY6nGkf7beKuSKdIQ7kZFAkG6mDXc=
Subject key identifier:   8B:0D:5E:41:7A:7D:A4:4C:DA:0B:8F:2A:44:35:86:A9:C4:14:1E:81
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       31657C1BD0D6D1A52AFB5ADE557AB1C0C3FFE586
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/81e6c083-5cfe-4a2a-8b2c-0983012c53ee.roa
Signing time:             Mon 20 Oct 2025 03:32:28 +0000
ROA not before:           Mon 20 Oct 2025 03:32:28 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.236.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:65:7c:1b:d0:d6:d1:a5:2a:fb:5a:de:55:7a:b1:c0:c3:ff:e5:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 03:32:28 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=610790fcf203085e7ec48df8cb02adb03938aa35f9782e00e9bc610637543088, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:f3:b7:ef:ef:22:c1:fe:89:86:7a:e0:e8:5c:
                    81:d9:ec:45:7f:16:e3:5d:0b:d0:0f:08:75:1d:82:
                    11:e6:28:cc:46:e2:5d:18:e2:96:23:c6:47:dd:ac:
                    64:c3:f6:97:be:d7:0c:d1:94:5e:bf:ea:3e:38:b5:
                    32:a2:b6:68:a2:54:2d:0d:12:e3:87:16:df:ef:56:
                    24:dd:de:06:93:a9:d8:eb:2a:4d:13:50:58:04:c1:
                    9f:9b:e7:d2:f0:11:66:96:69:5e:f6:06:02:a5:c7:
                    71:03:20:a7:23:69:d6:5f:84:43:38:83:45:71:49:
                    15:e0:77:32:cf:15:93:cf:15:0f:00:8d:67:e2:08:
                    84:0e:c2:89:f5:8b:b2:87:49:20:d9:27:17:a5:fd:
                    78:2a:c2:52:bd:b1:c2:d9:9f:b2:e0:14:46:ac:b2:
                    fb:f6:bb:8a:41:89:0b:34:1e:c0:10:82:04:c6:70:
                    01:ca:48:b1:83:84:b0:94:4d:d2:1e:d2:62:68:c6:
                    e4:44:54:45:28:b0:94:40:ef:7f:4b:ff:2c:30:91:
                    57:8d:f9:91:b8:ae:01:6d:80:6d:7a:04:39:e8:a7:
                    46:7b:99:cb:7d:c0:41:ce:3f:3a:11:23:5f:01:26:
                    91:2a:71:72:7f:d7:f0:5a:4c:eb:aa:b9:12:30:7c:
                    98:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:0D:5E:41:7A:7D:A4:4C:DA:0B:8F:2A:44:35:86:A9:C4:14:1E:81
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/81e6c083-5cfe-4a2a-8b2c-0983012c53ee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:7a:f3:93:04:46:11:f0:a4:a7:c6:01:4d:14:48:42:e2:b0:
         36:06:08:23:51:5d:97:42:d5:9b:49:3b:45:56:e7:67:7a:2f:
         8d:e5:2e:4e:5d:49:f7:cd:f7:be:3e:af:31:5e:3e:25:32:07:
         ce:77:b3:21:b7:ef:ec:dd:c9:cb:93:83:ec:43:1c:4c:7a:54:
         e6:6f:c4:f8:56:07:9e:c0:3b:71:f3:ab:4f:81:5f:c0:8d:64:
         56:57:05:1c:58:51:fe:7a:50:df:c5:90:b2:ae:67:ad:5f:8b:
         18:19:2d:6d:56:ef:f3:f2:99:02:6a:6d:41:1d:3c:37:2f:b7:
         54:f6:88:62:63:bf:60:a1:37:c2:7b:81:de:0a:12:ef:0a:19:
         1e:ce:6c:3d:f9:86:02:13:04:be:21:a7:8e:ca:59:a1:46:82:
         e8:bb:c5:ee:b8:1e:b0:10:db:2f:8e:9e:44:52:30:53:ed:d4:
         eb:38:d0:59:65:b6:b6:d4:36:18:2a:f8:63:2c:a0:6f:0b:37:
         02:bf:3e:8c:8f:5e:41:f6:7d:ab:40:ce:85:59:17:df:22:ba:
         93:b6:20:57:f2:d1:65:d8:38:ce:f5:58:70:2f:37:bb:67:d0:
         1e:cb:f9:e3:01:db:06:68:d4:21:67:94:fe:86:d6:44:13:8e:
         36:b5:2f:72
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMWV8G9DW0aUq+1reVXqxwMP/5YYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDMzMjI4WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MTA3OTBmY2YyMDMwODVlN2VjNDhkZjhjYjAyYWRiMDM5
MzhhYTM1Zjk3ODJlMDBlOWJjNjEwNjM3NTQzMDg4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCU87fv7yLB/omGeuDoXIHZ7EV/FuNdC9APCHUdghHmKMxG
4l0Y4pYjxkfdrGTD9pe+1wzRlF6/6j44tTKitmiiVC0NEuOHFt/vViTd3gaTqdjr
Kk0TUFgEwZ+b59LwEWaWaV72BgKlx3EDIKcjadZfhEM4g0VxSRXgdzLPFZPPFQ8A
jWfiCIQOwon1i7KHSSDZJxel/XgqwlK9scLZn7LgFEassvv2u4pBiQs0HsAQggTG
cAHKSLGDhLCUTdIe0mJoxuREVEUosJRA739L/ywwkVeN+ZG4rgFtgG16BDnop0Z7
mct9wEHOPzoRI18BJpEqcXJ/1/BaTOuquRIwfJgbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiw1eQXp9pEzaC48qRDWGqcQUHoEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgxZTZjMDgzLTVjZmUtNGEyYS04YjJjLTA5ODMwMTJjNTNlZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnuwwDQYJKoZIhvcNAQELBQADggEBADV685MERhHwpKfGAU0USELisDYG
CCNRXZdC1ZtJO0VW52d6L43lLk5dSffN974+rzFePiUyB853syG37+zdycuTg+xD
HEx6VOZvxPhWB57AO3Hzq0+BX8CNZFZXBRxYUf56UN/FkLKuZ61fixgZLW1W7/Py
mQJqbUEdPDcvt1T2iGJjv2ChN8J7gd4KEu8KGR7ObD35hgITBL4hp47KWaFGgui7
xe64HrAQ2y+OnkRSMFPt1Os40FlltrbUNhgq+GMsoG8LNwK/PoyPXkH2fatAzoVZ
F98iupO2IFfy0WXYOM71WHAvN7tn0B7L+eMB2wZo1CFnlP6G1kQTjja1L3I=
-----END CERTIFICATE-----