Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/823e2510-977f-45a3-8ddc-bc4ab63fe261.roa
File:                     823e2510-977f-45a3-8ddc-bc4ab63fe261.roa (raw, json)
Hash identifier:          g4KTqggiOjjPW7XiwRWqHfwrVR4YhPu/MQqUrW+Fa1Y=
Subject key identifier:   49:62:81:B9:C7:1B:71:BF:A6:43:18:79:12:13:5A:A7:65:5D:10:03
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2C0A05285CBBA23291D183200101278DB9E659AF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/823e2510-977f-45a3-8ddc-bc4ab63fe261.roa
Signing time:             Mon 20 Oct 2025 01:40:09 +0000
ROA not before:           Mon 20 Oct 2025 01:40:09 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.159.94.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:0a:05:28:5c:bb:a2:32:91:d1:83:20:01:01:27:8d:b9:e6:59:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 01:40:09 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=7893166958f5c345298e35017adb829ff9f42dec93d3eb4e82651f7c99db274c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:7b:48:20:da:e0:23:04:60:6e:59:b6:ef:4f:
                    ba:79:56:2b:5e:4d:90:c0:25:1d:f8:39:f8:90:4b:
                    12:5b:28:d5:df:82:77:8c:e6:da:02:dd:67:d1:d1:
                    bc:96:fb:90:d1:31:71:d0:e0:06:3b:72:e6:f7:64:
                    54:eb:cd:dc:d1:e3:3e:fd:f0:5f:61:67:43:d2:53:
                    23:fd:ee:77:04:2b:27:2b:33:c3:9f:c7:52:0e:a2:
                    ea:df:73:7b:86:d5:8a:46:e1:b8:ee:9b:9b:a1:93:
                    d8:71:c7:7c:3b:c5:4f:a4:e5:ba:77:a5:17:08:76:
                    ef:a1:1c:d5:6d:b4:2d:89:42:a9:2d:5b:77:ba:37:
                    5d:71:ed:38:8e:0a:b6:72:5f:ca:13:2b:ad:83:aa:
                    b6:11:55:10:e8:2e:81:6f:57:cf:18:5c:ef:fa:b8:
                    8f:c3:28:b8:95:2b:6c:0c:93:d9:82:5c:49:40:bc:
                    5d:8a:88:d0:77:b8:16:d3:05:3e:35:d5:ad:07:c1:
                    93:1a:6e:0b:b5:83:c0:c4:12:ba:3f:f4:8b:31:e7:
                    72:ea:63:c5:79:a2:8b:05:76:4c:25:94:d1:3f:8d:
                    c8:c5:0d:64:ee:75:41:84:60:ea:b8:7b:91:11:79:
                    9e:c6:18:6a:c1:fc:e2:d1:3f:bf:a1:d3:b0:48:ae:
                    d2:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:62:81:B9:C7:1B:71:BF:A6:43:18:79:12:13:5A:A7:65:5D:10:03
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/823e2510-977f-45a3-8ddc-bc4ab63fe261.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.159.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:8c:93:34:e8:0f:25:97:74:e1:44:d6:42:f6:6d:ae:53:94:
         68:2a:17:64:fb:01:cd:20:2a:83:1c:94:ef:1f:b7:b7:20:9d:
         91:9e:39:39:f4:83:a1:d6:a0:8b:2b:59:c6:d4:dd:bf:02:a7:
         18:2a:d0:20:8e:be:fe:ff:78:4b:a5:2b:cf:85:d0:f4:78:92:
         89:a9:6a:ef:5a:f1:72:f2:93:4c:a6:2f:1e:b3:08:e2:13:3f:
         04:45:ea:af:3e:cf:b9:84:0a:c5:4b:2a:18:64:e4:b8:64:d1:
         56:97:36:f8:10:7c:af:a0:9c:36:83:79:2f:bc:3e:1b:b5:d8:
         5b:80:a7:47:ec:c4:d9:9b:41:70:45:93:7a:4e:81:77:8b:80:
         8b:71:99:f9:38:df:2c:88:f5:87:73:60:4c:34:8b:9c:e0:90:
         cc:0f:78:a6:d0:bb:ac:95:a6:18:4c:a5:e4:e5:84:7a:26:46:
         94:0e:c4:7d:47:bc:c4:a5:b8:21:f8:15:ac:95:25:53:2d:97:
         dd:95:05:89:1a:0b:03:50:3f:9f:4b:2d:25:d1:f4:3b:45:2b:
         63:3d:8e:11:cd:89:af:91:08:a2:e8:41:db:01:01:af:5e:9d:
         5a:46:57:30:eb:53:20:c0:59:d1:70:0e:23:92:cb:a4:2f:ff:
         f4:f3:89:70
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULAoFKFy7ojKR0YMgAQEnjbnmWa8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDE0MDA5WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ODkzMTY2OTU4ZjVjMzQ1Mjk4ZTM1MDE3YWRiODI5ZmY5
ZjQyZGVjOTNkM2ViNGU4MjY1MWY3Yzk5ZGIyNzRjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDle0gg2uAjBGBuWbbvT7p5ViteTZDAJR34OfiQSxJbKNXf
gneM5toC3WfR0byW+5DRMXHQ4AY7cub3ZFTrzdzR4z798F9hZ0PSUyP97ncEKycr
M8Ofx1IOourfc3uG1YpG4bjum5uhk9hxx3w7xU+k5bp3pRcIdu+hHNVttC2JQqkt
W3e6N11x7TiOCrZyX8oTK62DqrYRVRDoLoFvV88YXO/6uI/DKLiVK2wMk9mCXElA
vF2KiNB3uBbTBT411a0HwZMabgu1g8DEEro/9Isx53LqY8V5oosFdkwllNE/jcjF
DWTudUGEYOq4e5EReZ7GGGrB/OLRP7+h07BIrtJdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSWKBuccbcb+mQxh5EhNap2VdEAMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgyM2UyNTEwLTk3N2YtNDVhMy04ZGRjLWJjNGFiNjNmZTI2MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsn14wDQYJKoZIhvcNAQELBQADggEBABmMkzToDyWXdOFE1kL2ba5TlGgq
F2T7Ac0gKoMclO8ft7cgnZGeOTn0g6HWoIsrWcbU3b8Cpxgq0CCOvv7/eEulK8+F
0PR4kompau9a8XLyk0ymLx6zCOITPwRF6q8+z7mECsVLKhhk5Lhk0VaXNvgQfK+g
nDaDeS+8Phu12FuAp0fsxNmbQXBFk3pOgXeLgItxmfk43yyI9YdzYEw0i5zgkMwP
eKbQu6yVphhMpeTlhHomRpQOxH1HvMSluCH4FayVJVMtl92VBYkaCwNQP59LLSXR
9DtFK2M9jhHNia+RCKLoQdsBAa9enVpGVzDrUyDAWdFwDiOSy6Qv//TziXA=
-----END CERTIFICATE-----