Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8356ebe0-7229-40e4-9e52-0274972c2165.roa
File:                     8356ebe0-7229-40e4-9e52-0274972c2165.roa (raw, json)
Hash identifier:          jAi56EJPPTNh32lKsXafKnCjdilHjH3GxLyjram+2qk=
Subject key identifier:   7F:A9:10:20:3D:33:2B:E0:70:B9:13:98:1E:45:BA:B0:F1:43:D9:DD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7ED498EF27B30B8AB6A386A6BB062393CCE8BD2E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8356ebe0-7229-40e4-9e52-0274972c2165.roa
Signing time:             Mon 20 Oct 2025 03:31:16 +0000
ROA not before:           Mon 20 Oct 2025 03:31:16 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.158.160.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:d4:98:ef:27:b3:0b:8a:b6:a3:86:a6:bb:06:23:93:cc:e8:bd:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 03:31:16 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=9b0e724e85b90459a673d776bca09698feeadb67a7a000881ee50a1826f287e7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:70:9f:d4:9a:e6:8b:30:e5:e3:52:e1:0d:67:
                    3e:5c:81:e0:79:ee:86:4e:8f:97:54:60:b3:bb:81:
                    5a:b5:d9:f1:78:c3:37:84:2f:54:d4:ef:ce:8d:44:
                    85:a1:40:6b:ec:2a:c2:47:ea:c9:70:96:96:f3:95:
                    f1:c0:e6:eb:a4:54:da:48:9e:9c:31:27:d6:e7:95:
                    b6:88:04:5b:cc:50:3f:3a:50:cb:e0:bf:ac:ed:b5:
                    0d:11:d4:97:5a:c5:16:a7:1a:b9:9e:1b:42:8e:90:
                    fc:56:dd:c8:1f:aa:c7:7f:1a:89:74:5d:5f:bd:cb:
                    2e:b5:84:77:93:10:5c:22:9f:69:bc:fd:46:7e:85:
                    0d:81:57:32:e0:88:dd:10:77:33:f5:dc:7b:0f:ba:
                    4a:5b:0e:3e:bd:96:0e:2e:53:1d:09:5b:99:04:ba:
                    83:53:6b:f3:6e:bb:06:12:12:34:16:f6:bc:41:16:
                    f1:dd:41:a9:99:0a:fb:72:2f:53:39:84:5d:cb:f5:
                    26:2b:3b:1b:00:ce:19:09:33:2a:3f:44:40:05:b7:
                    90:ec:70:3b:19:f8:ea:de:b6:af:6d:73:97:7d:48:
                    3a:da:cd:a4:0a:b5:80:8b:a4:e5:69:96:dd:d6:de:
                    1b:24:73:f8:2c:ec:4f:8b:ac:07:d3:95:48:1f:2b:
                    17:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:A9:10:20:3D:33:2B:E0:70:B9:13:98:1E:45:BA:B0:F1:43:D9:DD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8356ebe0-7229-40e4-9e52-0274972c2165.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.158.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:5d:d7:d8:5d:2e:34:f5:ab:f2:98:f4:e8:a7:05:2c:65:e2:
         8f:68:18:0b:35:70:66:05:fe:bd:1b:4f:19:eb:97:e1:77:99:
         dd:43:93:ad:97:c1:58:8c:13:f0:52:31:5d:69:8e:10:5a:6d:
         ba:96:fb:2a:31:12:5d:f4:86:b8:e9:a4:ec:3d:d0:3b:62:f7:
         3e:3b:29:9a:8d:29:51:16:23:e6:ce:6a:b7:d1:c6:10:e0:cd:
         54:b0:0d:c5:99:6f:c0:a0:de:cd:1e:af:b4:19:c5:29:ee:69:
         18:09:5b:21:27:e7:c3:96:b6:99:7a:df:42:51:94:85:62:f9:
         90:95:be:47:b0:08:59:27:a3:c8:0a:f2:67:6b:89:73:f8:b8:
         f0:e9:cf:91:59:8e:8f:b1:de:c9:ef:de:43:e3:4a:74:24:43:
         07:5f:43:b8:45:3b:e3:5f:21:b7:3f:1a:6b:8f:f2:da:a8:bf:
         d8:f2:f3:93:e3:e3:3e:e7:60:56:72:13:92:dd:1b:88:31:d3:
         b6:fd:ad:37:3c:a0:e9:c0:98:b6:4d:e5:48:6e:75:d0:c3:52:
         52:2e:ca:3b:84:e7:2b:f5:f8:f4:32:63:ea:46:33:d7:5c:7c:
         96:00:6b:f5:84:2b:bb:9b:45:38:c3:e7:ca:d9:43:b3:ed:81:
         64:23:c1:40
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUftSY7yezC4q2o4amuwYjk8zovS4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDMzMTE2WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5YjBlNzI0ZTg1YjkwNDU5YTY3M2Q3NzZiY2EwOTY5OGZl
ZWFkYjY3YTdhMDAwODgxZWU1MGExODI2ZjI4N2U3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDfcJ/UmuaLMOXjUuENZz5cgeB57oZOj5dUYLO7gVq12fF4
wzeEL1TU786NRIWhQGvsKsJH6slwlpbzlfHA5uukVNpInpwxJ9bnlbaIBFvMUD86
UMvgv6zttQ0R1JdaxRanGrmeG0KOkPxW3cgfqsd/Gol0XV+9yy61hHeTEFwin2m8
/UZ+hQ2BVzLgiN0QdzP13HsPukpbDj69lg4uUx0JW5kEuoNTa/NuuwYSEjQW9rxB
FvHdQamZCvtyL1M5hF3L9SYrOxsAzhkJMyo/REAFt5DscDsZ+Oretq9tc5d9SDra
zaQKtYCLpOVplt3W3hskc/gs7E+LrAfTlUgfKxfNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUf6kQID0zK+BwuROYHkW6sPFD2d0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgzNTZlYmUwLTcyMjktNDBlNC05ZTUyLTAyNzQ5NzJjMjE2NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnqAwDQYJKoZIhvcNAQELBQADggEBAAFd19hdLjT1q/KY9OinBSxl4o9o
GAs1cGYF/r0bTxnrl+F3md1Dk62XwViME/BSMV1pjhBabbqW+yoxEl30hrjppOw9
0Dti9z47KZqNKVEWI+bOarfRxhDgzVSwDcWZb8Cg3s0er7QZxSnuaRgJWyEn58OW
tpl630JRlIVi+ZCVvkewCFkno8gK8mdriXP4uPDpz5FZjo+x3snv3kPjSnQkQwdf
Q7hFO+NfIbc/GmuP8tqov9jy85Pj4z7nYFZyE5LdG4gx07b9rTc8oOnAmLZN5Uhu
ddDDUlIuyjuE5yv1+PQyY+pGM9dcfJYAa/WEK7ubRTjD58rZQ7PtgWQjwUA=
-----END CERTIFICATE-----