Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/857be1f1-fb4d-47ac-9cd0-da84a6f84e6a.roa
File:                     857be1f1-fb4d-47ac-9cd0-da84a6f84e6a.roa (raw, json)
Hash identifier:          k8Ddxe3LzQvs+i6kxASTr4dLpoAVIP4Hs0vBb+hU7iw=
Subject key identifier:   8D:FC:FC:E0:58:15:14:7B:3B:32:C3:26:01:6B:DA:02:17:D8:52:6E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0E17DDD923714BC554EBF9E4DF66DE10F235B5F6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/857be1f1-fb4d-47ac-9cd0-da84a6f84e6a.roa
Signing time:             Mon 20 Oct 2025 05:30:13 +0000
ROA not before:           Mon 20 Oct 2025 05:30:13 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.156.110.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:17:dd:d9:23:71:4b:c5:54:eb:f9:e4:df:66:de:10:f2:35:b5:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 05:30:13 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=726aa459c3512abae24b1d077f3686561b7daaa36c3b2c0133b4978ed831989e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:90:3c:e5:81:33:ca:65:b2:fb:5b:00:31:67:
                    73:0a:f3:56:58:58:78:d4:3d:76:c3:0c:86:e1:93:
                    ff:11:39:b6:95:79:ab:8c:a6:f3:65:b2:a2:31:be:
                    30:93:36:31:55:ab:1a:7c:68:4c:1b:90:2f:42:35:
                    fa:cd:72:76:60:29:97:69:9c:53:f4:0e:a5:9a:de:
                    90:5f:93:e8:6e:7b:93:0f:81:4d:ba:f8:37:8e:14:
                    5b:f9:5d:3f:ef:cb:e7:85:88:1e:58:ff:31:11:05:
                    6e:fa:04:ac:9f:9b:47:b1:2a:57:96:ee:c4:18:be:
                    18:e9:29:45:8a:87:2e:65:f2:3b:ff:b3:b2:41:2b:
                    99:bc:2f:01:aa:67:ba:34:e8:cc:46:75:b1:1a:ac:
                    5f:a9:7a:72:95:79:74:82:61:d5:70:09:cf:d1:68:
                    5a:66:c6:12:f3:69:ff:a7:87:e7:f2:55:14:7f:35:
                    c6:db:b2:79:7e:19:81:94:83:e2:da:5a:97:eb:1a:
                    11:79:87:bc:0c:b3:40:34:ba:42:db:b5:d4:fd:5f:
                    dd:ac:8a:c6:dc:67:bc:f6:30:94:f3:26:e8:38:13:
                    aa:71:92:ec:7a:0f:3a:13:e4:e2:a8:bb:2f:82:60:
                    3a:d0:3d:4f:0a:63:eb:dc:aa:3d:8f:b8:44:6f:c7:
                    3d:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:FC:FC:E0:58:15:14:7B:3B:32:C3:26:01:6B:DA:02:17:D8:52:6E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/857be1f1-fb4d-47ac-9cd0-da84a6f84e6a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.156.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:64:76:57:16:ee:99:9a:fd:89:2e:52:39:92:42:2f:7b:0c:
         59:cd:9d:31:68:7d:5d:76:ef:ae:fd:3e:86:e2:c1:ad:11:1d:
         a9:fc:1b:28:ef:7f:18:31:35:28:95:ba:09:48:2e:42:ed:0d:
         dd:3a:74:9f:ae:7e:c3:7e:90:9a:7a:e4:6f:35:f1:14:fa:c8:
         42:8b:76:96:e9:8f:47:70:07:af:10:70:66:a6:d0:7c:5d:6b:
         8e:1e:91:13:36:f0:68:df:66:e6:b2:80:75:d9:d2:66:c6:cb:
         7e:a5:e3:ba:a1:92:be:17:b9:43:4f:0f:6c:82:8d:a0:d9:e8:
         8a:64:01:e8:14:ab:55:19:ee:48:8b:ae:a3:6f:17:7a:06:c1:
         d3:29:f6:8d:83:6c:c9:ed:6d:e3:d3:cd:66:65:d1:d7:36:87:
         0c:f7:b1:f9:f7:e0:e8:c6:4f:57:2e:9a:27:cd:cc:66:ac:da:
         3b:ae:b0:94:fa:9e:70:65:30:bd:d6:2f:e2:99:76:c4:60:3e:
         d1:e1:d4:43:7c:7f:76:66:37:4d:9d:bd:5b:5a:3f:69:4a:4a:
         2d:60:3b:24:b6:ab:f1:47:88:2a:b5:d7:fd:31:8d:71:0a:4c:
         6c:43:b9:cc:16:37:47:5d:79:27:01:58:0d:f3:69:61:98:c7:
         39:be:36:76
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDhfd2SNxS8VU6/nk32beEPI1tfYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDUzMDEzWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MjZhYTQ1OWMzNTEyYWJhZTI0YjFkMDc3ZjM2ODY1NjFi
N2RhYWEzNmMzYjJjMDEzM2I0OTc4ZWQ4MzE5ODllMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZkDzlgTPKZbL7WwAxZ3MK81ZYWHjUPXbDDIbhk/8RObaV
eauMpvNlsqIxvjCTNjFVqxp8aEwbkC9CNfrNcnZgKZdpnFP0DqWa3pBfk+hue5MP
gU26+DeOFFv5XT/vy+eFiB5Y/zERBW76BKyfm0exKleW7sQYvhjpKUWKhy5l8jv/
s7JBK5m8LwGqZ7o06MxGdbEarF+penKVeXSCYdVwCc/RaFpmxhLzaf+nh+fyVRR/
Ncbbsnl+GYGUg+LaWpfrGhF5h7wMs0A0ukLbtdT9X92sisbcZ7z2MJTzJug4E6px
kux6DzoT5OKouy+CYDrQPU8KY+vcqj2PuERvxz2PAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjfz84FgVFHs7MsMmAWvaAhfYUm4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg1N2JlMWYxLWZiNGQtNDdhYy05Y2QwLWRhODRhNmY4NGU2YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnG4wDQYJKoZIhvcNAQELBQADggEBABhkdlcW7pma/YkuUjmSQi97DFnN
nTFofV127679Pobiwa0RHan8GyjvfxgxNSiVuglILkLtDd06dJ+ufsN+kJp65G81
8RT6yEKLdpbpj0dwB68QcGam0Hxda44ekRM28GjfZuaygHXZ0mbGy36l47qhkr4X
uUNPD2yCjaDZ6IpkAegUq1UZ7kiLrqNvF3oGwdMp9o2DbMntbePTzWZl0dc2hwz3
sfn34OjGT1cumifNzGas2juusJT6nnBlML3WL+KZdsRgPtHh1EN8f3ZmN02dvVta
P2lKSi1gOyS2q/FHiCq11/0xjXEKTGxDucwWN0ddeScBWA3zaWGYxzm+NnY=
-----END CERTIFICATE-----