Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8bea2916-fdab-4fe9-afa0-008ecfd7ce90.roa
File:                     8bea2916-fdab-4fe9-afa0-008ecfd7ce90.roa (raw, json)
Hash identifier:          nNlB1HlfwwmEMc1Tqm/xuYup1xt5RcXmoEo6wS6EnRs=
Subject key identifier:   F0:DA:67:A6:E2:81:6D:2F:C9:E8:34:92:E5:CD:D3:65:18:AC:50:1C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4539E8479EE59E697BDA32E9D0571E40CBB06A5C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8bea2916-fdab-4fe9-afa0-008ecfd7ce90.roa
Signing time:             Mon 20 Oct 2025 04:32:34 +0000
ROA not before:           Mon 20 Oct 2025 04:32:34 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.159.24.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:39:e8:47:9e:e5:9e:69:7b:da:32:e9:d0:57:1e:40:cb:b0:6a:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 04:32:34 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=d98053c9b818ce42b9e5fc1cf577d8e44eee051b71cbdf824fe8f409c9037906, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:0e:2d:d3:29:c3:5e:ff:4c:03:a5:ee:af:95:
                    fc:a7:03:46:de:bc:b1:42:5a:e4:cd:3a:ac:87:b3:
                    4d:62:77:af:cb:99:a2:03:49:05:a1:e2:f3:62:24:
                    00:2f:21:d6:91:ba:6b:7c:26:d6:6b:d2:b3:5d:8e:
                    58:30:7f:04:d1:d9:dc:e3:1f:51:6e:8f:fc:c1:a3:
                    af:79:5f:79:49:26:44:7c:64:61:20:94:7a:f0:b5:
                    61:08:4d:4f:45:e1:02:9c:39:ca:4b:7d:2d:61:3d:
                    02:1f:f3:ef:09:37:70:d3:48:8f:e0:3f:c8:2c:ee:
                    46:49:9d:a6:f4:b3:03:d0:cd:46:63:6b:96:36:d7:
                    8f:31:3a:b3:9c:1a:9f:d0:a8:e5:4f:a7:c0:17:d6:
                    88:54:42:a9:3d:f8:85:48:fd:8e:83:a8:65:e3:40:
                    19:0e:1b:99:d2:d6:7e:af:9c:32:4e:39:3d:1b:2e:
                    79:35:37:29:0c:aa:04:d9:4c:c9:a2:66:39:77:51:
                    11:29:aa:d4:ea:9a:30:c6:4a:9c:1b:53:2a:f9:34:
                    72:f2:0a:d3:c3:a4:b0:88:3c:61:94:91:7b:b0:d2:
                    2d:94:1b:6f:9b:4d:ff:26:3b:52:7b:77:f5:bc:ed:
                    99:de:52:71:7e:23:ec:f6:3d:7f:bf:55:0d:c8:bb:
                    96:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:DA:67:A6:E2:81:6D:2F:C9:E8:34:92:E5:CD:D3:65:18:AC:50:1C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8bea2916-fdab-4fe9-afa0-008ecfd7ce90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.159.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d6:18:2b:37:70:43:80:d1:cd:5e:6b:56:b1:29:cc:1d:8e:ce:
         dd:12:82:9b:17:1b:ef:1f:7c:79:67:1e:f0:37:f9:5b:58:ab:
         5f:71:2f:db:c4:9c:f9:1e:4c:96:67:71:0a:60:28:ed:f9:4e:
         01:39:bb:c3:bc:36:c2:d8:ed:81:ca:4c:36:1c:bc:b7:04:31:
         18:fa:87:94:7d:b6:dd:52:91:d8:fa:bb:8a:3a:01:50:2d:6a:
         55:ed:95:7b:ed:50:eb:8c:18:e0:73:56:cd:3d:7b:08:48:d0:
         fb:ee:61:bb:31:dc:04:b6:63:87:0c:40:bd:61:79:aa:2d:d4:
         7c:f9:c4:9e:0d:02:8e:76:19:d4:33:9a:9c:4f:d4:54:94:ad:
         e8:95:f3:fd:79:61:ce:73:38:61:ad:a7:9f:55:cb:a0:79:1d:
         d7:c2:a3:a7:a2:08:08:dd:90:c6:02:bc:4b:d5:e5:65:5c:43:
         9c:e0:29:f2:76:7a:b4:d7:02:36:fb:0d:fd:38:bc:2a:cb:f0:
         62:45:5d:a2:b5:6a:a5:0a:c9:73:db:7e:bb:cf:a0:24:7f:10:
         16:79:4e:a0:2a:5b:90:34:a9:6e:d5:d8:4c:56:d3:6f:50:af:
         7e:b5:7c:c0:14:a9:0d:67:76:6e:90:42:b1:b5:14:aa:30:2c:
         3b:82:b4:50
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURTnoR57lnml72jLp0FceQMuwalwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDQzMjM0WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BkOTgwNTNjOWI4MThjZTQyYjllNWZjMWNmNTc3ZDhlNDRl
ZWUwNTFiNzFjYmRmODI0ZmU4ZjQwOWM5MDM3OTA2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUDi3TKcNe/0wDpe6vlfynA0bevLFCWuTNOqyHs01id6/L
maIDSQWh4vNiJAAvIdaRumt8JtZr0rNdjlgwfwTR2dzjH1Fuj/zBo695X3lJJkR8
ZGEglHrwtWEITU9F4QKcOcpLfS1hPQIf8+8JN3DTSI/gP8gs7kZJnab0swPQzUZj
a5Y2148xOrOcGp/QqOVPp8AX1ohUQqk9+IVI/Y6DqGXjQBkOG5nS1n6vnDJOOT0b
Lnk1NykMqgTZTMmiZjl3UREpqtTqmjDGSpwbUyr5NHLyCtPDpLCIPGGUkXuw0i2U
G2+bTf8mO1J7d/W87ZneUnF+I+z2PX+/VQ3Iu5ZxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8NpnpuKBbS/J6DSS5c3TZRisUBwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhiZWEyOTE2LWZkYWItNGZlOS1hZmEwLTAwOGVjZmQ3Y2U5MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJsnxgwDQYJKoZIhvcNAQELBQADggEBANYYKzdwQ4DRzV5rVrEpzB2Ozt0S
gpsXG+8ffHlnHvA3+VtYq19xL9vEnPkeTJZncQpgKO35TgE5u8O8NsLY7YHKTDYc
vLcEMRj6h5R9tt1Skdj6u4o6AVAtalXtlXvtUOuMGOBzVs09ewhI0PvuYbsx3AS2
Y4cMQL1heaot1Hz5xJ4NAo52GdQzmpxP1FSUreiV8/15Yc5zOGGtp59Vy6B5HdfC
o6eiCAjdkMYCvEvV5WVcQ5zgKfJ2erTXAjb7Df04vCrL8GJFXaK1aqUKyXPbfrvP
oCR/EBZ5TqAqW5A0qW7V2ExW029Qr361fMAUqQ1ndm6QQrG1FKowLDuCtFA=
-----END CERTIFICATE-----