Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/909294d2-89bb-4ac9-ba3e-b81ade340f52.roa
File:                     909294d2-89bb-4ac9-ba3e-b81ade340f52.roa (raw, json)
Hash identifier:          mJogIqyzGEClvCFqUY8m0CTZhfv56Aq195BcGplaxsA=
Subject key identifier:   4F:59:40:70:13:8B:A0:AF:E7:B4:83:A3:83:BE:9F:7F:61:F9:9F:EC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0A2C643092C6C117F7373E45BA5DD9BF8F915670
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/909294d2-89bb-4ac9-ba3e-b81ade340f52.roa
Signing time:             Mon 20 Oct 2025 02:22:09 +0000
ROA not before:           Mon 20 Oct 2025 02:22:09 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.157.163.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:2c:64:30:92:c6:c1:17:f7:37:3e:45:ba:5d:d9:bf:8f:91:56:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 02:22:09 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=61695e0aa48034d9f9a49406eb1907eebe977136f7c63db60a9a61d2eb60164c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:4e:64:b8:c7:a3:11:3b:7f:1a:41:3b:78:1c:
                    be:83:5c:57:c2:73:6f:64:61:04:4c:52:1a:d9:3c:
                    50:fd:a8:95:1a:ec:69:c2:41:2c:7c:bc:0c:a6:d3:
                    e9:20:a4:75:8d:80:9e:f1:58:08:f6:26:f6:64:ba:
                    7c:74:d0:d6:94:e8:3f:a4:be:04:b9:7d:77:3a:b1:
                    54:55:35:61:60:3e:49:b2:39:bf:13:21:4b:97:a9:
                    95:38:11:95:ad:9f:2b:f0:86:d3:90:42:6f:9f:eb:
                    33:ed:76:01:0e:2d:b6:11:db:68:50:9c:4c:c7:e5:
                    41:82:68:ce:75:d5:e5:58:ef:61:1f:63:f0:69:ca:
                    a0:ee:f9:ec:a1:99:61:c8:cc:4c:5f:b5:45:4f:51:
                    bc:c0:b5:eb:c1:56:fb:42:19:10:65:f3:37:dc:e1:
                    3b:11:eb:27:55:15:43:32:95:51:d3:03:66:eb:2c:
                    70:8d:2b:93:d5:a1:1a:4f:50:5c:03:2f:1d:da:cc:
                    ef:ff:8f:17:0b:5e:d1:16:c0:ef:d8:63:d0:e2:56:
                    eb:ec:1f:e4:63:8c:bc:9b:6b:cb:db:bc:da:e2:ae:
                    d4:5f:c0:b5:7d:73:c2:ac:73:a4:13:7a:e0:47:c4:
                    d3:f8:fb:ca:1e:12:ba:ee:46:a3:a4:00:b4:79:08:
                    39:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:59:40:70:13:8B:A0:AF:E7:B4:83:A3:83:BE:9F:7F:61:F9:9F:EC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/909294d2-89bb-4ac9-ba3e-b81ade340f52.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.157.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:95:e7:31:ec:83:93:05:40:c1:e2:d7:e5:0a:e8:64:94:f2:
         c6:49:11:aa:ba:01:bb:cc:0d:e0:b8:8e:f4:e2:4b:00:9e:9b:
         48:6d:90:7c:b3:84:6b:a3:dc:29:dc:ea:48:af:95:bf:14:c4:
         f8:c4:79:df:dd:42:4d:6a:98:35:85:25:01:e8:82:91:d6:78:
         c4:cb:cf:7a:92:15:c9:24:07:cd:50:24:7c:3a:1a:b7:74:31:
         4e:86:a3:dd:53:93:7e:3e:9a:5e:ef:af:10:2f:29:54:31:14:
         a3:55:29:db:c6:3b:5a:06:0b:a3:dc:82:a1:63:89:ef:a4:13:
         e4:80:be:7d:e7:23:90:39:a4:8a:d1:6b:0c:73:f9:a7:b0:d2:
         21:f4:8f:67:03:6e:db:fc:ce:13:43:ba:54:c3:63:89:40:77:
         fc:6c:ef:ce:5c:e1:e6:07:2e:22:b7:58:53:94:3d:db:62:bf:
         55:fc:ba:6d:49:8d:09:e8:1f:75:2f:f6:a0:7b:25:70:38:98:
         92:c7:38:58:24:5c:8b:13:ba:10:cc:24:ea:e3:cc:90:5b:3f:
         7c:7b:88:7e:3e:72:91:25:1b:8a:43:6a:56:13:1e:60:d9:ce:
         87:1d:40:e5:8d:f2:83:85:69:6d:c5:b2:fa:e9:c7:16:b8:52:
         7b:cc:d3:a4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCixkMJLGwRf3Nz5Ful3Zv4+RVnAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDIyMjA5WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MTY5NWUwYWE0ODAzNGQ5ZjlhNDk0MDZlYjE5MDdlZWJl
OTc3MTM2ZjdjNjNkYjYwYTlhNjFkMmViNjAxNjRjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3TmS4x6MRO38aQTt4HL6DXFfCc29kYQRMUhrZPFD9qJUa
7GnCQSx8vAym0+kgpHWNgJ7xWAj2JvZkunx00NaU6D+kvgS5fXc6sVRVNWFgPkmy
Ob8TIUuXqZU4EZWtnyvwhtOQQm+f6zPtdgEOLbYR22hQnEzH5UGCaM511eVY72Ef
Y/BpyqDu+eyhmWHIzExftUVPUbzAtevBVvtCGRBl8zfc4TsR6ydVFUMylVHTA2br
LHCNK5PVoRpPUFwDLx3azO//jxcLXtEWwO/YY9DiVuvsH+RjjLyba8vbvNrirtRf
wLV9c8Ksc6QTeuBHxNP4+8oeErruRqOkALR5CDlfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUT1lAcBOLoK/ntIOjg76ff2H5n+wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzkwOTI5NGQyLTg5YmItNGFjOS1iYTNlLWI4MWFkZTM0MGY1Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnaMwDQYJKoZIhvcNAQELBQADggEBAGyV5zHsg5MFQMHi1+UK6GSU8sZJ
Eaq6AbvMDeC4jvTiSwCem0htkHyzhGuj3Cnc6kivlb8UxPjEed/dQk1qmDWFJQHo
gpHWeMTLz3qSFckkB81QJHw6Grd0MU6Go91Tk34+ml7vrxAvKVQxFKNVKdvGO1oG
C6PcgqFjie+kE+SAvn3nI5A5pIrRawxz+aew0iH0j2cDbtv8zhNDulTDY4lAd/xs
785c4eYHLiK3WFOUPdtiv1X8um1JjQnoH3Uv9qB7JXA4mJLHOFgkXIsTuhDMJOrj
zJBbP3x7iH4+cpElG4pDalYTHmDZzocdQOWN8oOFaW3Fsvrpxxa4UnvM06Q=
-----END CERTIFICATE-----