Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9684448e-7835-4602-a9a1-eee8d92588fa.roa
File:                     9684448e-7835-4602-a9a1-eee8d92588fa.roa (raw, json)
Hash identifier:          lYbSaD9Iml02D99YcxVSF7bWgRrlLpxZ7uFI1ozDS3o=
Subject key identifier:   32:11:E9:67:9E:94:59:07:F3:76:A5:7B:A0:3E:50:3D:34:6B:C0:F5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       15EEBCBDBF04220BF16678FDD084C008198072DE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9684448e-7835-4602-a9a1-eee8d92588fa.roa
Signing time:             Mon 20 Oct 2025 04:11:52 +0000
ROA not before:           Mon 20 Oct 2025 04:11:52 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.159.156.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:ee:bc:bd:bf:04:22:0b:f1:66:78:fd:d0:84:c0:08:19:80:72:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 04:11:52 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=8ed051190268de6203a748e16f356e44d4d70aca1d44d7b7975e9f461fecbab4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f3:62:fd:10:07:6d:72:7a:85:fb:cc:90:9d:
                    73:f7:75:30:fc:5e:b0:03:1e:6d:04:21:85:c4:6b:
                    7f:fe:99:b0:68:d8:36:9c:4f:0a:78:11:46:73:04:
                    17:cd:b1:fe:12:6e:1f:24:75:f5:1a:74:f9:1d:d2:
                    8b:cb:de:40:b7:18:eb:a2:d3:51:5e:5d:34:2f:2b:
                    46:10:50:51:5a:13:85:32:b1:3c:28:09:bf:ec:e0:
                    99:55:f6:b4:47:09:25:b8:18:fd:40:77:49:61:d2:
                    8f:3a:48:e0:95:30:9c:f1:ca:5a:81:96:13:5b:0f:
                    a3:86:e7:a3:6d:ed:ef:4d:7f:e8:27:7c:91:8d:db:
                    ec:79:73:40:51:29:1c:08:7c:78:21:a1:a4:85:ac:
                    28:9b:54:10:13:5e:74:10:52:f9:dc:47:13:6d:1d:
                    5d:b5:9f:b6:de:54:2b:e5:dc:41:21:db:87:2c:f4:
                    d7:f3:39:5d:26:a4:32:4f:4c:01:1d:f0:35:5a:21:
                    22:f0:68:e1:2e:7d:1c:8c:c3:59:20:71:e8:96:3e:
                    8e:fe:05:94:91:22:a2:5f:6f:f9:e3:72:8d:50:77:
                    26:9c:68:43:76:a3:d9:03:07:fb:7f:fc:c1:93:8c:
                    06:a9:3b:d8:cc:37:55:7b:83:ec:5c:3f:30:53:bd:
                    80:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:11:E9:67:9E:94:59:07:F3:76:A5:7B:A0:3E:50:3D:34:6B:C0:F5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9684448e-7835-4602-a9a1-eee8d92588fa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.159.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:fc:a9:9c:80:1d:39:d4:50:da:19:92:d0:c4:86:1f:2b:b2:
         99:5f:5b:92:7f:77:62:06:eb:5a:17:67:65:c9:01:02:86:f4:
         b2:11:67:1f:6c:a5:8d:e1:fd:d4:d1:f8:68:c4:d7:ed:31:0c:
         c3:83:9a:c5:30:57:c0:70:ab:82:e1:99:5e:8e:0d:0c:e5:58:
         39:1d:d2:3f:c8:ec:39:2c:e5:3e:f8:ae:1a:e9:ed:32:6a:ff:
         a2:22:a3:59:fc:77:dd:a0:1d:81:4a:c6:e0:cb:c8:e5:68:d1:
         09:ae:38:7a:2f:5a:55:f5:b1:7a:2c:40:36:87:c7:8e:fa:fe:
         66:5f:4c:bd:2b:0d:48:43:2d:b2:5f:16:8e:f2:44:21:4b:15:
         e8:66:2a:bf:44:9b:5d:c7:77:38:48:31:12:86:a0:4f:71:58:
         46:d0:f6:60:48:26:51:f7:e0:28:be:a5:b0:7a:ca:32:64:22:
         51:95:a0:7d:09:28:7c:f2:6e:4f:89:40:d7:97:57:e1:a8:87:
         33:da:74:37:50:0a:4f:81:7d:8f:c9:74:7b:05:ed:ff:6d:ad:
         5e:26:10:65:00:f6:b3:09:f8:35:83:38:e1:53:a4:61:d7:15:
         af:71:cc:61:b4:5e:61:6b:ad:bd:0d:4b:c4:9b:e1:93:a7:a9:
         08:df:fd:43
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFe68vb8EIgvxZnj90ITACBmAct4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDQxMTUyWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZWQwNTExOTAyNjhkZTYyMDNhNzQ4ZTE2ZjM1NmU0NGQ0
ZDcwYWNhMWQ0NGQ3Yjc5NzVlOWY0NjFmZWNiYWI0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCt82L9EAdtcnqF+8yQnXP3dTD8XrADHm0EIYXEa3/+mbBo
2DacTwp4EUZzBBfNsf4Sbh8kdfUadPkd0ovL3kC3GOui01FeXTQvK0YQUFFaE4Uy
sTwoCb/s4JlV9rRHCSW4GP1Ad0lh0o86SOCVMJzxylqBlhNbD6OG56Nt7e9Nf+gn
fJGN2+x5c0BRKRwIfHghoaSFrCibVBATXnQQUvncRxNtHV21n7beVCvl3EEh24cs
9NfzOV0mpDJPTAEd8DVaISLwaOEufRyMw1kgceiWPo7+BZSRIqJfb/njco1Qdyac
aEN2o9kDB/t//MGTjAapO9jMN1V7g+xcPzBTvYDHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMhHpZ56UWQfzdqV7oD5QPTRrwPUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk2ODQ0NDhlLTc4MzUtNDYwMi1hOWExLWVlZThkOTI1ODhmYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJsn5wwDQYJKoZIhvcNAQELBQADggEBABr8qZyAHTnUUNoZktDEhh8rsplf
W5J/d2IG61oXZ2XJAQKG9LIRZx9spY3h/dTR+GjE1+0xDMODmsUwV8Bwq4LhmV6O
DQzlWDkd0j/I7Dks5T74rhrp7TJq/6Iio1n8d92gHYFKxuDLyOVo0QmuOHovWlX1
sXosQDaHx476/mZfTL0rDUhDLbJfFo7yRCFLFehmKr9Em13HdzhIMRKGoE9xWEbQ
9mBIJlH34Ci+pbB6yjJkIlGVoH0JKHzybk+JQNeXV+GohzPadDdQCk+BfY/JdHsF
7f9trV4mEGUA9rMJ+DWDOOFTpGHXFa9xzGG0XmFrrb0NS8Sb4ZOnqQjf/UM=
-----END CERTIFICATE-----