Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a368a9d8-e3ac-4c56-bf59-281fdb74f6e1.roa
File:                     a368a9d8-e3ac-4c56-bf59-281fdb74f6e1.roa (raw, json)
Hash identifier:          Ws078mPN+Gj/0s/4fkXn+oCzQPw78+iMM2hAUWFxJjo=
Subject key identifier:   AB:D8:A9:61:8D:6E:91:08:56:98:BC:A9:92:49:95:03:C4:16:36:B0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       768364622208BC6ECA2DE1832CB203A497957443
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a368a9d8-e3ac-4c56-bf59-281fdb74f6e1.roa
Signing time:             Mon 20 Oct 2025 01:40:53 +0000
ROA not before:           Mon 20 Oct 2025 01:40:53 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.159.202.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:83:64:62:22:08:bc:6e:ca:2d:e1:83:2c:b2:03:a4:97:95:74:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 01:40:53 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=5a0f5bc9e76fbff6aff6716c2662c798239263d0f7ca503b3165dde9419cb278, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:fb:0f:e3:e1:98:13:c5:60:10:24:43:64:01:
                    60:43:91:0d:4d:b3:b6:94:61:a6:f3:88:9c:52:5a:
                    57:a0:e5:44:03:8a:56:8f:5d:02:80:72:53:22:16:
                    de:58:9b:a0:36:29:dd:ac:1c:a1:10:30:55:60:a4:
                    39:e7:11:b8:42:ee:85:b8:6c:4c:46:2a:99:02:78:
                    a9:33:94:51:36:3a:6a:0d:5a:ad:60:00:42:b6:bd:
                    a7:a6:eb:37:d8:ac:e1:82:2c:0d:e6:f7:f2:27:10:
                    76:b5:c4:2a:66:38:fe:99:15:ce:f0:45:fe:4e:f5:
                    55:0e:13:42:c6:9f:5a:74:32:ef:de:cd:ae:9d:40:
                    8c:b1:d8:14:6c:48:de:7f:70:cf:21:56:8f:11:d4:
                    df:b8:3b:7f:eb:8b:67:dc:44:d2:e8:0f:95:f0:65:
                    d0:2e:91:bc:4f:c4:e4:6f:ed:fd:16:7c:ba:1f:73:
                    bb:0a:9b:5d:40:e3:c7:8e:31:b4:0f:e9:eb:a3:3c:
                    7f:be:ca:76:4f:33:dc:3c:d4:f1:e1:92:9d:0e:bd:
                    fb:a9:8a:1d:dd:1a:ea:c5:8f:ec:c1:ec:e5:11:45:
                    6d:05:1f:5b:43:f8:c2:f3:a4:dc:fb:7e:3c:bc:59:
                    a5:d0:b8:93:5c:59:d8:95:5b:56:42:42:df:a0:b6:
                    43:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:D8:A9:61:8D:6E:91:08:56:98:BC:A9:92:49:95:03:C4:16:36:B0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a368a9d8-e3ac-4c56-bf59-281fdb74f6e1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.159.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:eb:9f:ba:78:9b:53:c0:b6:52:c4:b1:da:c2:2a:68:e0:84:
         8a:44:d2:0f:f0:ea:37:d9:27:97:1e:6a:0a:48:b5:47:bf:5d:
         68:4b:ad:39:d1:40:43:cf:c6:dc:00:0b:03:e6:27:cc:c3:3c:
         7a:6d:f7:bc:e4:fe:1d:db:8a:f5:a8:da:9c:dc:3c:15:7c:a8:
         7e:6b:38:27:43:60:5f:6f:bf:44:eb:1b:82:aa:25:63:9b:6d:
         10:3f:62:9f:50:65:54:37:db:e9:3e:8b:a9:a6:39:08:5d:42:
         a6:0e:e4:94:bf:5e:1d:3e:30:e0:f2:a2:a5:56:9a:d0:26:9d:
         e6:bd:25:5a:8b:cf:54:1d:c0:bf:1f:73:1c:7f:12:d7:3d:b0:
         20:ae:13:0d:4d:f2:ae:78:ee:10:a0:42:3e:85:f6:e8:6d:a3:
         b0:73:41:f0:78:5a:e9:d1:9f:11:36:14:ff:27:d6:b0:85:84:
         a6:d1:15:d3:e3:68:07:b6:8a:7f:03:88:a3:bb:9f:ee:e2:7e:
         99:bb:18:f8:af:75:87:47:f0:bb:8f:94:d1:98:0e:b5:84:e7:
         5d:90:ee:85:77:52:db:d2:55:77:d9:39:0c:84:16:58:40:32:
         e5:f1:5d:dc:f1:1a:a7:61:3a:d4:6a:da:51:d7:15:ca:7a:c7:
         16:c2:83:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdoNkYiIIvG7KLeGDLLIDpJeVdEMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDE0MDUzWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YTBmNWJjOWU3NmZiZmY2YWZmNjcxNmMyNjYyYzc5ODIz
OTI2M2QwZjdjYTUwM2IzMTY1ZGRlOTQxOWNiMjc4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC++w/j4ZgTxWAQJENkAWBDkQ1Ns7aUYabziJxSWleg5UQD
ilaPXQKAclMiFt5Ym6A2Kd2sHKEQMFVgpDnnEbhC7oW4bExGKpkCeKkzlFE2OmoN
Wq1gAEK2vaem6zfYrOGCLA3m9/InEHa1xCpmOP6ZFc7wRf5O9VUOE0LGn1p0Mu/e
za6dQIyx2BRsSN5/cM8hVo8R1N+4O3/ri2fcRNLoD5XwZdAukbxPxORv7f0WfLof
c7sKm11A48eOMbQP6eujPH++ynZPM9w81PHhkp0Ovfupih3dGurFj+zB7OURRW0F
H1tD+MLzpNz7fjy8WaXQuJNcWdiVW1ZCQt+gtkNJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUq9ipYY1ukQhWmLypkkmVA8QWNrAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EzNjhhOWQ4LWUzYWMtNGM1Ni1iZjU5LTI4MWZkYjc0ZjZlMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsn8owDQYJKoZIhvcNAQELBQADggEBAG/rn7p4m1PAtlLEsdrCKmjghIpE
0g/w6jfZJ5ceagpItUe/XWhLrTnRQEPPxtwACwPmJ8zDPHpt97zk/h3bivWo2pzc
PBV8qH5rOCdDYF9vv0TrG4KqJWObbRA/Yp9QZVQ32+k+i6mmOQhdQqYO5JS/Xh0+
MODyoqVWmtAmnea9JVqLz1QdwL8fcxx/Etc9sCCuEw1N8q547hCgQj6F9uhto7Bz
QfB4WunRnxE2FP8n1rCFhKbRFdPjaAe2in8DiKO7n+7ifpm7GPivdYdH8LuPlNGY
DrWE512Q7oV3UtvSVXfZOQyEFlhAMuXxXdzxGqdhOtRq2lHXFcp6xxbCg/M=
-----END CERTIFICATE-----