Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ad3a1fd3-6252-41a2-8e26-33525dcaf158.roa
File:                     ad3a1fd3-6252-41a2-8e26-33525dcaf158.roa (raw, json)
Hash identifier:          2nCZPGmXcVPm1M/+xgpGV5IBjyf7o5OtVkuSJyHYhjo=
Subject key identifier:   BE:DD:FE:F9:7D:47:E4:7F:52:73:B8:1E:3B:23:DE:D8:9D:A0:01:AC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2A1A1FF1E506A0FDD9C1A1ED72A1F14ACE04BA80
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ad3a1fd3-6252-41a2-8e26-33525dcaf158.roa
Signing time:             Mon 20 Oct 2025 04:01:02 +0000
ROA not before:           Mon 20 Oct 2025 04:01:02 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.159.136.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:1a:1f:f1:e5:06:a0:fd:d9:c1:a1:ed:72:a1:f1:4a:ce:04:ba:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 04:01:02 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=7c78074ab4a7645f462a6873bdbd39ba286670141fdec63d80fff04ee9e7ff84, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:93:63:a8:d6:70:1c:9c:51:f7:77:93:14:15:
                    7e:11:e7:90:2a:c7:23:ae:80:bc:8e:1c:a1:ff:24:
                    70:0c:09:7a:5e:09:23:61:39:43:88:15:b7:db:02:
                    63:73:8f:0a:00:26:fd:f3:65:ba:fd:48:d8:33:d4:
                    bb:c3:d2:00:ec:bb:d2:95:1b:c7:98:a3:be:ca:65:
                    e3:fc:68:a5:ec:d5:f5:db:be:1e:11:01:e4:20:c1:
                    1e:08:ac:0c:44:39:31:07:ea:22:21:70:ec:fc:69:
                    f9:2a:32:48:65:c7:ae:73:5c:ac:21:8a:b3:e6:3e:
                    7e:ac:f1:43:a1:84:d2:4c:d4:2f:6b:89:21:c8:f0:
                    f4:b6:8b:fc:97:55:e7:6c:1b:fd:3b:29:3f:1a:e4:
                    38:55:22:a4:6e:b4:8b:94:f0:8e:d3:25:3b:7e:3e:
                    75:d2:f7:2f:dd:dd:ae:d7:28:82:12:ef:3e:72:52:
                    bc:25:19:d5:d8:34:76:aa:b1:01:f9:b9:03:84:ad:
                    75:2c:59:ac:6f:9b:42:e0:ed:aa:a9:d9:a3:36:30:
                    0a:53:40:92:7d:f9:b7:7a:cc:28:86:99:dc:19:47:
                    69:6a:63:39:f8:fb:c7:ce:fb:18:a1:d9:2c:32:35:
                    bd:79:6c:5c:d8:fc:f8:31:8c:94:a0:26:26:99:03:
                    a8:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:DD:FE:F9:7D:47:E4:7F:52:73:B8:1E:3B:23:DE:D8:9D:A0:01:AC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ad3a1fd3-6252-41a2-8e26-33525dcaf158.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.159.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:f4:76:6f:b4:b0:12:1b:9c:a2:f1:2c:fc:81:1f:9c:81:cb:
         90:ed:6d:42:47:68:e7:a0:b2:8c:5f:90:7c:cd:1b:23:ae:52:
         99:6b:ef:19:87:2f:e9:0e:a5:f1:e8:1b:0e:96:fb:36:c8:a9:
         8b:5e:5d:11:1d:ea:35:a0:83:ba:05:ee:3b:77:3e:b8:0f:1a:
         4f:b9:6d:5a:60:b8:ff:fe:20:f7:2a:8e:67:07:61:65:61:c3:
         49:42:44:11:a4:58:ff:fd:bf:7a:2b:27:d4:9c:01:77:99:7e:
         2b:e8:51:55:55:e6:df:b3:1d:e0:1c:ea:ca:93:66:56:b9:39:
         02:92:61:78:65:34:a5:88:a2:c3:7e:b3:8d:a8:7b:27:a2:85:
         f3:66:2b:5f:f4:01:c2:4e:cb:e9:55:16:13:6a:48:82:7e:0b:
         2e:94:9b:84:78:a1:5c:f2:f0:15:a5:92:2a:1f:12:8c:ab:c5:
         72:f8:22:2e:ab:0c:fb:8b:d4:5b:97:d0:a9:80:60:48:95:66:
         01:83:90:27:2c:b9:70:59:cd:21:13:9f:4b:bd:0d:36:c8:bd:
         85:fc:08:c5:88:80:75:91:08:dd:60:0b:63:af:d5:0c:4f:30:
         28:e7:86:30:02:18:66:96:8a:37:18:4c:bb:92:5d:c9:b0:d6:
         fc:99:fc:f8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKhof8eUGoP3ZwaHtcqHxSs4EuoAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDQwMTAyWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3Yzc4MDc0YWI0YTc2NDVmNDYyYTY4NzNiZGJkMzliYTI4
NjY3MDE0MWZkZWM2M2Q4MGZmZjA0ZWU5ZTdmZjg0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+k2Oo1nAcnFH3d5MUFX4R55AqxyOugLyOHKH/JHAMCXpe
CSNhOUOIFbfbAmNzjwoAJv3zZbr9SNgz1LvD0gDsu9KVG8eYo77KZeP8aKXs1fXb
vh4RAeQgwR4IrAxEOTEH6iIhcOz8afkqMkhlx65zXKwhirPmPn6s8UOhhNJM1C9r
iSHI8PS2i/yXVedsG/07KT8a5DhVIqRutIuU8I7TJTt+PnXS9y/d3a7XKIIS7z5y
UrwlGdXYNHaqsQH5uQOErXUsWaxvm0Lg7aqp2aM2MApTQJJ9+bd6zCiGmdwZR2lq
Yzn4+8fO+xih2SwyNb15bFzY/PgxjJSgJiaZA6ifAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvt3++X1H5H9Sc7geOyPe2J2gAawwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FkM2ExZmQzLTYyNTItNDFhMi04ZTI2LTMzNTI1ZGNhZjE1OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsn4gwDQYJKoZIhvcNAQELBQADggEBAF70dm+0sBIbnKLxLPyBH5yBy5Dt
bUJHaOegsoxfkHzNGyOuUplr7xmHL+kOpfHoGw6W+zbIqYteXREd6jWgg7oF7jt3
PrgPGk+5bVpguP/+IPcqjmcHYWVhw0lCRBGkWP/9v3orJ9ScAXeZfivoUVVV5t+z
HeAc6sqTZla5OQKSYXhlNKWIosN+s42oeyeihfNmK1/0AcJOy+lVFhNqSIJ+Cy6U
m4R4oVzy8BWlkiofEoyrxXL4Ii6rDPuL1FuX0KmAYEiVZgGDkCcsuXBZzSETn0u9
DTbIvYX8CMWIgHWRCN1gC2Ov1QxPMCjnhjACGGaWijcYTLuSXcmw1vyZ/Pg=
-----END CERTIFICATE-----