Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/adc074e8-0f6c-40b0-8250-0e9773e625ee.roa
File:                     adc074e8-0f6c-40b0-8250-0e9773e625ee.roa (raw, json)
Hash identifier:          DSsBaBaoBRyNqdCEEWEZ3gX77PW0KkeJO5ouzD2Y9uQ=
Subject key identifier:   3E:C7:D3:DB:DC:B3:3B:75:72:B3:4D:F9:2A:F2:89:99:E6:CC:E5:1F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       58670553EB87E4D3ACF7EEDCCC3847FAF83BFC13
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/adc074e8-0f6c-40b0-8250-0e9773e625ee.roa
Signing time:             Mon 20 Oct 2025 05:50:47 +0000
ROA not before:           Mon 20 Oct 2025 05:50:47 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.159.192.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:67:05:53:eb:87:e4:d3:ac:f7:ee:dc:cc:38:47:fa:f8:3b:fc:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 05:50:47 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=a1a3a57c326c8d52cc4c459de05a2f85e10dd17299b14298b1ec16b43a298bf9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:f9:00:3e:ee:77:03:1d:fb:34:bb:40:8a:09:
                    d5:ab:03:6d:89:b1:1a:29:bf:4b:76:e5:09:b7:28:
                    1a:2a:d8:e2:d4:58:22:63:41:82:de:1d:30:1e:e9:
                    6c:e8:09:aa:2b:95:12:b5:7a:74:51:cb:4f:73:f3:
                    94:f4:5f:e6:c9:0d:c5:5f:7b:41:0a:10:29:e9:d1:
                    db:97:6b:e5:9b:18:67:c0:de:b1:1d:60:75:b7:6e:
                    8f:bc:92:19:3d:18:d9:d6:41:de:37:69:1e:43:6c:
                    1a:ec:6c:68:d1:ec:0a:c0:46:72:7e:4d:45:46:a0:
                    29:3f:dd:3f:b0:eb:eb:e6:46:45:83:01:e5:87:c2:
                    39:38:d4:3a:c0:a7:f8:3e:55:16:93:78:07:4b:bd:
                    07:95:83:b8:ee:79:06:6e:6f:3f:f9:1d:35:7c:ad:
                    5d:56:08:fe:42:84:4b:87:2b:92:14:2f:66:60:72:
                    8f:e7:7c:c8:1b:5c:cf:54:0b:64:2a:bd:78:bb:88:
                    ba:be:31:5e:00:d7:2e:1a:32:4e:22:47:05:41:db:
                    af:d6:46:ab:e4:f1:cc:55:ec:24:c2:f1:32:54:ee:
                    85:43:6d:89:05:30:3c:9e:86:dc:62:28:77:2c:e6:
                    46:c0:d5:08:57:35:92:ae:05:62:b9:1f:aa:51:d4:
                    3e:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:C7:D3:DB:DC:B3:3B:75:72:B3:4D:F9:2A:F2:89:99:E6:CC:E5:1F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/adc074e8-0f6c-40b0-8250-0e9773e625ee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.159.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         d6:a9:21:f6:6f:cd:1f:09:49:ef:a5:5e:a2:7d:af:09:71:ee:
         2f:f8:ac:41:e7:80:71:bb:a9:3f:d4:87:3d:61:3a:58:fd:24:
         d1:e8:68:92:27:dc:46:4a:89:04:c4:e2:85:2d:f7:9e:4b:2e:
         77:f9:78:3f:27:cb:5f:fc:40:c4:10:6e:b2:e1:be:89:07:5e:
         99:fc:18:1d:9b:11:e3:ab:e6:20:36:e9:64:a0:a0:64:a3:b5:
         6f:ef:be:ae:6c:2e:19:89:0e:a0:33:f9:8c:22:db:8c:2d:c9:
         21:02:60:49:18:5a:e0:24:5a:37:3b:52:b2:44:8e:46:15:84:
         c0:32:eb:9d:6f:bc:17:bd:04:ab:17:3b:93:a1:6c:9b:1e:5f:
         28:26:af:a7:d5:d5:4a:16:ab:bd:b2:ad:dc:32:88:c7:05:80:
         98:7c:e8:5f:69:8d:e5:e8:37:a0:c4:f1:75:30:c2:2e:67:f3:
         fb:80:8d:14:93:ae:9f:e9:bc:35:5f:33:f7:8f:9e:6b:b8:6c:
         ff:0c:6b:b3:d5:7a:02:86:73:20:aa:48:85:e9:36:b9:ce:83:
         a4:02:0c:70:44:ad:f6:fb:b4:50:b1:7c:6a:7f:58:99:4d:d7:
         56:cb:6e:71:b2:04:e8:aa:7a:b4:30:5b:70:0f:a0:c8:d2:88:
         b2:02:f5:ea
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWGcFU+uH5NOs9+7czDhH+vg7/BMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDU1MDQ3WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMWEzYTU3YzMyNmM4ZDUyY2M0YzQ1OWRlMDVhMmY4NWUx
MGRkMTcyOTliMTQyOThiMWVjMTZiNDNhMjk4YmY5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDx+QA+7ncDHfs0u0CKCdWrA22JsRopv0t25Qm3KBoq2OLU
WCJjQYLeHTAe6WzoCaorlRK1enRRy09z85T0X+bJDcVfe0EKECnp0duXa+WbGGfA
3rEdYHW3bo+8khk9GNnWQd43aR5DbBrsbGjR7ArARnJ+TUVGoCk/3T+w6+vmRkWD
AeWHwjk41DrAp/g+VRaTeAdLvQeVg7jueQZubz/5HTV8rV1WCP5ChEuHK5IUL2Zg
co/nfMgbXM9UC2QqvXi7iLq+MV4A1y4aMk4iRwVB26/WRqvk8cxV7CTC8TJU7oVD
bYkFMDyehtxiKHcs5kbA1QhXNZKuBWK5H6pR1D6xAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPsfT29yzO3Vys035KvKJmebM5R8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FkYzA3NGU4LTBmNmMtNDBiMC04MjUwLTBlOTc3M2U2MjVlZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARsn8AwDQYJKoZIhvcNAQELBQADggEBANapIfZvzR8JSe+lXqJ9rwlx7i/4
rEHngHG7qT/Uhz1hOlj9JNHoaJIn3EZKiQTE4oUt955LLnf5eD8ny1/8QMQQbrLh
vokHXpn8GB2bEeOr5iA26WSgoGSjtW/vvq5sLhmJDqAz+Ywi24wtySECYEkYWuAk
Wjc7UrJEjkYVhMAy651vvBe9BKsXO5OhbJseXygmr6fV1UoWq72yrdwyiMcFgJh8
6F9pjeXoN6DE8XUwwi5n8/uAjRSTrp/pvDVfM/ePnmu4bP8Ma7PVegKGcyCqSIXp
NrnOg6QCDHBErfb7tFCxfGp/WJlN11bLbnGyBOiqerQwW3APoMjSiLIC9eo=
-----END CERTIFICATE-----