Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3e3ac4b-4b6c-4057-948d-01136126f009.roa
File:                     b3e3ac4b-4b6c-4057-948d-01136126f009.roa (raw, json)
Hash identifier:          ChtZlZrTH7pqXvNyUn/EbRfLl75Zwr65KD5Ne63Zdz8=
Subject key identifier:   7E:6B:D5:71:63:28:77:BC:7E:24:FD:91:51:D2:3E:8A:72:22:38:9E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       525487EEC816829ED4DE433F10B17C95BA2965B3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3e3ac4b-4b6c-4057-948d-01136126f009.roa
Signing time:             Mon 20 Oct 2025 00:11:24 +0000
ROA not before:           Mon 20 Oct 2025 00:11:24 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.159.144.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:54:87:ee:c8:16:82:9e:d4:de:43:3f:10:b1:7c:95:ba:29:65:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 00:11:24 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=a87b0177db93791e37b949e2bbedbccb10685f6fc98d2549ca281e32b484c6d4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:6f:e0:80:45:d6:b2:78:f5:e5:fc:86:fc:19:
                    8d:66:85:09:49:bc:77:fa:d3:24:0c:c9:f4:e4:84:
                    78:56:11:fd:a6:70:13:7f:09:ad:52:1e:76:90:78:
                    b0:b7:1e:b9:4b:45:97:6e:a9:3a:8f:4a:bc:7d:cb:
                    5d:bc:d2:65:59:e1:d1:f3:04:98:a4:bd:a6:ae:11:
                    af:23:6a:94:52:4d:fc:12:e4:e5:39:37:44:6a:3b:
                    7b:fa:23:13:49:ed:41:6f:43:13:fe:85:b5:48:66:
                    0f:75:bc:cd:2d:d5:13:97:c2:9b:03:17:47:fb:b1:
                    d3:b8:74:2a:af:ec:46:ea:2a:b9:31:14:62:df:26:
                    85:42:2a:5e:4c:9e:1c:6b:82:42:14:0f:b3:d9:f6:
                    59:1f:ea:3d:58:e3:13:7c:44:ec:08:e6:76:19:d7:
                    d8:ba:d7:90:5b:19:02:db:1f:81:aa:a5:7c:74:e4:
                    4c:bc:e6:be:48:d1:30:ee:6a:af:18:a7:58:21:31:
                    95:4f:a1:ce:fe:c7:55:a1:d0:17:50:88:7a:93:09:
                    3e:fd:f1:13:e1:9f:c0:85:aa:cd:51:7f:dc:bd:15:
                    02:49:ee:d7:ba:ac:54:18:f8:78:69:bd:a5:b3:4e:
                    f5:b1:8c:c8:7e:97:3b:66:9a:ce:53:58:25:9c:1c:
                    fd:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:6B:D5:71:63:28:77:BC:7E:24:FD:91:51:D2:3E:8A:72:22:38:9E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3e3ac4b-4b6c-4057-948d-01136126f009.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.159.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         c9:3e:b7:9e:82:5b:ab:c6:58:e2:66:f8:10:f3:80:86:b5:02:
         68:34:8a:c2:e7:c1:5b:f7:04:cb:a2:13:8f:35:dc:99:c5:9b:
         37:7e:69:a9:3b:1a:0c:bc:af:b5:bd:2c:76:19:ca:f2:09:81:
         ed:45:84:b2:c4:ff:5c:bc:fc:b4:67:1c:9f:f4:a0:8d:9c:e7:
         15:96:22:4c:8f:66:a4:92:e6:83:8d:d6:89:04:da:97:94:08:
         2b:b4:e4:b0:2f:aa:55:35:fa:ac:26:30:ca:7d:aa:57:91:a3:
         76:ed:09:97:4e:56:a8:cc:d2:b1:c5:b4:cd:3c:32:0e:f4:14:
         3c:7c:4f:22:9e:49:a7:e4:bc:5d:7b:82:8a:a3:92:61:43:6f:
         17:b7:3a:a3:53:d6:39:97:0c:72:08:f3:12:e7:3c:88:e3:08:
         4c:1f:d5:39:89:af:9e:93:94:be:67:77:23:e4:fd:26:43:59:
         32:df:41:f4:ce:34:18:21:11:9b:55:15:3c:c5:fe:22:98:61:
         e2:1c:36:56:02:5b:5e:15:10:99:ad:b2:4a:ee:5c:e5:25:dc:
         5e:e8:2a:71:72:f1:5b:80:50:7c:af:b5:f9:e4:ec:c9:5c:ae:
         a0:2e:a0:af:f5:9f:32:ec:fb:cf:89:51:d8:d7:8a:33:43:6b:
         d6:43:91:15
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUlSH7sgWgp7U3kM/ELF8lbopZbMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDAxMTI0WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhODdiMDE3N2RiOTM3OTFlMzdiOTQ5ZTJiYmVkYmNjYjEw
Njg1ZjZmYzk4ZDI1NDljYTI4MWUzMmI0ODRjNmQ0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRb+CARdayePXl/Ib8GY1mhQlJvHf60yQMyfTkhHhWEf2m
cBN/Ca1SHnaQeLC3HrlLRZduqTqPSrx9y1280mVZ4dHzBJikvaauEa8japRSTfwS
5OU5N0RqO3v6IxNJ7UFvQxP+hbVIZg91vM0t1ROXwpsDF0f7sdO4dCqv7EbqKrkx
FGLfJoVCKl5MnhxrgkIUD7PZ9lkf6j1Y4xN8ROwI5nYZ19i615BbGQLbH4GqpXx0
5Ey85r5I0TDuaq8Yp1ghMZVPoc7+x1Wh0BdQiHqTCT798RPhn8CFqs1Rf9y9FQJJ
7te6rFQY+HhpvaWzTvWxjMh+lztmms5TWCWcHP0LAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfmvVcWMod7x+JP2RUdI+inIiOJ4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IzZTNhYzRiLTRiNmMtNDA1Ny05NDhkLTAxMTM2MTI2ZjAwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANsn5AwDQYJKoZIhvcNAQELBQADggEBAMk+t56CW6vGWOJm+BDzgIa1Amg0
isLnwVv3BMuiE4813JnFmzd+aak7Ggy8r7W9LHYZyvIJge1FhLLE/1y8/LRnHJ/0
oI2c5xWWIkyPZqSS5oON1okE2peUCCu05LAvqlU1+qwmMMp9qleRo3btCZdOVqjM
0rHFtM08Mg70FDx8TyKeSafkvF17goqjkmFDbxe3OqNT1jmXDHII8xLnPIjjCEwf
1TmJr56TlL5ndyPk/SZDWTLfQfTONBghEZtVFTzF/iKYYeIcNlYCW14VEJmtskru
XOUl3F7oKnFy8VuAUHyvtfnk7MlcrqAuoK/1nzLs+8+JUdjXijNDa9ZDkRU=
-----END CERTIFICATE-----