Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b7f8aca7-8c6a-490c-bccc-08808541126e.roa
File:                     b7f8aca7-8c6a-490c-bccc-08808541126e.roa (raw, json)
Hash identifier:          Mc2LX5RJ4Hvn1WmCjSf0gZ3yfxGqfrlzGHQZS7D7kzo=
Subject key identifier:   7F:B7:14:62:64:05:C8:5B:F4:87:B4:EA:6E:8E:49:28:33:93:C6:DA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       414B81E82949C61F149B9B8B690E2902B1033157
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b7f8aca7-8c6a-490c-bccc-08808541126e.roa
Signing time:             Mon 20 Oct 2025 02:32:28 +0000
ROA not before:           Mon 20 Oct 2025 02:32:28 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.157.211.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:4b:81:e8:29:49:c6:1f:14:9b:9b:8b:69:0e:29:02:b1:03:31:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 02:32:28 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=71ad8fb20c8cd5e0179f9070fa4ccdfa5da53e6e62980ad7538bdd125cce6233, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:f5:cc:33:65:9a:5e:48:fe:80:99:d6:da:a2:
                    8c:5b:1c:d2:23:aa:13:39:c1:d5:e0:af:59:7a:19:
                    16:b2:04:61:d2:e6:9b:b0:d4:10:b7:42:be:39:42:
                    83:e1:35:c3:59:0c:fc:2a:37:dd:c0:21:03:d7:d9:
                    2e:df:e8:cb:c3:09:45:69:ef:60:2f:da:20:0f:e6:
                    62:ca:a5:36:c2:d8:e1:a0:c9:9d:9c:ef:a9:c3:01:
                    7e:9a:cf:96:77:61:e5:2b:8f:26:b5:24:e8:26:2b:
                    95:ae:a7:70:37:c3:82:21:fb:ef:94:dd:10:d0:ae:
                    ff:50:63:52:56:27:ee:28:27:2a:b7:78:ed:02:e5:
                    b8:9d:b3:7e:ba:3a:54:bb:4d:1e:6b:d9:21:0a:95:
                    82:52:d2:a5:fb:67:f9:1f:b6:f2:8e:c7:ff:c2:06:
                    fd:75:5e:a4:50:17:ab:5f:2b:f0:9f:0d:6b:81:dc:
                    4a:92:f8:c9:50:71:ee:f7:70:e4:cd:a3:fd:c4:29:
                    94:8d:ca:27:c6:07:2a:03:a5:45:4d:34:e6:78:76:
                    c3:dc:33:2f:7e:ca:d2:27:1d:1b:af:cf:32:57:24:
                    bc:bf:4d:d8:32:e0:69:3e:e6:23:5b:5c:ca:e9:9b:
                    7e:6c:f0:92:2b:50:75:21:03:69:33:d1:ff:14:f2:
                    e5:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:B7:14:62:64:05:C8:5B:F4:87:B4:EA:6E:8E:49:28:33:93:C6:DA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b7f8aca7-8c6a-490c-bccc-08808541126e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.157.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:e1:ef:8b:93:d0:70:89:5f:98:5e:54:3f:51:5f:dc:35:90:
         f2:2c:fc:2d:a2:82:40:70:d3:fd:90:37:f3:ab:9b:7d:d0:b5:
         36:4e:bd:1d:a8:fb:38:3b:f3:fc:6b:42:7d:20:7f:90:32:b2:
         b5:a8:cf:a2:ee:b2:72:0d:d1:7d:c0:0f:ad:58:dc:b6:b9:f6:
         67:bb:7c:38:45:84:78:e0:7d:74:34:ab:87:de:0d:2d:d1:2e:
         f8:f4:8a:0a:02:e8:91:1b:c3:fd:94:85:b8:d6:3e:23:02:63:
         b0:67:b6:f7:92:e1:04:50:5e:aa:60:f1:f1:ea:81:c2:56:bb:
         a6:f2:86:7a:1c:ff:54:c5:af:98:40:6e:f9:6f:b0:dd:22:d5:
         a4:4b:db:2c:3f:d7:88:f1:2a:2e:55:e0:e0:32:12:4a:8f:ef:
         c1:e6:84:bd:41:3a:98:f8:5d:d4:8f:cd:a1:29:d0:47:79:53:
         46:bd:5c:c1:bb:fd:aa:5d:87:d6:e0:98:d5:f3:2f:43:56:f4:
         b6:39:72:bd:68:8d:b0:e9:c6:4a:0c:7f:cb:e8:25:51:1b:0c:
         0f:f7:0a:39:b2:d9:ae:e3:c5:a5:c0:42:13:99:3e:89:41:72:
         38:aa:fd:3a:be:e4:71:97:f7:4d:bc:ab:23:3f:d2:d3:ca:60:
         88:77:60:6c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQUuB6ClJxh8Um5uLaQ4pArEDMVcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDIzMjI4WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MWFkOGZiMjBjOGNkNWUwMTc5ZjkwNzBmYTRjY2RmYTVk
YTUzZTZlNjI5ODBhZDc1MzhiZGQxMjVjY2U2MjMzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCG9cwzZZpeSP6AmdbaooxbHNIjqhM5wdXgr1l6GRayBGHS
5puw1BC3Qr45QoPhNcNZDPwqN93AIQPX2S7f6MvDCUVp72Av2iAP5mLKpTbC2OGg
yZ2c76nDAX6az5Z3YeUrjya1JOgmK5Wup3A3w4Ih+++U3RDQrv9QY1JWJ+4oJyq3
eO0C5bids366OlS7TR5r2SEKlYJS0qX7Z/kftvKOx//CBv11XqRQF6tfK/CfDWuB
3EqS+MlQce73cOTNo/3EKZSNyifGByoDpUVNNOZ4dsPcMy9+ytInHRuvzzJXJLy/
Tdgy4Gk+5iNbXMrpm35s8JIrUHUhA2kz0f8U8uWhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUf7cUYmQFyFv0h7Tqbo5JKDOTxtowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I3ZjhhY2E3LThjNmEtNDkwYy1iY2NjLTA4ODA4NTQxMTI2ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsndMwDQYJKoZIhvcNAQELBQADggEBACDh74uT0HCJX5heVD9RX9w1kPIs
/C2igkBw0/2QN/Orm33QtTZOvR2o+zg78/xrQn0gf5AysrWoz6LusnIN0X3AD61Y
3La59me7fDhFhHjgfXQ0q4feDS3RLvj0igoC6JEbw/2UhbjWPiMCY7BntveS4QRQ
Xqpg8fHqgcJWu6byhnoc/1TFr5hAbvlvsN0i1aRL2yw/14jxKi5V4OAyEkqP78Hm
hL1BOpj4XdSPzaEp0Ed5U0a9XMG7/apdh9bgmNXzL0NW9LY5cr1ojbDpxkoMf8vo
JVEbDA/3Cjmy2a7jxaXAQhOZPolBcjiq/Tq+5HGX9028qyM/0tPKYIh3YGw=
-----END CERTIFICATE-----