Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf71fcf6-fff6-456f-b308-03ca2a77fb36.roa
File:                     bf71fcf6-fff6-456f-b308-03ca2a77fb36.roa (raw, json)
Hash identifier:          wR1JCPYfnpqrVni5fVpxw7OYcGidlrOYd7znemhIV3o=
Subject key identifier:   C5:6D:07:84:70:83:E8:45:80:59:8E:86:E3:4E:1C:9D:FB:4B:72:C9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5180C4320C52E385C567CF337B63AD444880F19F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf71fcf6-fff6-456f-b308-03ca2a77fb36.roa
Signing time:             Mon 20 Oct 2025 01:51:06 +0000
ROA not before:           Mon 20 Oct 2025 01:51:06 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.156.100.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:80:c4:32:0c:52:e3:85:c5:67:cf:33:7b:63:ad:44:48:80:f1:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 01:51:06 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=1497d5e4a053be9275edb8f31e4b34e91cdb98b1ce1ab95106c186d784a5fd31, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b1:c9:1e:9f:b8:75:5e:a8:f4:54:c8:a0:bf:
                    7b:0d:35:2a:d5:6d:6f:38:45:de:73:e5:0a:d7:26:
                    72:a0:b8:8e:ed:f1:47:d9:29:74:4f:4b:bc:de:d6:
                    ad:c4:a4:eb:ea:b0:ee:eb:e7:6b:e2:54:23:5d:11:
                    bf:85:0b:2b:5e:99:04:6d:60:e2:70:b6:75:f6:a5:
                    02:f1:49:36:6b:c9:da:22:66:62:08:24:45:e9:a2:
                    1c:3e:f8:2b:de:a3:52:cb:63:06:4f:e7:bf:b2:65:
                    e7:d0:18:54:1f:52:7c:9a:9d:d6:7d:00:56:1c:77:
                    8b:a5:73:ea:4a:1f:8a:3e:50:83:bc:38:16:84:e3:
                    b6:06:5e:f5:36:90:91:4c:fa:bf:62:00:ab:88:5b:
                    82:d5:fb:4f:78:97:83:ff:90:24:cd:69:e5:a7:51:
                    55:b9:5e:55:a3:af:a4:64:64:8c:1c:ec:1d:54:23:
                    37:38:79:a5:ed:21:23:cd:33:88:bb:b6:92:10:4e:
                    99:1f:c9:dd:4a:ef:d8:5e:6e:84:68:c8:81:67:27:
                    ba:8b:47:06:4c:e3:64:38:bb:24:84:0f:92:10:e9:
                    5d:46:56:5d:3d:08:47:a6:d6:91:fe:20:60:46:72:
                    9e:ca:55:6c:e9:ec:2c:79:92:fc:c6:51:69:ab:b2:
                    5e:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:6D:07:84:70:83:E8:45:80:59:8E:86:E3:4E:1C:9D:FB:4B:72:C9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf71fcf6-fff6-456f-b308-03ca2a77fb36.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.156.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:68:1e:d7:c4:5f:f9:c7:80:f5:d7:92:b5:43:0f:9b:3a:51:
         33:02:0d:ff:d8:7b:93:bd:75:81:02:81:a7:f7:b3:e3:0b:85:
         94:a5:6f:8b:3f:db:75:f3:e5:d4:d5:bb:44:a2:52:f0:ea:c5:
         1d:cb:55:d5:ba:47:da:ca:73:c3:04:ac:42:61:65:4e:7f:df:
         ab:47:f5:b9:97:eb:de:96:93:ac:19:f0:f3:7f:fb:c2:d0:ca:
         ab:8b:81:70:ec:14:c5:46:cb:fc:e0:c5:3f:ed:e5:3c:dc:fa:
         8c:21:d7:d7:6d:04:16:4d:be:14:f7:08:7d:1b:84:c7:14:4a:
         40:32:3e:40:a4:c7:74:88:a2:03:c0:b2:28:8a:31:d2:56:02:
         e6:2a:c4:e1:b1:fa:22:65:09:86:7b:d9:63:9a:7c:43:ea:7e:
         43:4c:cf:0e:68:ec:29:79:31:3f:ea:b4:3f:9e:23:c1:04:cb:
         ac:83:3a:a6:9d:a8:bf:ae:43:10:de:0d:c5:9d:f1:2f:2f:59:
         73:c2:92:b7:da:90:e0:1a:cd:f7:2a:28:2d:ed:a3:a1:d9:ce:
         47:24:e7:d7:71:a9:68:be:26:7b:13:34:92:55:92:57:bd:a6:
         d6:44:b7:4a:02:94:4f:9d:71:a7:a5:9d:3f:02:48:76:4e:dd:
         ae:a2:49:cf
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUYDEMgxS44XFZ88ze2OtREiA8Z8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDE1MTA2WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNDk3ZDVlNGEwNTNiZTkyNzVlZGI4ZjMxZTRiMzRlOTFj
ZGI5OGIxY2UxYWI5NTEwNmMxODZkNzg0YTVmZDMxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4scken7h1Xqj0VMigv3sNNSrVbW84Rd5z5QrXJnKguI7t
8UfZKXRPS7ze1q3EpOvqsO7r52viVCNdEb+FCytemQRtYOJwtnX2pQLxSTZrydoi
ZmIIJEXpohw++Cveo1LLYwZP57+yZefQGFQfUnyandZ9AFYcd4ulc+pKH4o+UIO8
OBaE47YGXvU2kJFM+r9iAKuIW4LV+094l4P/kCTNaeWnUVW5XlWjr6RkZIwc7B1U
Izc4eaXtISPNM4i7tpIQTpkfyd1K79heboRoyIFnJ7qLRwZM42Q4uySED5IQ6V1G
Vl09CEem1pH+IGBGcp7KVWzp7Cx5kvzGUWmrsl7tAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxW0HhHCD6EWAWY6G404cnftLcskwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JmNzFmY2Y2LWZmZjYtNDU2Zi1iMzA4LTAzY2EyYTc3ZmIzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJsnGQwDQYJKoZIhvcNAQELBQADggEBABFoHtfEX/nHgPXXkrVDD5s6UTMC
Df/Ye5O9dYECgaf3s+MLhZSlb4s/23Xz5dTVu0SiUvDqxR3LVdW6R9rKc8MErEJh
ZU5/36tH9bmX696Wk6wZ8PN/+8LQyquLgXDsFMVGy/zgxT/t5Tzc+owh19dtBBZN
vhT3CH0bhMcUSkAyPkCkx3SIogPAsiiKMdJWAuYqxOGx+iJlCYZ72WOafEPqfkNM
zw5o7Cl5MT/qtD+eI8EEy6yDOqadqL+uQxDeDcWd8S8vWXPCkrfakOAazfcqKC3t
o6HZzkck59dxqWi+JnsTNJJVkle9ptZEt0oClE+dcaelnT8CSHZO3a6iSc8=
-----END CERTIFICATE-----