Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c35a37d4-a4dc-43f7-ae78-7d5a50854acf.roa
File:                     c35a37d4-a4dc-43f7-ae78-7d5a50854acf.roa (raw, json)
Hash identifier:          hWeK/yHQ/+mej2kubmiea11E2zKCdagmbcfsQUoSj+0=
Subject key identifier:   24:42:5C:BF:59:DE:D3:90:A7:42:30:2E:05:24:0D:F2:5E:F0:93:31
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7ABD1D9FFBBB7766C9B900DD1DC8A5F945AF9ECD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c35a37d4-a4dc-43f7-ae78-7d5a50854acf.roa
Signing time:             Mon 20 Oct 2025 03:40:10 +0000
ROA not before:           Mon 20 Oct 2025 03:40:10 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.159.236.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:bd:1d:9f:fb:bb:77:66:c9:b9:00:dd:1d:c8:a5:f9:45:af:9e:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 03:40:10 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=8f9d2c1f5b212470d9a0cb723c0c40b0d29b5c0e7b0e2d27169751ec2810fb6b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:0d:fd:05:b6:2a:01:ab:04:8c:5d:d5:fa:e4:
                    d0:c2:6d:d5:44:75:2f:95:c8:fd:34:33:37:69:51:
                    08:1a:01:93:5f:b7:8c:b0:73:20:f6:5a:e7:5e:aa:
                    f3:96:6a:72:5b:a1:87:6f:29:ed:e8:10:26:93:60:
                    bd:7a:9b:9b:57:c6:d6:6a:bc:58:76:96:a7:4c:7e:
                    c3:a9:0c:b6:b2:e6:02:6e:27:f5:6a:93:15:46:76:
                    39:68:66:92:de:72:00:33:92:21:ab:75:31:b5:ac:
                    f7:9d:12:98:d1:6e:3a:aa:73:c0:61:f8:f8:05:67:
                    65:df:f8:d4:eb:5c:bf:49:c1:df:8f:ea:d5:d1:3d:
                    02:c6:7c:c2:93:a5:74:ff:ff:20:ac:37:03:6a:7b:
                    da:1a:08:92:53:3c:f8:7b:99:04:4f:97:31:c4:49:
                    2f:e5:08:a8:32:a7:04:f9:83:29:c3:c3:6e:f2:a1:
                    e6:17:fa:39:55:86:2f:99:43:27:42:3a:7a:d6:34:
                    9c:3b:c1:b4:38:4a:77:28:db:3d:c4:01:a8:74:3c:
                    6a:bb:5b:97:6a:16:12:ee:db:d3:c1:ef:63:f8:5d:
                    fc:94:ca:41:91:df:71:bd:32:5e:49:8f:98:b1:79:
                    d2:46:96:0c:9d:53:f0:5d:98:b2:ec:54:bb:0f:dc:
                    8b:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:42:5C:BF:59:DE:D3:90:A7:42:30:2E:05:24:0D:F2:5E:F0:93:31
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c35a37d4-a4dc-43f7-ae78-7d5a50854acf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.159.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ca:ec:09:8c:a7:92:4f:9d:b9:8b:f9:87:34:00:a9:c2:c9:66:
         bf:82:02:06:d5:c8:4c:aa:24:8b:50:3b:ab:b3:af:2f:86:2b:
         98:b6:67:f3:75:4b:bc:44:c1:88:b9:61:e2:0d:58:c4:2f:0f:
         68:89:fd:f5:96:e2:6d:83:8c:ba:05:74:80:79:63:ff:50:15:
         d8:01:03:da:55:28:1a:07:bc:34:f9:27:07:cc:49:97:ad:53:
         dd:f5:92:0a:11:45:a3:fb:f3:ad:49:3e:8b:31:2d:03:cd:62:
         a9:47:ee:6e:25:c4:fb:e0:a2:f1:c2:37:9b:d0:f7:59:27:c8:
         7f:66:c5:72:c3:cf:35:d8:7c:48:c8:77:bc:02:3f:15:34:9b:
         77:46:e8:66:eb:23:c3:1c:c2:6d:f9:42:ea:cf:f9:64:a6:6e:
         15:82:1a:a8:97:81:33:0d:cf:3a:38:4d:dd:3c:e4:2d:8f:54:
         eb:02:a5:04:0d:ff:f5:95:99:59:b0:06:fd:5b:c8:45:42:f3:
         59:80:82:ae:87:a9:71:3e:05:8c:e2:e5:a5:08:a1:d6:0b:6f:
         b9:ab:fc:38:ae:3b:e2:ad:15:05:ab:33:52:2c:e4:ec:c5:ad:
         0e:36:5f:a7:9e:87:09:50:6a:16:85:1d:a7:ad:a4:da:53:06:
         25:fc:fa:a2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUer0dn/u7d2bJuQDdHcil+UWvns0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDM0MDEwWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZjlkMmMxZjViMjEyNDcwZDlhMGNiNzIzYzBjNDBiMGQy
OWI1YzBlN2IwZTJkMjcxNjk3NTFlYzI4MTBmYjZiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbDf0FtioBqwSMXdX65NDCbdVEdS+VyP00MzdpUQgaAZNf
t4ywcyD2WudeqvOWanJboYdvKe3oECaTYL16m5tXxtZqvFh2lqdMfsOpDLay5gJu
J/VqkxVGdjloZpLecgAzkiGrdTG1rPedEpjRbjqqc8Bh+PgFZ2Xf+NTrXL9Jwd+P
6tXRPQLGfMKTpXT//yCsNwNqe9oaCJJTPPh7mQRPlzHESS/lCKgypwT5gynDw27y
oeYX+jlVhi+ZQydCOnrWNJw7wbQ4Snco2z3EAah0PGq7W5dqFhLu29PB72P4XfyU
ykGR33G9Ml5Jj5ixedJGlgydU/BdmLLsVLsP3It9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJEJcv1ne05CnQjAuBSQN8l7wkzEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MzNWEzN2Q0LWE0ZGMtNDNmNy1hZTc4LTdkNWE1MDg1NGFjZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJsn+wwDQYJKoZIhvcNAQELBQADggEBAMrsCYynkk+duYv5hzQAqcLJZr+C
AgbVyEyqJItQO6uzry+GK5i2Z/N1S7xEwYi5YeINWMQvD2iJ/fWW4m2DjLoFdIB5
Y/9QFdgBA9pVKBoHvDT5JwfMSZetU931kgoRRaP7861JPosxLQPNYqlH7m4lxPvg
ovHCN5vQ91knyH9mxXLDzzXYfEjId7wCPxU0m3dG6GbrI8Mcwm35QurP+WSmbhWC
GqiXgTMNzzo4Td085C2PVOsCpQQN//WVmVmwBv1byEVC81mAgq6HqXE+BYzi5aUI
odYLb7mr/DiuO+KtFQWrM1Is5OzFrQ42X6eehwlQahaFHaetpNpTBiX8+qI=
-----END CERTIFICATE-----