Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c5f38c66-e430-4ba7-89f2-b767e3fbab08.roa
File:                     c5f38c66-e430-4ba7-89f2-b767e3fbab08.roa (raw, json)
Hash identifier:          Yn0r48j4NhrCtr+zCg3r05gUVPOg4ilcndTmVWqw+qU=
Subject key identifier:   B8:4A:33:81:75:CE:2E:D1:EE:01:97:32:D6:3E:81:27:CB:E1:B5:3D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4C16C34BDD8E30BD6CEED0746F8898A59EEC56A5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c5f38c66-e430-4ba7-89f2-b767e3fbab08.roa
Signing time:             Mon 20 Oct 2025 05:11:28 +0000
ROA not before:           Mon 20 Oct 2025 05:11:28 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.156.122.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:16:c3:4b:dd:8e:30:bd:6c:ee:d0:74:6f:88:98:a5:9e:ec:56:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 05:11:28 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=b26403e94c74d1ee9997162ae4ff13c33b1e4d6518504b7a395c99f61f1a5ec6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:da:4f:06:36:ec:3c:ad:e9:77:98:b6:43:8a:
                    84:d8:b3:6d:df:0d:7b:e2:5c:08:25:c8:db:58:4e:
                    07:ae:67:00:04:55:0d:50:a8:49:97:74:37:7f:16:
                    e5:b6:19:4e:f3:98:9b:d4:ad:9e:bb:bd:38:4b:8e:
                    83:af:83:e9:39:30:b5:3e:3d:68:b8:84:c2:16:95:
                    05:b9:73:46:92:90:74:af:c1:a6:ba:3e:01:c2:12:
                    f8:de:e1:16:bb:df:52:75:62:01:f9:57:ff:80:a4:
                    ef:81:f1:fe:9f:6c:e9:bf:f9:8e:78:83:4c:a6:54:
                    eb:d3:3c:67:98:38:83:f7:c0:c5:b9:fa:cb:7d:b4:
                    55:63:be:e6:a1:a6:c7:32:d6:ac:3f:bb:0f:08:a9:
                    c3:35:e9:2c:58:df:ed:92:dc:93:44:de:a5:54:1a:
                    61:b7:f0:3a:a7:c7:73:1d:84:be:6e:5f:89:86:1a:
                    23:fb:70:ba:5c:76:a2:1e:2c:1c:29:35:57:73:44:
                    17:1d:d3:00:c6:aa:52:e8:18:75:da:ff:ce:b8:ee:
                    d0:99:74:ad:69:07:6d:32:2d:83:77:05:fc:cd:92:
                    e2:9d:ae:70:95:91:50:7b:0f:87:b0:21:20:d5:c8:
                    d2:98:11:4e:13:97:5e:42:3b:6c:d6:d0:bc:6a:18:
                    e1:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:4A:33:81:75:CE:2E:D1:EE:01:97:32:D6:3E:81:27:CB:E1:B5:3D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c5f38c66-e430-4ba7-89f2-b767e3fbab08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.156.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:15:2c:9c:75:d5:d1:4a:cd:a6:0b:9d:ca:5d:9d:25:b5:59:
         30:d9:3a:17:61:68:9c:06:7a:a2:cb:8f:0a:23:59:bb:6c:4f:
         d9:ad:04:d1:bf:ab:1b:bb:66:da:e3:3a:d1:7b:f1:3a:c7:f6:
         da:5b:13:0b:12:5f:74:ca:4d:74:68:c2:d6:f7:76:e7:50:19:
         f2:bd:aa:cf:87:71:de:51:e2:f4:9b:ef:31:f7:94:fc:f0:3f:
         a4:a2:e9:d3:a1:9f:8f:b4:b0:d7:a5:21:89:ba:8c:4d:12:bb:
         fa:27:aa:96:6f:c2:d2:e3:0e:aa:30:d7:ac:ad:cc:93:5b:94:
         65:63:1b:81:5e:25:51:77:67:a2:aa:7d:c0:2e:12:4f:b7:f5:
         8d:7f:d0:16:58:aa:6f:db:46:71:39:37:82:45:60:98:d8:17:
         1b:6c:f2:66:85:4f:18:43:5d:49:88:8b:06:dd:f3:82:c3:07:
         d8:5f:68:99:64:1a:68:2e:7c:4d:d8:73:42:98:42:01:31:14:
         be:97:35:e3:d2:5d:b2:cf:8b:bc:79:5f:64:5f:97:2e:16:01:
         fd:ce:5b:97:ad:63:8b:19:b0:5a:3a:66:83:5f:44:82:4b:88:
         77:79:a1:d3:f0:d5:43:f4:90:c4:15:36:f9:0f:89:c2:68:be:
         00:c6:3e:91
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTBbDS92OML1s7tB0b4iYpZ7sVqUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDUxMTI4WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMjY0MDNlOTRjNzRkMWVlOTk5NzE2MmFlNGZmMTNjMzNi
MWU0ZDY1MTg1MDRiN2EzOTVjOTlmNjFmMWE1ZWM2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCs2k8GNuw8rel3mLZDioTYs23fDXviXAglyNtYTgeuZwAE
VQ1QqEmXdDd/FuW2GU7zmJvUrZ67vThLjoOvg+k5MLU+PWi4hMIWlQW5c0aSkHSv
waa6PgHCEvje4Ra731J1YgH5V/+ApO+B8f6fbOm/+Y54g0ymVOvTPGeYOIP3wMW5
+st9tFVjvuahpscy1qw/uw8IqcM16SxY3+2S3JNE3qVUGmG38Dqnx3MdhL5uX4mG
GiP7cLpcdqIeLBwpNVdzRBcd0wDGqlLoGHXa/8647tCZdK1pB20yLYN3BfzNkuKd
rnCVkVB7D4ewISDVyNKYEU4Tl15CO2zW0LxqGOFdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuEozgXXOLtHuAZcy1j6BJ8vhtT0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M1ZjM4YzY2LWU0MzAtNGJhNy04OWYyLWI3NjdlM2ZiYWIwOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsnHowDQYJKoZIhvcNAQELBQADggEBAEYVLJx11dFKzaYLncpdnSW1WTDZ
OhdhaJwGeqLLjwojWbtsT9mtBNG/qxu7ZtrjOtF78TrH9tpbEwsSX3TKTXRowtb3
dudQGfK9qs+Hcd5R4vSb7zH3lPzwP6Si6dOhn4+0sNelIYm6jE0Su/onqpZvwtLj
Dqow16ytzJNblGVjG4FeJVF3Z6KqfcAuEk+39Y1/0BZYqm/bRnE5N4JFYJjYFxts
8maFTxhDXUmIiwbd84LDB9hfaJlkGmgufE3Yc0KYQgExFL6XNePSXbLPi7x5X2Rf
ly4WAf3OW5etY4sZsFo6ZoNfRIJLiHd5odPw1UP0kMQVNvkPicJovgDGPpE=
-----END CERTIFICATE-----