Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb59db15-f3c8-4aa2-aa20-0876f63064bf.roa
File:                     cb59db15-f3c8-4aa2-aa20-0876f63064bf.roa (raw, json)
Hash identifier:          m+N8GQo6rUVV+gUCz3NPURJrmDCX8HtpqOI9gpw2L9g=
Subject key identifier:   C3:4E:62:A4:49:4C:08:B0:CB:53:44:31:19:57:46:13:2A:72:79:E2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       70E469DE9299F81C61D2046E00723F8A9EA38616
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb59db15-f3c8-4aa2-aa20-0876f63064bf.roa
Signing time:             Mon 20 Oct 2025 02:31:46 +0000
ROA not before:           Mon 20 Oct 2025 02:31:46 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.157.68.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:e4:69:de:92:99:f8:1c:61:d2:04:6e:00:72:3f:8a:9e:a3:86:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 02:31:46 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=602f34044007487c89d6f528de0c8f9817778e852ce436fe3b369e220ad5788a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:d5:89:ec:35:55:03:23:a8:76:87:42:23:8b:
                    04:de:f3:40:cb:1c:e7:8e:52:be:3e:ba:a2:03:00:
                    40:8c:c6:c8:e9:66:e5:10:8b:81:56:93:86:6a:83:
                    ec:cd:c5:89:0a:10:1d:00:b2:f2:c3:c5:73:bc:2e:
                    65:d2:bc:1e:e7:8d:45:68:b4:44:01:42:59:a6:4e:
                    ce:e1:ed:52:ad:3d:30:10:dd:f5:47:76:68:01:f2:
                    7c:19:59:ba:0a:c3:92:9f:63:59:ec:24:81:7f:e4:
                    03:4a:eb:e2:72:46:c5:51:d8:f4:fe:b0:8b:a6:a0:
                    0f:f9:c8:13:eb:e3:20:dd:09:7c:f0:a1:9e:42:93:
                    6f:e5:3a:bc:e4:fe:b6:73:27:9b:38:25:d8:b2:fa:
                    74:ea:98:83:de:ab:c7:e9:22:8a:14:4d:7f:74:fd:
                    a8:a4:b5:94:a4:48:85:a2:32:3f:f3:ae:f6:7c:8e:
                    d7:76:63:03:e3:27:a9:77:a2:0c:d3:a6:52:26:36:
                    2c:9a:10:93:61:be:9a:81:99:ee:32:d5:99:50:18:
                    06:c5:35:1e:c4:9e:fd:50:6f:94:43:18:7e:0e:e5:
                    5c:a0:21:06:d6:a7:a0:35:40:45:83:f3:f6:3e:fc:
                    c7:98:65:dd:0f:ca:be:c7:48:8c:b9:b8:82:ae:db:
                    cb:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:4E:62:A4:49:4C:08:B0:CB:53:44:31:19:57:46:13:2A:72:79:E2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb59db15-f3c8-4aa2-aa20-0876f63064bf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.157.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:8a:65:84:52:1d:a2:61:20:81:19:15:de:ce:77:72:9d:45:
         5a:3a:bd:c2:eb:51:c6:28:ca:24:50:30:bb:67:d7:a1:f2:b3:
         f9:76:34:21:6c:20:b6:15:14:98:09:a6:23:76:d6:62:10:9d:
         ca:80:e7:97:af:50:19:41:5a:2c:84:84:ef:65:4c:54:fb:86:
         69:ac:8d:fc:99:3a:60:d9:16:33:14:f0:e5:c9:63:24:4c:6f:
         30:bc:e4:c1:cb:8d:2a:ba:e5:86:91:35:f9:53:c1:0a:c4:cc:
         ae:53:e0:d5:40:98:98:80:10:89:a0:7e:26:06:23:8f:7e:76:
         66:10:cf:ab:95:1a:e8:cd:7d:32:49:ce:dd:ee:dc:b1:18:e2:
         4e:01:e3:c0:bf:3f:8b:b7:df:93:e6:51:f8:b4:06:46:84:4e:
         c2:de:0b:2b:72:29:56:aa:52:4d:7c:17:33:ce:e8:ac:15:ab:
         2e:ec:5f:f2:50:1a:2b:22:09:fc:aa:28:3e:a4:f1:96:79:b0:
         c2:dd:e1:ea:88:51:0b:00:a4:7d:f9:2f:d6:c4:a3:de:81:51:
         f1:37:59:85:6d:24:33:ef:a6:be:8e:0d:74:65:5e:aa:f6:7a:
         fc:83:3b:66:5b:6f:ac:dc:82:7e:43:1c:35:98:7d:0b:aa:93:
         7c:23:e2:ec
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcORp3pKZ+Bxh0gRuAHI/ip6jhhYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDIzMTQ2WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MDJmMzQwNDQwMDc0ODdjODlkNmY1MjhkZTBjOGY5ODE3
Nzc4ZTg1MmNlNDM2ZmUzYjM2OWUyMjBhZDU3ODhhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDe1YnsNVUDI6h2h0IjiwTe80DLHOeOUr4+uqIDAECMxsjp
ZuUQi4FWk4Zqg+zNxYkKEB0AsvLDxXO8LmXSvB7njUVotEQBQlmmTs7h7VKtPTAQ
3fVHdmgB8nwZWboKw5KfY1nsJIF/5ANK6+JyRsVR2PT+sIumoA/5yBPr4yDdCXzw
oZ5Ck2/lOrzk/rZzJ5s4Jdiy+nTqmIPeq8fpIooUTX90/aiktZSkSIWiMj/zrvZ8
jtd2YwPjJ6l3ogzTplImNiyaEJNhvpqBme4y1ZlQGAbFNR7Env1Qb5RDGH4O5Vyg
IQbWp6A1QEWD8/Y+/MeYZd0Pyr7HSIy5uIKu28u3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUw05ipElMCLDLU0QxGVdGEypyeeIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NiNTlkYjE1LWYzYzgtNGFhMi1hYTIwLTA4NzZmNjMwNjRiZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFsnUQwDQYJKoZIhvcNAQELBQADggEBACGKZYRSHaJhIIEZFd7Od3KdRVo6
vcLrUcYoyiRQMLtn16Hys/l2NCFsILYVFJgJpiN21mIQncqA55evUBlBWiyEhO9l
TFT7hmmsjfyZOmDZFjMU8OXJYyRMbzC85MHLjSq65YaRNflTwQrEzK5T4NVAmJiA
EImgfiYGI49+dmYQz6uVGujNfTJJzt3u3LEY4k4B48C/P4u335PmUfi0BkaETsLe
CytyKVaqUk18FzPO6KwVqy7sX/JQGisiCfyqKD6k8ZZ5sMLd4eqIUQsApH35L9bE
o96BUfE3WYVtJDPvpr6ODXRlXqr2evyDO2Zbb6zcgn5DHDWYfQuqk3wj4uw=
-----END CERTIFICATE-----