Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d277be19-c7c9-4703-a540-8bf840363383.roa
File:                     d277be19-c7c9-4703-a540-8bf840363383.roa (raw, json)
Hash identifier:          mrofXzinD06HoQq4MTtaF7QzY0cgD42qATFdGJBonE4=
Subject key identifier:   FC:01:4B:D9:51:0F:14:40:76:E5:6E:FE:F4:17:A3:A4:5A:FF:8E:71
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5F330E7A87EF466B606361AE3BBC44E21D3C0648
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d277be19-c7c9-4703-a540-8bf840363383.roa
Signing time:             Mon 20 Oct 2025 02:21:34 +0000
ROA not before:           Mon 20 Oct 2025 02:21:34 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.159.155.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:33:0e:7a:87:ef:46:6b:60:63:61:ae:3b:bc:44:e2:1d:3c:06:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 02:21:34 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=456c84a89cc442074498a171299771e24de3fc8801b5543109e3bfeff6171ad4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:93:82:c0:02:f0:5f:01:aa:37:bb:56:38:a3:
                    62:be:38:e3:a8:2e:66:d6:b7:a0:12:56:58:af:4d:
                    8d:db:70:f0:68:d4:55:35:d6:7d:b1:22:2a:8c:f6:
                    1e:d1:78:62:86:36:0b:49:13:57:4d:dc:f7:65:e1:
                    1b:e8:4d:d4:8c:b2:a5:6a:d0:ec:25:24:c2:af:47:
                    61:fc:03:f1:6b:47:c5:7d:01:d1:97:9a:4c:17:69:
                    c4:a8:db:7c:cc:97:cf:a1:75:61:fd:93:67:ac:cb:
                    b9:8e:d7:99:82:9c:55:7e:fd:dd:90:b1:24:97:e8:
                    81:ec:3d:ed:f3:7f:ff:13:ab:fb:fb:d4:ff:0f:98:
                    16:e4:c5:96:fc:bf:30:ee:3f:be:fd:7f:27:4f:65:
                    3f:5e:3c:f6:a4:c0:e7:40:6b:37:a1:f2:5d:3b:81:
                    6f:c7:99:cd:fb:fc:ce:c2:c0:c4:ac:f3:8e:10:ad:
                    76:4d:b1:5a:ca:4e:c8:a6:fa:20:cb:eb:f5:e2:0e:
                    15:a7:9f:36:40:55:c6:0d:10:19:10:03:90:de:c9:
                    fb:3e:d5:86:98:e4:2c:59:70:f2:fc:28:45:39:81:
                    c5:5b:55:04:b4:24:10:0d:47:15:3d:73:1c:38:09:
                    11:21:79:dc:9a:9f:8f:89:36:56:6c:50:2e:77:49:
                    af:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:01:4B:D9:51:0F:14:40:76:E5:6E:FE:F4:17:A3:A4:5A:FF:8E:71
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d277be19-c7c9-4703-a540-8bf840363383.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.159.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:0e:e7:a4:cd:eb:dd:37:fb:c8:76:60:50:9e:fa:1b:75:93:
         50:ab:d3:8b:4f:c9:62:3f:34:58:51:70:e9:7d:a6:e0:b0:cf:
         3f:ec:a1:47:48:bc:21:11:94:ee:8e:e9:86:5f:f3:c9:df:27:
         fd:2c:31:17:66:1b:8d:91:af:36:03:b5:ef:a2:be:c6:78:10:
         f4:42:65:59:13:56:57:2d:d0:48:3d:3e:1e:66:c3:44:fb:d0:
         a7:dd:ff:e6:a0:1c:ac:5d:6c:13:51:9d:23:dc:92:e1:97:29:
         31:8f:74:cb:e6:8d:65:ca:61:b9:31:8e:16:11:e9:b9:7a:1c:
         3c:38:32:1b:66:63:2e:83:be:1b:d5:80:26:74:5f:1c:81:67:
         6b:72:2e:92:13:d9:28:18:60:3d:4d:b4:a7:b0:d1:73:92:1d:
         8a:07:40:a1:f1:ab:51:c7:cb:43:e9:65:23:ae:c9:8d:d6:24:
         1d:d2:72:bb:0b:8b:92:a4:dc:d6:7c:50:84:16:fa:e7:b5:8d:
         b0:be:2d:0e:9d:89:13:57:16:98:76:34:67:1d:dc:f6:7c:3a:
         a7:f6:2a:f1:ff:85:4e:ec:01:f0:13:2b:14:be:ef:0c:56:e0:
         c5:2a:be:90:30:1f:91:d2:d8:73:69:88:0d:88:8a:61:4e:ba:
         ca:ec:38:94
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXzMOeofvRmtgY2GuO7xE4h08BkgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDIyMTM0WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NTZjODRhODljYzQ0MjA3NDQ5OGExNzEyOTk3NzFlMjRk
ZTNmYzg4MDFiNTU0MzEwOWUzYmZlZmY2MTcxYWQ0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEk4LAAvBfAao3u1Y4o2K+OOOoLmbWt6ASVlivTY3bcPBo
1FU11n2xIiqM9h7ReGKGNgtJE1dN3Pdl4RvoTdSMsqVq0OwlJMKvR2H8A/FrR8V9
AdGXmkwXacSo23zMl8+hdWH9k2esy7mO15mCnFV+/d2QsSSX6IHsPe3zf/8Tq/v7
1P8PmBbkxZb8vzDuP779fydPZT9ePPakwOdAazeh8l07gW/Hmc37/M7CwMSs844Q
rXZNsVrKTsim+iDL6/XiDhWnnzZAVcYNEBkQA5Deyfs+1YaY5CxZcPL8KEU5gcVb
VQS0JBANRxU9cxw4CREhedyan4+JNlZsUC53Sa+rAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/AFL2VEPFEB25W7+9BejpFr/jnEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QyNzdiZTE5LWM3YzktNDcwMy1hNTQwLThiZjg0MDM2MzM4My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABsn5swDQYJKoZIhvcNAQELBQADggEBABAO56TN6903+8h2YFCe+ht1k1Cr
04tPyWI/NFhRcOl9puCwzz/soUdIvCERlO6O6YZf88nfJ/0sMRdmG42RrzYDte+i
vsZ4EPRCZVkTVlct0Eg9Ph5mw0T70Kfd/+agHKxdbBNRnSPckuGXKTGPdMvmjWXK
YbkxjhYR6bl6HDw4MhtmYy6DvhvVgCZ0XxyBZ2tyLpIT2SgYYD1NtKew0XOSHYoH
QKHxq1HHy0PpZSOuyY3WJB3ScrsLi5Kk3NZ8UIQW+ue1jbC+LQ6diRNXFph2NGcd
3PZ8Oqf2KvH/hU7sAfATKxS+7wxW4MUqvpAwH5HS2HNpiA2IimFOusrsOJQ=
-----END CERTIFICATE-----