Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d58602de-fe6b-4b2e-af9d-522ec3eef440.roa
File:                     d58602de-fe6b-4b2e-af9d-522ec3eef440.roa (raw, json)
Hash identifier:          Tl/FOKHC19VI7qiyCa3vOHZ6aemuyUD5IIxwr/Odi5E=
Subject key identifier:   F9:A7:EC:9B:9B:88:44:1B:DD:49:3E:1E:87:7B:29:5C:B2:F8:26:E2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0E348C87C3D369294DB33761327BD37FCD38CF50
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d58602de-fe6b-4b2e-af9d-522ec3eef440.roa
Signing time:             Mon 20 Oct 2025 04:40:04 +0000
ROA not before:           Mon 20 Oct 2025 04:40:04 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.156.12.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:34:8c:87:c3:d3:69:29:4d:b3:37:61:32:7b:d3:7f:cd:38:cf:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 20 04:40:04 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=89438b5d1920d16d53e2a3b97f02f64ae664127a6923c14d47c06f7cc28cd346, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:76:02:8f:09:ef:23:75:67:35:1e:b2:ee:5e:
                    9a:3c:8d:d7:12:a8:43:5b:c1:8b:ec:fc:0f:0d:3e:
                    c4:d1:5c:8d:f2:7f:92:55:7f:3c:85:34:16:15:77:
                    8d:be:4e:9e:ab:21:b9:8e:ff:13:d9:16:a1:b9:7e:
                    f4:44:29:67:fa:b0:ac:58:c7:c2:b2:0d:e3:a9:fd:
                    eb:73:2c:a4:7b:bf:e5:70:5e:96:17:e6:b6:d7:11:
                    cd:c3:68:5e:81:27:de:74:0b:08:e0:24:5b:a0:7d:
                    03:06:e8:af:80:6b:4a:97:81:6b:e6:aa:5c:9f:20:
                    4f:97:58:b3:6c:55:01:99:eb:b9:1e:e0:f9:28:58:
                    c9:6c:a8:5c:63:f0:0b:6c:d0:83:b3:26:b6:63:f2:
                    45:d1:4b:a4:9a:45:98:bd:73:fc:c6:d2:84:a6:f9:
                    b7:45:bf:d5:5f:51:e6:94:27:8b:4b:72:d0:6e:14:
                    63:44:18:a7:a1:7c:83:b0:f3:be:37:c1:e9:16:a2:
                    10:a9:0e:a1:90:aa:68:cd:78:2f:57:97:f9:f7:f7:
                    7f:e1:cc:da:16:b9:06:0d:b1:b2:54:01:f9:cb:06:
                    f6:2c:9b:d7:d5:c2:bb:06:9b:3d:43:df:01:3c:6f:
                    29:39:e5:f7:a1:c7:0f:f5:a6:3c:e9:4b:04:09:0a:
                    56:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:A7:EC:9B:9B:88:44:1B:DD:49:3E:1E:87:7B:29:5C:B2:F8:26:E2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d58602de-fe6b-4b2e-af9d-522ec3eef440.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.156.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:5a:28:a9:9d:a7:a1:98:f4:f1:11:7c:ed:07:34:4a:fe:ca:
         c7:f9:df:b4:34:db:eb:c8:aa:56:ae:68:c5:cb:1a:d4:4d:8e:
         62:58:e2:97:c8:83:6d:e7:35:1f:b2:4d:f1:97:f4:89:58:e7:
         cc:7e:40:75:f7:73:26:0a:41:36:f8:75:0c:ce:06:61:d9:53:
         15:26:da:75:61:cc:0d:4a:a7:8b:fe:94:43:18:e0:ab:f9:9e:
         41:a9:b0:a6:56:cb:2c:c1:81:4d:cd:a1:16:f0:a9:1b:32:f4:
         16:ad:e4:5c:9f:db:ad:c4:c1:eb:4d:0b:f4:23:a9:3f:90:ab:
         3a:19:7d:43:6f:a9:6f:a4:99:8a:d9:a1:ea:97:14:68:18:96:
         d3:52:9c:57:75:b1:a8:69:38:9e:17:6b:a8:62:fa:53:46:11:
         5f:da:67:5c:17:fd:70:81:59:15:79:dd:06:31:59:da:42:36:
         ce:6f:67:ab:a6:ec:09:ea:89:04:ed:2f:fe:b7:25:5a:72:e8:
         f0:43:b9:ba:26:99:40:8c:d6:97:96:87:43:cc:91:1f:1d:60:
         9f:5b:cd:51:e1:ed:72:1f:86:d7:07:ef:4e:67:e0:f2:36:67:
         cb:48:c9:01:0d:a8:48:62:99:be:b9:e5:20:2a:d1:4a:56:59:
         c3:35:b6:7e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDjSMh8PTaSlNszdhMnvTf804z1AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDIwMDQ0MDA0WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A4OTQzOGI1ZDE5MjBkMTZkNTNlMmEzYjk3ZjAyZjY0YWU2
NjQxMjdhNjkyM2MxNGQ0N2MwNmY3Y2MyOGNkMzQ2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDodgKPCe8jdWc1HrLuXpo8jdcSqENbwYvs/A8NPsTRXI3y
f5JVfzyFNBYVd42+Tp6rIbmO/xPZFqG5fvREKWf6sKxYx8KyDeOp/etzLKR7v+Vw
XpYX5rbXEc3DaF6BJ950CwjgJFugfQMG6K+Aa0qXgWvmqlyfIE+XWLNsVQGZ67ke
4PkoWMlsqFxj8Ats0IOzJrZj8kXRS6SaRZi9c/zG0oSm+bdFv9VfUeaUJ4tLctBu
FGNEGKehfIOw8743wekWohCpDqGQqmjNeC9Xl/n393/hzNoWuQYNsbJUAfnLBvYs
m9fVwrsGmz1D3wE8byk55fehxw/1pjzpSwQJClazAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+afsm5uIRBvdST4eh3spXLL4JuIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q1ODYwMmRlLWZlNmItNGIyZS1hZjlkLTUyMmVjM2VlZjQ0MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJsnAwwDQYJKoZIhvcNAQELBQADggEBAHdaKKmdp6GY9PERfO0HNEr+ysf5
37Q02+vIqlauaMXLGtRNjmJY4pfIg23nNR+yTfGX9IlY58x+QHX3cyYKQTb4dQzO
BmHZUxUm2nVhzA1Kp4v+lEMY4Kv5nkGpsKZWyyzBgU3NoRbwqRsy9Bat5Fyf263E
wetNC/QjqT+QqzoZfUNvqW+kmYrZoeqXFGgYltNSnFd1sahpOJ4Xa6hi+lNGEV/a
Z1wX/XCBWRV53QYxWdpCNs5vZ6um7AnqiQTtL/63JVpy6PBDubommUCM1peWh0PM
kR8dYJ9bzVHh7XIfhtcH705n4PI2Z8tIyQENqEhimb655SAq0UpWWcM1tn4=
-----END CERTIFICATE-----